urlscan.io logo urlscan.io
SecurityTrails logo

www.zdnet.com Open in urlscan Pro
2.18.233.143  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://1105data.com/portal/wts/ugmcmQek%7CBaqEd6ckEe6r%7CvS4-a
Effective URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Submission: On July 22 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 64 IPs in 5 countries across 51 domains to perform 229 HTTP transactions. The main IP is 2.18.233.143, located in European Union and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.zdnet.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on June 25th 2018. Valid for: a year.
This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 205.162.46.68 53866 (QTS-AS)
11 2.18.233.143 16625 (AKAMAI-AS)
32 2.18.233.149 16625 (AKAMAI-AS)
6 104.111.244.243 16625 (AKAMAI-AS)
6 104.108.48.32 16625 (AKAMAI-AS)
3 2.18.234.21 16625 (AKAMAI-AS)
1 13.32.222.102 16509 (AMAZON-02)
3 34.198.36.32 14618 (AMAZON-AES)
15 68.232.35.180 15133 (EDGECAST)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
5 2400:cb00:204... 13335 (CLOUDFLAR...)
4 2400:cb00:204... 13335 (CLOUDFLAR...)
2 5 34.250.87.211 16509 (AMAZON-02)
5 64.30.224.172 6623 (CBSI-1)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
3 104.111.240.158 16625 (AKAMAI-AS)
1 2600:9000:200... 16509 (AMAZON-02)
1 54.175.190.102 14618 (AMAZON-AES)
1 52.34.176.154 16509 (AMAZON-02)
2 2 104.108.51.30 16625 (AKAMAI-AS)
3 34.249.37.235 16509 (AMAZON-02)
2 2 52.206.152.90 14618 (AMAZON-AES)
2 2 2.18.233.201 16625 (AKAMAI-AS)
2 2 34.249.136.192 16509 (AMAZON-02)
2 3 18.184.225.117 16509 (AMAZON-02)
1 4 34.214.245.56 16509 (AMAZON-02)
1 54.201.217.203 16509 (AMAZON-02)
1 7 2a00:1450:400... 15169 (GOOGLE)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
12 172.217.22.98 15169 (GOOGLE)
2 52.18.183.216 16509 (AMAZON-02)
1 52.16.89.247 16509 (AMAZON-02)
3 63.140.43.37 15224 (OMNITURE)
3 23.111.9.30 54104 (AS-STACKPATH)
2 23.111.11.222 54104 (AS-STACKPATH)
4 37.252.172.39 29990 (ASN-APPNEXUS)
1 37.252.172.42 29990 (ASN-APPNEXUS)
1 4 66.117.28.68 15224 (OMNITURE)
1 52.17.182.129 16509 (AMAZON-02)
14 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 2a05:f500:10:... 14413 (LINKEDIN)
1 3 104.111.214.103 16625 (AKAMAI-AS)
1 104.111.228.222 16625 (AKAMAI-AS)
1 2 138.108.96.100 16477 (ACNIELSEN-AS)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 2 66.117.28.86 15224 (OMNITURE)
1 1 216.58.208.34 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.12.134 54113 (FASTLY)
1 1 216.58.206.2 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1288:110... 34010 (YAHOO-IRD)
2 2a03:2880:f12... 32934 (FACEBOOK)
2 151.101.112.134 54113 (FASTLY)
1 52.209.124.253 16509 (AMAZON-02)
4 54.192.94.10 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2400:cb00:204... 13335 (CLOUDFLAR...)
1 151.101.0.134 54113 (FASTLY)
16 2.18.235.40 16625 (AKAMAI-AS)
8 2a00:1450:400... 15169 (GOOGLE)
1 205.185.216.10 20446 (HIGHWINDS3)
2 205.185.216.42 20446 (HIGHWINDS3)
1 54.192.94.184 16509 (AMAZON-02)
1 151.101.64.134 54113 (FASTLY)
1 52.48.254.224 16509 (AMAZON-02)
4 54.85.214.46 14618 (AMAZON-AES)
1 52.5.158.155 14618 (AMAZON-AES)
1 52.5.188.239 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
229 64
1    205.162.46.68 (Northbrook, United States)

ASN53866 (QTS-AS - Omeda Communications, US)
PTR: mailsrv4668.o-mx.com
1105data.com
11    2.18.233.143 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-143.deploy.static.akamaitechnologies.com
www.zdnet.com
vidtech.cbsinteractive.com
rev.cbsi.com
32    2.18.233.149 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-149.deploy.static.akamaitechnologies.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
zdnet1.cbsistatic.com
6    104.111.244.243 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-244-243.deploy.static.akamaitechnologies.com
c.evidon.com
6    104.108.48.32 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-48-32.deploy.static.akamaitechnologies.com
c.go-mpulse.net
36c3f470.akstat.io
3    2.18.234.21 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
as-sec.casalemedia.com
1    13.32.222.102 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-222-102.fra56.r.cloudfront.net
native.sharethrough.com
3    34.198.36.32 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-198-36-32.compute-1.amazonaws.com
l.betrad.com
15    68.232.35.180 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
tags.tiqcdn.com
1    2a02:26f0:6c00::210:ba61 (European Union)

ASN20940 (AKAMAI-ASN1, US)
iicbsi-a.akamaihd.net
5    2400:cb00:2048:1::6810:a40d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.viglink.com
4    2400:cb00:2048:1::6810:4fa5 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.lightboxcdn.com
5    34.250.87.211 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-250-87-211.eu-west-1.compute.amazonaws.com
ml314.com
5    64.30.224.172 (Fort Lauderdale, United States)

ASN6623 (CBSI-1 - CBS Interactive Inc., US)
PTR: phx1-dw-cbsi-xw-lb.cnet.com
dw.cbsi.com
2    2400:cb00:2048:1::6819:a322 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tru.am
3    104.111.240.158 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-240-158.deploy.static.akamaitechnologies.com
www.everestjs.net
1    2600:9000:200c:8200:15:efbc:e300:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
js.agkn.com
1    54.175.190.102 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-175-190-102.compute-1.amazonaws.com
in.ml314.com
1    52.34.176.154 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-34-176-154.us-west-2.compute.amazonaws.com
d.agkn.com
2    104.108.51.30 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-51-30.deploy.static.akamaitechnologies.com
tags.bluekai.com
stags.bluekai.com
3    34.249.37.235 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-249-37-235.eu-west-1.compute.amazonaws.com
ml314.com
2    52.206.152.90 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-206-152-90.compute-1.amazonaws.com
idsync.rlcdn.com
2    2.18.233.201 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
2    34.249.136.192 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-249-136-192.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
3    18.184.225.117 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-184-225-117.eu-central-1.compute.amazonaws.com
ps.eyeota.net
4    34.214.245.56 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-214-245-56.us-west-2.compute.amazonaws.com
dpm.demdex.net
1    54.201.217.203 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-201-217-203.us-west-2.compute.amazonaws.com
dpm.demdex.net
7    2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
adservice.google.de
adservice.google.com
googleads.g.doubleclick.net
1    2400:cb00:2048:1::6819:a222 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
beacon.tru.am
12    172.217.22.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net
securepubads.g.doubleclick.net
2    52.18.183.216 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
api.viglink.com
1    52.16.89.247 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-16-89-247.eu-west-1.compute.amazonaws.com
cbsi.demdex.net
3    63.140.43.37 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: cbsi.com.ssl.sc.omtrdc.net
saa.cbsi.com
3    23.111.9.30 (Phoenix, United States)

ASN54104 (AS-STACKPATH - netDNA, US)
asset.pagefair.com
2    23.111.11.222 (Phoenix, United States)

ASN54104 (AS-STACKPATH - netDNA, US)
asset.pagefair.net
4    37.252.172.39 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    37.252.172.42 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 247.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
4    66.117.28.68 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
pixel.everesttech.net
1    52.17.182.129 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-182-129.eu-west-1.compute.amazonaws.com
cbsi.demdex.net
14    2a00:1450:4001:814::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
1    2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
graph.facebook.com
1    2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
www.linkedin.com
3    104.111.214.103 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-214-103.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    104.111.228.222 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-228-222.deploy.static.akamaitechnologies.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
2    138.108.96.100 (Schaumburg, United States)

ASN16477 (ACNIELSEN-AS - ACNIELSEN, US)
secure-us.imrworldwide.com
2    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
2    66.117.28.86 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net
1    216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f34.1e100.net
cm.g.doubleclick.net
2    2a00:1450:4001:81d::2006 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
s0.2mdn.net
1    151.101.12.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
zdnet-1.disqus.com
1    216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:814::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:400f:80d::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
1    2a00:1288:110:422::3000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
ad.yieldmanager.com
2    2a03:2880:f12d:86:face:b00c:0:50fb (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
2    151.101.112.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
zdnet-1.disqus.com
1    52.209.124.253 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-209-124-253.eu-west-1.compute.amazonaws.com
stats.pagefair.com
4    54.192.94.10 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-94-10.fra2.r.cloudfront.net
cdn-gl.imrworldwide.com
1    2a00:1450:4001:81d::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
imasdk.googleapis.com
3    2400:cb00:2048:1::6810:4ca6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
c.disquscdn.com
1    151.101.0.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
disqus.com
16    2.18.235.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
cbsdfp5832910442.s.moatpixel.com
8    2a00:1450:4001:814::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
1    205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net
servedby.flashtalking.com
2    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net
cdn.flashtalking.com
1    54.192.94.184 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-94-184.fra2.r.cloudfront.net
cdn-gl.imrworldwide.com
1    151.101.64.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
disqus.com
1    52.48.254.224 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-48-254-224.eu-west-1.compute.amazonaws.com
api.viglink.com
4    54.85.214.46 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-85-214-46.compute-1.amazonaws.com
geo.moatads.com
1    52.5.158.155 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-5-158-155.compute-1.amazonaws.com
geo.moatads.com
1    52.5.188.239 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-5-188-239.compute-1.amazonaws.com
geo.moatads.com
2    2607:f8b0:4004:805::2003 (United States)

ASN15169 (GOOGLE - Google LLC, US)
csi.gstatic.com
Apex Domain
Subdomains		 Transfer
32 cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
zdnet1.cbsistatic.com
601 KB
22 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
170 KB
15 tiqcdn.com
tags.tiqcdn.com
90 KB
14 doubleclick.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
319 KB
12 moatads.com
z.moatads.com
geo.moatads.com
351 KB
10 moatpixel.com
cbsdfp5832910442.s.moatpixel.com
4 KB
9 cbsi.com
dw.cbsi.com
saa.cbsi.com
rev.cbsi.com
15 KB
9 ml314.com
ml314.com
in.ml314.com
15 KB
8 viglink.com
cdn.viglink.com
api.viglink.com
85 KB
7 imrworldwide.com
secure-us.imrworldwide.com
cdn-gl.imrworldwide.com
58 KB
7 demdex.net
dpm.demdex.net
cbsi.demdex.net
6 KB
6 everesttech.net
pixel.everesttech.net
cm.everesttech.net
3 KB
6 evidon.com
c.evidon.com
39 KB
5 disqus.com
zdnet-1.disqus.com
disqus.com
26 KB
5 adnxs.com
secure.adnxs.com
3 KB
5 cbsinteractive.com
vidtech.cbsinteractive.com
299 KB
5 zdnet.com
www.zdnet.com
55 KB
4 pagefair.com
asset.pagefair.com
stats.pagefair.com
7 KB
4 lightboxcdn.com
www.lightboxcdn.com
118 KB
4 go-mpulse.net
c.go-mpulse.net
58 KB
3 flashtalking.com
servedby.flashtalking.com
cdn.flashtalking.com
202 KB
3 disquscdn.com
c.disquscdn.com
191 KB
3 scorecardresearch.com
sb.scorecardresearch.com
1 KB
3 facebook.com
graph.facebook.com
www.facebook.com
1 KB
3 google.com
adservice.google.com
www.google.com
592 B
3 google.de
adservice.google.de
www.google.de
449 B
3 eyeota.net
ps.eyeota.net
854 B
3 everestjs.net
www.everestjs.net
7 KB
3 tru.am
tru.am
beacon.tru.am
16 KB
3 betrad.com
l.betrad.com
360 B
2 gstatic.com
csi.gstatic.com
112 B
2 2mdn.net
s0.2mdn.net
89 KB
2 facebook.net
connect.facebook.net
27 KB
2 casalemedia.com
as-sec.casalemedia.com
1 KB
2 pagefair.net
asset.pagefair.net
1 KB
2 akstat.io
36c3f470.akstat.io
708 B
2 googletagservices.com
www.googletagservices.com
16 KB
2 crwdcntrl.net
sync.crwdcntrl.net
1 KB
2 mathtag.com
pixel.mathtag.com
1 KB
2 rlcdn.com
idsync.rlcdn.com
1 KB
2 bluekai.com
tags.bluekai.com
stags.bluekai.com
1 KB
2 agkn.com
js.agkn.com
d.agkn.com
3 KB
1 googleapis.com
imasdk.googleapis.com
1 yieldmanager.com
ad.yieldmanager.com
1 KB
1 googleadservices.com
www.googleadservices.com
310 B
1 qualtrics.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
12 KB
1 linkedin.com
www.linkedin.com
489 B
1 akamaihd.net
iicbsi-a.akamaihd.net
268 B
1 sharethrough.com
native.sharethrough.com
124 KB
1 indexww.com
js-sec.indexww.com
24 KB
1 1105data.com
1105data.com
203 B
229 51
Domain Requested by
18 zdnet2.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
15 tags.tiqcdn.com zdnet2.cbsistatic.com
tags.tiqcdn.com
14 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.zdnet.com
12 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.zdnet.com
10 cbsdfp5832910442.s.moatpixel.com
8 pagead2.googlesyndication.com securepubads.g.doubleclick.net
www.zdnet.com
8 ml314.com 2 redirects tags.tiqcdn.com
ml314.com
www.zdnet.com
6 geo.moatads.com z.moatads.com
6 z.moatads.com securepubads.g.doubleclick.net
6 c.evidon.com www.zdnet.com
c.evidon.com
6 zdnet3.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
5 cdn-gl.imrworldwide.com vidtech.cbsinteractive.com
cdn-gl.imrworldwide.com
5 secure.adnxs.com js-sec.indexww.com
5 dpm.demdex.net 1 redirects www.zdnet.com
tags.tiqcdn.com
vidtech.cbsinteractive.com
5 zdnet1.cbsistatic.com zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
5 vidtech.cbsinteractive.com zdnet2.cbsistatic.com
vidtech.cbsinteractive.com
5 dw.cbsi.com tags.tiqcdn.com
www.zdnet.com
5 cdn.viglink.com tags.tiqcdn.com
www.zdnet.com
5 www.zdnet.com zdnet3.cbsistatic.com
vidtech.cbsinteractive.com
4 pixel.everesttech.net 1 redirects
4 www.lightboxcdn.com www.zdnet.com
www.lightboxcdn.com
4 c.go-mpulse.net www.zdnet.com
zdnet1.cbsistatic.com
c.go-mpulse.net
3 c.disquscdn.com zdnet-1.disqus.com
3 zdnet-1.disqus.com zdnet2.cbsistatic.com
zdnet-1.disqus.com
3 sb.scorecardresearch.com 1 redirects tags.tiqcdn.com
3 asset.pagefair.com zdnet3.cbsistatic.com
asset.pagefair.com
3 saa.cbsi.com tags.tiqcdn.com
3 api.viglink.com cdn.viglink.com
3 ps.eyeota.net 2 redirects www.zdnet.com
3 www.everestjs.net tags.tiqcdn.com
www.everestjs.net
3 zdnet4.cbsistatic.com zdnet2.cbsistatic.com
3 l.betrad.com www.zdnet.com
2 csi.gstatic.com tpc.googlesyndication.com
2 cdn.flashtalking.com servedby.flashtalking.com
www.zdnet.com
2 disqus.com zdnet-1.disqus.com
2 www.facebook.com connect.facebook.net
2 s0.2mdn.net zdnet2.cbsistatic.com
s0.2mdn.net
2 cm.everesttech.net 2 redirects
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
2 secure-us.imrworldwide.com 1 redirects
2 as-sec.casalemedia.com js-sec.indexww.com
2 asset.pagefair.net zdnet3.cbsistatic.com
2 cbsi.demdex.net tags.tiqcdn.com
2 36c3f470.akstat.io zdnet1.cbsistatic.com
c.go-mpulse.net
2 adservice.google.com www.googletagservices.com
2 adservice.google.de www.googletagservices.com
2 www.googletagservices.com zdnet2.cbsistatic.com
rev.cbsi.com
2 sync.crwdcntrl.net 2 redirects
2 pixel.mathtag.com 2 redirects
2 idsync.rlcdn.com 2 redirects
2 tru.am tags.tiqcdn.com
tru.am
1 rev.cbsi.com www.zdnet.com
1 servedby.flashtalking.com www.zdnet.com
1 imasdk.googleapis.com s0.2mdn.net
1 stats.pagefair.com zdnet3.cbsistatic.com
1 ad.yieldmanager.com
1 www.google.de
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com tags.tiqcdn.com
1 www.linkedin.com zdnet3.cbsistatic.com
1 graph.facebook.com zdnet3.cbsistatic.com
1 beacon.tru.am tru.am
1 stags.bluekai.com 1 redirects
1 tags.bluekai.com 1 redirects
1 d.agkn.com js.agkn.com
1 in.ml314.com ml314.com
1 js.agkn.com tags.tiqcdn.com
1 iicbsi-a.akamaihd.net tags.tiqcdn.com
1 native.sharethrough.com www.zdnet.com
1 js-sec.indexww.com www.zdnet.com
1 1105data.com 1 redirects
229 74
Subject Issuer Validity Valid
www.cbs.com
GeoTrust RSA CA 2018		 2018-06-25 -
2019-06-22		 a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2018-06-21 -
2020-09-16		 2 years crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
www.everestjs.net
DigiCert SHA2 Secure Server CA		 2018-05-21 -
2020-05-28		 2 years crt.sh
ssl516460.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-04-28 -
2018-11-04		 6 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2018-06-19 -
2018-08-28		 2 months crt.sh
tpc.googlesyndication.com
Google Internet Authority G3		 2018-06-19 -
2018-08-28		 2 months crt.sh
*.imrworldwide.com
DigiCert SHA2 Secure Server CA		 2018-02-15 -
2019-07-11		 a year crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2018-03-28 -
2020-04-27		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh

This page contains 22 frames:

Primary Page: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Frame ID: A950BB56C963E59B78BFD298DBD1EE50
Requests: 172 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: A19E4310C9005F5387F0B3B7CEFDA35A
Requests: 2 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1532234966067&lv=1
Frame ID: AE3A730DD999E8A74DEA287525F9854B
Requests: 2 HTTP requests in this frame

Frame: https://d.agkn.com/iframe/8613/?che=89410103&c=%7B%22bpid%22%3A%22cbsinteractive%22%2C%22loc%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
Frame ID: 827066A3C31D0F3EC0F99CFF17A29244
Requests: 1 HTTP requests in this frame

Frame: https://cbsi.demdex.net/dest5.html?d_nsid=undefined
Frame ID: 9E1E3D098ECB8041828F82FF495DFB00
Requests: 1 HTTP requests in this frame

Frame: https://www.everestjs.net/static/pixel_details.html
Frame ID: 982289C467205B82CF22953B88D8EACD
Requests: 1 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=636645237103478653
Frame ID: 640D6C470EA02EC754D61023969D6B1C
Requests: 1 HTTP requests in this frame

Frame: https://cbsi.demdex.net/dest5.html?d_nsid=0
Frame ID: 512220BE25A888BF43C422DB3162BFAD
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.221.0_en.html
Frame ID: 5209F1B40CFB43FB9F72BDB2390B3D97
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Frame ID: 4EEFD14347AFA54AB6DA17ECBA4FC15E
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Frame ID: 88841ED53103633E7B98F8F3F6AFBB56
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: E880F8018DBE273ECE2023D8C06F7F5F
Requests: 1 HTTP requests in this frame

Frame: https://servedby.flashtalking.com/imp/1/94362;3207612;201;js;CBSi;UKCBSiZDNet300x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&cachebuster=463953.6308840011
Frame ID: 922E0918198D3B3E503EB8DDA033BC99
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: 5C60817847D67417BA10FEFDE9334981
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: 82484B7C0454751CD2E3E6678475276E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: 74A1AD7B4120478AF9910E0F7761054E
Requests: 1 HTTP requests in this frame

Frame: https://rev.cbsi.com/common/js/adKit.min.js?2016375484
Frame ID: B53C7AE77302E198D6DD42167DEAEBE6
Requests: 14 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 19708E6038649AD1C8A2ACAA3D0541A2
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=zdnet-1&t_i=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&t_u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&t_e=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse&t_d=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse&t_t=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse&s_o=default
Frame ID: A817D87033EA1F105157650D6EF2F4DE
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: BA6C4042E1E3AE5A42E4D145BEE4749A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Frame ID: 0083C2A8B9F17F186C91216EEB9950FF
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Frame ID: 46857EC235E60CBB20FBD09265D23650
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://1105data.com/portal/wts/ugmcmQek%7CBaqEd6ckEe6r%7CvS4-a HTTP 302
    https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • env /^requirejs$/i
Overall confidence: 100%
Detected patterns
  • env /pbjs/i
Overall confidence: 100%
Detected patterns
  • env /^DISQUS/i
Overall confidence: 100%
Detected patterns
  • script /2mdn\.net/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
  • script /2mdn\.net/i
  • env /^__google_ad_/i
  • env /^Goog_AdSense_/i
Overall confidence: 100%
Detected patterns
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^googletag$/i
Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i
Overall confidence: 100%
Detected patterns
  • env /^optimizely$/i
Overall confidence: 100%
Detected patterns
  • env /^SWFObject$/i
Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

229
Requests

8 %
HTTPS

28 %
IPv6

51
Domains

74
Subdomains

64
IPs

5
Countries

3038 kB
Transfer

10183 kB
Size

28
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://1105data.com/portal/wts/ugmcmQek%7CBaqEd6ckEe6r%7CvS4-a HTTP 302
    https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58
  • https://tags.bluekai.com/site/20486?limit=0&id=5978151431620008567&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=5978151431620008567%26eid=50056 HTTP 302
  • https://stags.bluekai.com/site/20486?dt=0&r=65757859&sig=1251570712&bkca=KJh+pnLvQY9D9BY43zSXj+GeUYvYSsbV1YBOu2uCdgfSZyXzGbtmcev2z+oDBSSTJJQP9aOEPZPKg5gpwDRUVGuL/qM18VZHewzCX0ULP63sp4aW5JmR8fawYISDeIzCdL4UNuz9kellCYmL HTTP 302
  • https://ml314.com/csync.ashx?fp=qLtsuy9999exUaHq&person_id=5978151431620008567&eid=50056
Request Chain 59
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151431620008567 HTTP 302
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151431620008567&redirect=1 HTTP 302
  • https://ml314.com/csync.ashx?fp=b57d3e9e3553b74fa264c99a3ea1cb412b53de6f6aff46538c35ca2128692a89f4cb09cee1a4f8eb&person_id=5978151431620008567&eid=50082
Request Chain 60
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151431620008567%26eid=50220 HTTP 302
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151431620008567%26eid=50220&mm_bnc&mm_bct HTTP 302
  • https://ml314.com/csync.ashx?fp=0a305b54-02f3-4b00-ab32-7b6c67dd00c5&person_id=5978151431620008567&eid=50220
Request Chain 61
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151431620008567 HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151431620008567 HTTP 302
  • https://ml314.com/csync.ashx?fp=547dfebd90ef691575d9dfcb82c57d4a&eid=50146&person_id=5978151431620008567
Request Chain 62
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2UQDOA0jmTf4qmToVMN_KASbhCyEK0d1h_SIjfojaMvo&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil HTTP 302
  • https://ml314.com/csync.ashx?fp=2UQDOA0jmTf4qmToVMN_KASbhCyEK0d1h_SIjfojaMvo&person_id=5978151431620008567&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil HTTP 302
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Request Chain 63
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=5978151431620008567&redir= HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151431620008567&redir=
Request Chain 97
  • https://pixel.everesttech.net/4083/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26optout%3D__EFOPTOUT__%26throttleCookie%3D__EFSYNC__%26time%3D__EFTIME__ HTTP 302
  • https://www.everestjs.net/static/pixel_details.html
Request Chain 119
  • https://sb.scorecardresearch.com/b?c1=2&c2=3005086&ns__t=1532234968004&ns_c=UTF-8&c8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1532234968004&ns_c=UTF-8&c8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&c9=
Request Chain 121
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/&rp=&ts=compact&rnd=1532234968006 HTTP 302
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/&rp=&ts=compact&rnd=1532234968006&ja=1
Request Chain 129
  • https://cm.everesttech.net/cm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=VzFRTTF3QUFCTXR3R3ozMw HTTP 302
  • https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE8sXZyNNXxEbuLOrzT-v-o&google_cver=1 HTTP 302
  • https://pixel.everesttech.net/1x1
Request Chain 135
  • https://www.googleadservices.com/pagead/conversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&guid=ON&script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=2AxUW4X4B5HtgAeVr57wDA&random=897930739&sscte=1&crd=CKrPGw&gsr= HTTP 302
  • https://www.google.com/ads/user-lists/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=897930739&crd=CKrPGw&cdct=2&is_vtc=1&random=1488855558 HTTP 302
  • https://www.google.de/ads/user-lists/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=897930739&crd=CKrPGw&cdct=2&is_vtc=1&random=1488855558&ipr=y&ulfeg=n

229 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Redirect Chain
  • http://1105data.com/portal/wts/ugmcmQek%7CBaqEd6ckEe6r%7CvS4-a
  • https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
192 KB
48 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9ff8ad7ed98b6ec7b3cce11ff52822c56e0d3145b6c596a19d32682ce74d4a44
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.zdnet.com
:scheme
https
:path
/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50

Response headers

status
200
server
nginx
content-type
text/html; charset=UTF-8
set-cookie
fly_device=desktop; expires=Sun, 29-Jul-2018 04:49:25 GMT; path=/; domain=.zdnet.com; secure nemo_highlander-author_focus=author_focus%3a1%3aexclude; expires=Tue, 24 Jul 2018 17:00:00 GMT; path=/; domain=.zdnet.com; secure; fly_default_edition=eu; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Sun, 29-Jul-2018 04:49:25 GMT; path=/; domain=.zdnet.com; secure
x-enable-esi
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, User-Agent
access-control-allow-origin
https://www.zdnet.com
x-frame-options
SAMEORIGIN
content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
expires
Sun, 22 Jul 2018 04:49:56 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-tx-id
2df6b53f-3909-47ac-b490-5295d031630e
content-encoding
gzip
date
Sun, 22 Jul 2018 04:49:25 GMT

Redirect headers

Location
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Content-Length
0
Date
Sun, 22 Jul 2018 04:49:24 GMT
Server
Apache
main-ae68b85369-rev.css
zdnet2.cbsistatic.com/fly/1347-fly/css/core/ 		365 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9e059f8f79614910d0cfc7beddc959777538a16c71ad83509f8b782e34b85c5e

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Thu, 19 Jul 2018 17:29:33 GMT
server
nginx
etag
W/"5b50ca7d-5b3a4"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
67052
expires
Sun, 29 Jul 2018 04:49:25 GMT
dannypalmer-author.jpg
zdnet3.cbsistatic.com/hub/i/r/2016/03/11/8691cddd-cac4-4268-abf4-4051e392aa35/thumbnail/40x40/461dbf406bd95edba75058b11c556066/ 		920 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2016/03/11/8691cddd-cac4-4268-abf4-4051e392aa35/thumbnail/40x40/461dbf406bd95edba75058b11c556066/dannypalmer-author.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e41f9d0fb2d51a0375967a0ef23dac71eabde665b7ad3af7cf65e2f5f0cb784a

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
last-modified
Mon, 16 Oct 2017 07:57:34 GMT
server
nginx
status
200
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
accept-ranges
bytes
timing-allow-origin
*
content-length
920
expires
Thu, 20 Sep 2018 04:49:25 GMT
5b111bf660b2b1e9fc8849a6-1280x7201jun042018115442poster.jpg
zdnet2.cbsistatic.com/hub/i/r/2018/06/04/107b3f3c-ed35-4c5e-a4ef-04e0574c2b77/thumbnail/570x322/a398ccd4f21a96a1de79bcec7a41acc8/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2018/06/04/107b3f3c-ed35-4c5e-a4ef-04e0574c2b77/thumbnail/570x322/a398ccd4f21a96a1de79bcec7a41acc8/5b111bf660b2b1e9fc8849a6-1280x7201jun042018115442poster.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0e32d18839abdb0d3bd1e7bfdaabfd2a6239e236396a69fc152c1531f8c6f262

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Mon, 04 Jun 2018 12:03:22 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
12412
expires
Thu, 20 Sep 2018 04:49:25 GMT
advertisement.js
zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/utils/ 		53 B
230 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/utils/advertisement.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
07b69027231d985f5bdcd4d5a539f120d26003feef6e9dc0a6b77a4b43a9b21f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
last-modified
Wed, 25 Oct 2017 10:01:15 GMT
server
nginx
content-type
application/x-javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
53
expires
Sun, 29 Jul 2018 04:49:25 GMT
require-2.1.2.js
zdnet2.cbsistatic.com/fly/1347-fly/js/libs/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
fb755053f7e8d7f850d9fc4aa6da49c2567e7bd54678ea8c0f9fd69516af81e2

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Thu, 19 Jul 2018 17:29:35 GMT
server
nginx
etag
"5b50ca7f-3f04"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
6171
expires
Sun, 29 Jul 2018 04:49:25 GMT
evidon-sitenotice-tag.js
c.evidon.com/sitenotice/ 		30 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
104.111.244.243 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-244-243.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cfb455fabf46adc1d34ed3f7ebcdd747876d5b65e7b3e67bcd011b437f869dda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Jul 2018 19:28:20 GMT
Server
Apache
ETag
"73a94690b046e8d7c7b14ad270366856:1531337300"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400, private;max-age=300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8139
Expires
Mon, 23 Jul 2018 04:49:25 GMT
country.js
c.evidon.com/geo/ 		260 B
490 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/geo/country.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
104.111.244.243 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-244-243.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 30 May 2018 22:23:16 GMT
Server
Apache
ETag
"c1e367d098d326049811561575dbda4a:1527718996"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
165
snthemes.js
c.evidon.com/sitenotice/425/ 		61 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/425/snthemes.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
104.111.244.243 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-244-243.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8190f953a646f8fd1144f2c5609fc4c7bcf041fde59c2906039baefe5ff465cb

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Jul 2018 19:07:42 GMT
Server
Apache
ETag
"c65f9b44096f0c692d6af5b3654d2097:1532027262"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400, private;max-age=300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3096
Expires
Mon, 23 Jul 2018 04:49:25 GMT
settings.js
c.evidon.com/sitenotice/425/zdnet/ 		18 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/425/zdnet/settings.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
104.111.244.243 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-244-243.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d32e487cce68091fc74d12a4076f14c47d132566aafaff35b64acad1f3e07937

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Tue, 17 Jul 2018 18:19:47 GMT
Server
Apache
ETag
"d4980b589d8cd84adf0a653527b61110:1531851587"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400, private;max-age=300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1626
Expires
Mon, 23 Jul 2018 04:49:25 GMT
truncated
/ 		917 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/jpeg
mag-white01.png
zdnet2.cbsistatic.com/fly/1529513761-fly/bundles/zdnetcss/images/core/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1529513761-fly/bundles/zdnetcss/images/core/mag-white01.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c

Request headers

Referer
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 16:56:01 GMT
server
nginx
etag
W/"5b2a8721-4f1"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
936
expires
Sun, 29 Jul 2018 04:49:25 GMT
Raleway-Bold.woff
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Bold.woff
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a882ed0de2cbc72018357222851d2cdfb8e55ab2e71164d5fef176f67fb51e44

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
Origin
https://www.zdnet.com

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
last-modified
Wed, 25 Oct 2017 10:01:15 GMT
server
nginx
status
200
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=8227628
accept-ranges
bytes
timing-allow-origin
*
content-length
31928
expires
Thu, 25 Oct 2018 10:16:33 GMT
Raleway-Regular.woff
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Regular.woff
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b5c9194053ff64cbd9797b72f1b5f7766a01489df826fa6ad382169dcc0045f5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
Origin
https://www.zdnet.com

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
last-modified
Wed, 25 Oct 2017 10:01:15 GMT
server
nginx
status
200
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=8227556
accept-ranges
bytes
timing-allow-origin
*
content-length
31840
expires
Thu, 25 Oct 2018 10:15:21 GMT
Raleway-Light.woff
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Light.woff
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
122d78976bfc083338ea0bbbee7ede31726a809f7f90752ed08b5f883c0628ce

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
Origin
https://www.zdnet.com

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
last-modified
Wed, 25 Oct 2017 10:01:15 GMT
server
nginx
status
200
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=8227542
accept-ranges
bytes
timing-allow-origin
*
content-length
31720
expires
Thu, 25 Oct 2018 10:15:07 GMT
Raleway-Black.woff
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Black.woff
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1fd9cb1187942e358453708b06ce4c6ece34a1ce3a1d80bd316c34d56e661742

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
Origin
https://www.zdnet.com

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
last-modified
Wed, 25 Oct 2017 10:01:15 GMT
server
nginx
status
200
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=8227647
accept-ranges
bytes
timing-allow-origin
*
content-length
31648
expires
Thu, 25 Oct 2018 10:16:52 GMT
en.js
c.evidon.com/sitenotice/425/translations/ 		661 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/425/translations/en.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
HTTP/1.1
Server
104.111.244.243 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-244-243.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c86eaa4b8bdc723889ae234e1f7bfac8efa8ab14e32662639eb43b63dbd16c4

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Mon, 02 Jul 2018 17:17:13 GMT
Server
Apache
ETag
"acf79a9ba4674eea5dc227e7775b8c3c:1530551833"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400, private;max-age=300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22451
Expires
Mon, 23 Jul 2018 04:49:25 GMT
YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
c.go-mpulse.net/boomerang/ Frame A19E 		187 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
104.108.48.32 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-48-32.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=604800, s-maxage=604800
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Timing-Allow-Origin
*
ls-zdnet.js
js-sec.indexww.com/ht/ 		77 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/ls-zdnet.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ed2c3c51640ce6884fdbe34181ccd48f0208fab69bd793cc25d02abedbfab104

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Sun, 22 Jul 2018 04:10:43 GMT
Server
Apache
ETag
"7616aa-13582-5718eb66d2303"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=1463
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
24010
Expires
Sun, 22 Jul 2018 05:13:48 GMT
sfp.js
native.sharethrough.com/assets/ 		407 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://native.sharethrough.com/assets/sfp.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
13.32.222.102 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-222-102.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b26220c8966d6221f85bdbcfef8df4bce727890ef64ab1e1718edd3ac8dd9fdd

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 20 Jul 2018 16:59:35 GMT
content-encoding
gzip
last-modified
Fri, 20 Jul 2018 16:59:32 GMT
server
AmazonS3
age
2991
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=3600
x-amz-cf-id
kEookhZg2V-ZS_Qr20j4LYDRz1UppcqKXpXezc3kuafXUzKV-G1e_w==
via
1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
expires
Fri, 20 Jul 2018 17:59:31 GMT
evidon-banner.js
c.evidon.com/sitenotice/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-banner.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
HTTP/1.1
Server
104.111.244.243 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-244-243.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e877164adb1c8d6045688b706b5fe85736a8f5e89a1d30367f4c9ec6719f6f60

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Jul 2018 19:28:20 GMT
Server
Apache
ETag
"3a8b09e0dbed95fab807f9952765a605:1531337302"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400, private;max-age=300
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2414
Expires
Mon, 23 Jul 2018 04:49:25 GMT
2
l.betrad.com/site/v3/425/3445/3/1/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/425/3445/3/1/2/2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
34.198.36.32 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-198-36-32.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary
Accept-Encoding
logo.png
zdnet3.cbsistatic.com/fly/1529513761-fly/bundles/zdnetcss/images/core/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/fly/1529513761-fly/bundles/zdnetcss/images/core/logo.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Request headers

Referer
https://zdnet2.cbsistatic.com/fly/1347-fly/css/core/main-ae68b85369-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 16:56:01 GMT
server
nginx
etag
W/"5b2a8721-1009"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
4128
expires
Sun, 29 Jul 2018 04:49:25 GMT
main.default.js
zdnet3.cbsistatic.com/fly/1347-fly/js/ 		204 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4933147c831f2e620e6ef9a801b44dbe632a54191bb4f8560205743fd5a68cd7

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Thu, 19 Jul 2018 17:29:37 GMT
server
nginx
etag
"5b50ca81-32feb"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
68113
expires
Sun, 29 Jul 2018 04:49:25 GMT
18863
l.betrad.com/site/v3/425/3445/3/1/2/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/425/3445/3/1/2/2/18863
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
34.198.36.32 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-198-36-32.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary
Accept-Encoding
18863
l.betrad.com/site/v3/425/3445/3/4/2/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/425/3445/3/4/2/2/18863
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
34.198.36.32 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-198-36-32.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-powered-by
Express
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary
Accept-Encoding
utag.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		93 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/418F) /
Resource Hash
f66b77e9062e31fc65a0e6402c7c504b717f27363d39b7bd74bdc98a89ee41b4

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Mon, 02 Jul 2018 23:25:04 GMT
server
ECS (fcn/418F)
etag
"644548160"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
19453
expires
Sun, 22 Jul 2018 04:54:25 GMT
isInternalUser.js
iicbsi-a.akamaihd.net/common/js/esi/ 		28 B
268 B 		Script
General
Check archive.org
Download Go to
Full URL
https://iicbsi-a.akamaihd.net/common/js/esi/isInternalUser.js?cb=cbsiInternal
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
HTTP/1.1
Server
2a02:26f0:6c00::210:ba61 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
3c599ef176cecdb3de25c6c36bc2945b92c12bcbc2ab03350729f4de296b53b8

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Cache-Control
max-age=167983
Server
Apache
Connection
keep-alive
ETag
"fb25287978f1b619e801f164a2dfd9ea:1473886414"
Content-Length
28
Content-Type
application/x-javascript
vglnk.js
cdn.viglink.com/api/ 		79 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bf6a92a50156df8d8018b0916a7c98b22e9d2201e42c32dcf9d6d7187df8ab0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
39D65B6392DEF1A8
status
200
content-length
27815
x-amz-id-2
afWH7RfDYh6IqjVzYkqatqiiRlp1DRxWB70Hw60WT0w/NNQob8jUbqSKnt60yXnPUwALS5vlziI=
last-modified
Thu, 19 Jul 2018 20:17:17 GMT
server
cloudflare
etag
"15468e63d7aba3f957c1cb44354bddfa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
43e347d9ed0ebef3-FRA
expires
Sun, 22 Jul 2018 05:19:26 GMT
utag.1783.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1783.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AA) /
Resource Hash
4d049d83eef469c1f2cc0f5df820144ff6c5eb896b4e4aa2e681a1cba7d622a9

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Mar 2017 15:25:15 GMT
server
ECS (fcn/41AA)
etag
"3913321605"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1130
expires
Mon, 06 Aug 2018 04:49:26 GMT
utag.1779.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1779.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/4197) /
Resource Hash
cd5e6512fdbb698425174148dba05f72357a3b1944413f8812c55c4025d3d562

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2016 20:43:57 GMT
server
ECS (fcn/4197)
etag
"392561602"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1785
expires
Mon, 06 Aug 2018 04:49:26 GMT
utag.1782.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1782.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40FA) /
Resource Hash
255edb1f0d3fb5a7d930c19a27388967ec3141a3fce88d7507b336a8ae27ba97

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Mar 2017 15:25:15 GMT
server
ECS (fcn/40FA)
etag
"3651177669"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1058
expires
Mon, 06 Aug 2018 04:49:26 GMT
utag.1787.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		142 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40FA) /
Resource Hash
4403da4c6249d385d6480af53f62118f5b328c7f1c69b2866cfd494c45b0b186

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Mon, 02 Jul 2018 23:25:05 GMT
server
ECS (fcn/40FA)
etag
"1523865341"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
48655
expires
Mon, 06 Aug 2018 04:49:26 GMT
utag.1790.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
979 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1790.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/4199) /
Resource Hash
10113bad06fefd5698a45480ffaedd421c6e06f9dbd0d1c772b7128bbea0842d

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Mon, 01 Aug 2016 14:31:10 GMT
server
ECS (fcn/4199)
etag
"2267415266"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
872
expires
Mon, 06 Aug 2018 04:49:25 GMT
utag.1791.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1791.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/4185) /
Resource Hash
7eae865fd7c820936603897a072b7ddd77b2c74e8022160fd19792291a63fac8

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Mon, 01 Aug 2016 14:31:10 GMT
server
ECS (fcn/4185)
etag
"3334871598"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1196
expires
Mon, 06 Aug 2018 04:49:26 GMT
utag.1792.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1792.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E2) /
Resource Hash
dabf73474662398f4f686a1b3103542f53384dd6241e6ac13f8ba535c6372aff

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Thu, 28 Jul 2016 14:28:47 GMT
server
ECS (fcn/40E2)
etag
"2022868805"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1664
expires
Mon, 06 Aug 2018 04:49:26 GMT
utag.1797.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
967 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1797.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40D6) /
Resource Hash
3ff065de0d90b0510727a72c173d05652c30967c5e6561dbf1d82fa077cabb22

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:25 GMT
content-encoding
gzip
last-modified
Wed, 25 Jan 2017 20:07:58 GMT
server
ECS (fcn/40D6)
etag
"1907756232"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
883
expires
Mon, 06 Aug 2018 04:49:25 GMT
utag.1800.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
995 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1800.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41A7) /
Resource Hash
e9b3eb7f022396e969766ad5e908b21df0b646c943e149902c64de590e9549d9

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Mon, 07 Aug 2017 22:40:35 GMT
server
ECS (fcn/41A7)
etag
"3890296134"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
912
expires
Mon, 06 Aug 2018 04:49:26 GMT
article-e11ed4b1a8-rev.js
zdnet4.cbsistatic.com/fly/js/pages/ 		229 KB
230 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/js/pages/article-e11ed4b1a8-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b0af43bed31ce98cb518dcc3d10b2ea4d8bf2d41bbb9715cc648d65e67a8c5fa

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
last-modified
Mon, 16 Jul 2018 09:05:29 GMT
server
nginx
etag
"5b4c5fd9-39420"
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
234528
expires
Sun, 29 Jul 2018 04:49:26 GMT
lightbox.js
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame AE3A 		321 B
614 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1532234966067&lv=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2400:cb00:2048:1::6810:4fa5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
218912b63ac19620c183e6ecb95fa37a2ac47f218902513dd51f59f15376858f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
x-powered-by
ASP.NET
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cf-ray
43e347da3e1c96fa-FRA
tag.aspx
ml314.com/ 		23 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?2262018
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1782.js?utv=ut4.43.201805241512
Protocol
HTTP/1.1
Server
34.250.87.211 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-87-211.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2ccd728594ce65fa7e6651109e3bbd61877e548c4dab5480cafa6965f358a4e0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Jul 2018 17:03:42 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=44056
Connection
keep-alive
Content-Length
11039
Expires
Sun, 22 Jul 2018 17:03:42 GMT
ds.js
dw.cbsi.com/js/cbsi/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dw.cbsi.com/js/cbsi/ds.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1790.js?utv=ut4.43.201805241512
Protocol
HTTP/1.1
Server
64.30.224.172 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx1-dw-cbsi-xw-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
d696da403b0169c2191d0ec0b0fcdaa85487b21b19fd58f4b1fb5b9edf40b153

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Sep 2017 19:06:40 GMT
Server
Apache/2.4.25
ETag
"1917-55916dc13f000"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200, s-maxage=1800
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=80, max=221
Content-Length
6423
Expires
Sun, 22 Jul 2018 05:19:26 GMT
cbsinteractive.js
tru.am/scripts/custom/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tru.am/scripts/custom/cbsinteractive.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1797.js?utv=ut4.43.201805241512
Protocol
SPDY
Server
2400:cb00:2048:1::6819:a322 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a27fab6c5a0b1db438219c7d24ce2fff95e0910378fe4bdeb64b4f970eebccc

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 23 Jan 2018 19:10:31 GMT
server
cloudflare
etag
"8c3752e674fdabefc911d5c40f71780d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
43e347da3a382774-FRA
expires
Sun, 22 Jul 2018 08:49:26 GMT
st.v3.js
www.everestjs.net/static/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/st.v3.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
HTTP/1.1
Server
104.111.240.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-240-158.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
efbae295f78a835041fb71d600ad64164ee2a9c20599e183bebf65e2dd038877

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Dec 2017 19:58:00 GMT
Server
Apache
ETag
"12803d6-47b6-5603e2f40d296"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=86002
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6132
Expires
Mon, 23 Jul 2018 04:42:48 GMT
tag.js
js.agkn.com/prod/v0/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.agkn.com/prod/v0/tag.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1800.js?utv=ut4.43.201805241512
Protocol
SPDY
Server
2600:9000:200c:8200:15:efbc:e300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33e5e19bca3a0cd6eb3c73b7160afe3a752ddefc95b05e82f74fce1f727e14cd

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 28 Jun 2018 23:55:39 GMT
via
1.1 7b88ef0d81161ffd0111d52a2de2bd25.cloudfront.net (CloudFront)
last-modified
Thu, 28 Jun 2018 23:51:37 GMT
server
AmazonS3
age
17622
etag
"0a19c06e5266e3e9e572f723610708ba"
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
3111
x-amz-cf-id
TqoO6M2lmH5dR2p6JoohiJl4CQVvytGiA6eKk-lsk5pJOWi8C9ny4g==
anonc.js
dw.cbsi.com/ 		73 B
620 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dw.cbsi.com/anonc.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Server
64.30.224.172 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx1-dw-cbsi-xw-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
799ce2327805e028c1acd8e6f94b68430d91620ea5c3c0948ae83b3242916b28

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Apache/2.4.25
Etag
Ale/hVtUDNZnUDUY5js.1.dw_anonc
P3P
CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-control
private, max-age=43200, s-max-age=0
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=80, max=996
Content-Length
73
Expires
Mon, 05 Jan 1970 12:12:12 GMT
CBSI-PLAYER.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/ 		760 KB
203 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1491a1594a4058a62ea4c08441cfcbbfe82a0916b4f26b55f3605af896766dd7

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Mon, 26 Mar 2018 15:42:34 GMT
server
Apache
etag
"ffe80da4a589534ffbb17f46d6ef50a3:1522078954"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 21 Aug 2018 04:49:26 GMT
utsync.ashx
ml314.com/ 		906 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=50070&ct=js&pi=&fp=&clid=&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&pv=1532234966144_ch8yfzygo&bl=en-us&cb=5562155&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D%5BPersonID%5D%26redir%3D&ht=&d=&dc=&si=1532234966144_ch8yfzygo&cid=&s=1600x1200&rp=
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?2262018
Protocol
HTTP/1.1
Server
34.250.87.211 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-87-211.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
21245e002a0825c3b6525b825d6f5a89598a48dfa220c8f42c0c3a105873606d

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
521
Expires
0
ud.ashx
in.ml314.com/ 		20 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in.ml314.com/ud.ashx?topiclimit=&cb=2262018
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?2262018
Protocol
HTTP/1.1
Server
54.175.190.102 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-175-190-102.compute-1.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, no-cache="set-cookie"
Connection
keep-alive
Content-Length
138
Expires
Mon, 23 Jul 2018 04:49:26 GMT
Cookie set /
d.agkn.com/iframe/8613/ Frame 8270 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://d.agkn.com/iframe/8613/?che=89410103&c=%7B%22bpid%22%3A%22cbsinteractive%22%2C%22loc%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
Requested by
Host: js.agkn.com
URL: https://js.agkn.com/prod/v0/tag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.34.176.154 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-34-176-154.us-west-2.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash

Request headers

Host
d.agkn.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

Cache-Control
no-cache, must-revalidate
Content-Type
text/html;charset=UTF-8
Date
Sun, 22 Jul 2018 04:49:26 GMT
Expires
Sat, 01 Jan 2000 00:00:00 GMT
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma
no-cache
Server
Apache-Coyote/1.1
Set-Cookie
ab=0001%3AR%2BGU67cteXmniINOuwVv6NPEb54lIB5w;Max-Age=31536000;domain=agkn.com;path=/ u=C|0AEAi5slWIubJVgAAAAAAAg1RAQCADVIBAIA;Max-Age=31536000;domain=agkn.com;path=/
Content-Length
503
Connection
keep-alive
pixel.gif
cdn.viglink.com/images/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=1&rn=0.7085740466249484
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2400:cb00:2048:1::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
x-amz-request-id
36324325E073BC69
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=15, must-revalidate
accept-ranges
bytes
cf-ray
43e347da8d4dbef3-FRA
content-length
43
x-amz-id-2
CT6Y6uiT9s5yEKSY5zAlxa/olQhC2wfPKxx3gQANVMyYluGmh5s8Wyk9FEPb0baGb9MNPePmE9M=
pixel.gif
cdn.viglink.com/images/ 		43 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=2&rn=0.7085740466249484
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2400:cb00:2048:1::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
x-amz-request-id
36324325E073BC69
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=15, must-revalidate
accept-ranges
bytes
cf-ray
43e347da8d4ebef3-FRA
content-length
43
x-amz-id-2
CT6Y6uiT9s5yEKSY5zAlxa/olQhC2wfPKxx3gQANVMyYluGmh5s8Wyk9FEPb0baGb9MNPePmE9M=
ta-pagesocial-sdk.js
tru.am/scripts/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by
Host: tru.am
URL: https://tru.am/scripts/custom/cbsinteractive.js
Protocol
SPDY
Server
2400:cb00:2048:1::6819:a322 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb9007c254c493be4a067de535b19a30f5e5aef3d5b19f58b1c72d2c65a04f79

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 21 May 2018 10:49:23 GMT
server
cloudflare
etag
"8761e04182a1c11ff30f706f8052c8d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86400
cf-ray
43e347da8a3f2774-FRA
expires
Mon, 23 Jul 2018 04:49:26 GMT
ad-f9e70294a5-rev.js
zdnet2.cbsistatic.com/fly/js/managers/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/managers/ad-f9e70294a5-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7234f4f5beaeca84f0bf50465b9d79a4b34e33ffc685ea67845756dc1712ade6

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Wed, 27 Jun 2018 19:21:21 GMT
server
nginx
etag
"5b33e3b1-1b2e"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
2432
expires
Sun, 29 Jul 2018 04:49:26 GMT
mpulse-1.0.2.js
zdnet1.cbsistatic.com/fly/js/libs/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
763fa0bd7eff816d0a5f8c3e4075f9173a5cebf51a1e2c0d1174f841de10b9dd

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Wed, 30 May 2018 18:14:04 GMT
server
nginx
etag
"5b0ee9ec-2fdf"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
4822
expires
Sun, 29 Jul 2018 04:49:26 GMT
user.js
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame AE3A 		518 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636668138649269836
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1532234966067&lv=1
Protocol
SPDY
Server
2400:cb00:2048:1::6810:4fa5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f401431a8d231fbf4334e582d4686b70a693b6d1827dc8dbcb03272e20c4a06c

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
mG+SApCFbEqgFqcc6P1vOQ==
cf-polished
origSize=870776
status
200
last-modified
Wed, 13 Jun 2018 21:55:10 GMT
x-ms-lease-status
unlocked
cf-bgj
minify
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
b645ec3e-001e-0062-7684-191219000000
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
43e347da9e5896fa-FRA
expires
Mon, 22 Jul 2019 04:49:26 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://tags.bluekai.com/site/20486?limit=0&id=5978151431620008567&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=5978151431620008567%26eid=50056
  • https://stags.bluekai.com/site/20486?dt=0&r=65757859&sig=1251570712&bkca=KJh+pnLvQY9D9BY43zSXj+GeUYvYSsbV1YBOu2uCdgfSZyXzGbtmcev2z+oDBSSTJJQP9aOEPZPKg5gpwDRUVGuL/qM18VZHewzCX0ULP63sp4aW5JmR8fawYISD...
  • https://ml314.com/csync.ashx?fp=qLtsuy9999exUaHq&person_id=5978151431620008567&eid=50056
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=qLtsuy9999exUaHq&person_id=5978151431620008567&eid=50056
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
34.249.37.235 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-249-37-235.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Mon, 23 Jul 2018 00:49:26 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:26 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Location
https://ml314.com/csync.ashx?fp=qLtsuy9999exUaHq&person_id=5978151431620008567&eid=50056
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
BK-Server
349
Expires
Thu, 01 Dec 1994 16:00:00 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151431620008567
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151431620008567&redirect=1
  • https://ml314.com/csync.ashx?fp=b57d3e9e3553b74fa264c99a3ea1cb412b53de6f6aff46538c35ca2128692a89f4cb09cee1a4f8eb&person_id=5978151431620008567&eid=50082
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=b57d3e9e3553b74fa264c99a3ea1cb412b53de6f6aff46538c35ca2128692a89f4cb09cee1a4f8eb&person_id=5978151431620008567&eid=50082
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
34.250.87.211 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-87-211.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Mon, 23 Jul 2018 00:49:26 GMT

Redirect headers

Location
https://ml314.com/csync.ashx?fp=b57d3e9e3553b74fa264c99a3ea1cb412b53de6f6aff46538c35ca2128692a89f4cb09cee1a4f8eb&person_id=5978151431620008567&eid=50082
P3P
CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
status
302
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif; charset=ISO-8859-1
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151431620008567%26eid=50220
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151431620008567%26eid=50220&mm_bnc&mm_bct
  • https://ml314.com/csync.ashx?fp=0a305b54-02f3-4b00-ab32-7b6c67dd00c5&person_id=5978151431620008567&eid=50220
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=0a305b54-02f3-4b00-ab32-7b6c67dd00c5&person_id=5978151431620008567&eid=50220
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
34.249.37.235 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-249-37-235.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Mon, 23 Jul 2018 00:49:26 GMT

Redirect headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
MT3 1.26.7.0 e3db8da DPLAT-363 zrh-pixel-x23
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://ml314.com/csync.ashx?fp=0a305b54-02f3-4b00-ab32-7b6c67dd00c5&person_id=5978151431620008567&eid=50220
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Sun, 22 Jul 2018 04:49:25 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151431620008567
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151431620008567
  • https://ml314.com/csync.ashx?fp=547dfebd90ef691575d9dfcb82c57d4a&eid=50146&person_id=5978151431620008567
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=547dfebd90ef691575d9dfcb82c57d4a&eid=50146&person_id=5978151431620008567
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
34.249.37.235 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-249-37-235.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Mon, 23 Jul 2018 00:49:26 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:26 GMT
P3P
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location
https://ml314.com/csync.ashx?fp=547dfebd90ef691575d9dfcb82c57d4a&eid=50146&person_id=5978151431620008567
Cache-Control
no-cache
X-Server
10.26.17.57
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
match
ps.eyeota.net/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2UQDOA0jmTf4qmToVMN_KASbhCyEK0d1h_SIjfojaMvo&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil
  • https://ml314.com/csync.ashx?fp=2UQDOA0jmTf4qmToVMN_KASbhCyEK0d1h_SIjfojaMvo&person_id=5978151431620008567&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
70 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
18.184.225.117 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-184-225-117.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Content-Length
70
Content-Type
image/gif

Redirect headers

Date
Sun, 22 Jul 2018 04:49:25 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/html; charset=utf-8
Location
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Cache-Control
private
Connection
keep-alive
Content-Length
168
Expires
Mon, 23 Jul 2018 00:49:26 GMT
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=5978151431620008567&redir=
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151431620008567&redir=
42 B
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151431620008567&redir=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
54.201.217.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-201-217-203.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS
usw2-prod-dcs-107eaf4f.edge-usw2.demdex.com 5.34.2.20180719143257 3ms
Pragma
no-cache
X-TID
qURL4rFQRc0=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
X-TID
TE6aSJAISDc=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151431620008567&redir=
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
gpt.js
www.googletagservices.com/tag/js/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
22d98aa81412edaaee9d9e8f1843b206f49f349dd8a483c8c5d960428bac53a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"5 / 203 of 1000 / last-modified: 1532226201"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
7850
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:26 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1532234966194&s=c4ee12d468f99a9579699ef92509f1417b2bf7b1d7a1291f670a98c3affcaef0
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Server
104.108.48.32 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-48-32.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fc5d56363919d449fe99d20c71608b6ecf4bcb76e680e72c03178982910cc7aa

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
706
ad-2.0.js
zdnet3.cbsistatic.com/fly/bundles/flyjs/js/managers/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/bundles/flyjs/js/managers/ad-2.0.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
de749bdbeeb7bb7f79cb31ff00fe6830004064419f73fe9a6ec982e9de8bf19d

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Thu, 19 Apr 2018 09:47:08 GMT
server
nginx
etag
"5ad8659c-4c22"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
4885
expires
Sun, 29 Jul 2018 04:49:26 GMT
beacon
beacon.tru.am/ 		17 B
413 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://beacon.tru.am/beacon
Requested by
Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol
SPDY
Server
2400:cb00:2048:1::6819:a222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
27676ea482895bdddd3f3796f430a812e11364efc224227c86973a52398966c2

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, private, max-age=0
cf-ray
43e347daeeaa6373-FRA
content-length
41
expires
Thu, 01 Jan 1970 00:00:00 UTC
gpt-4.3.js
zdnet4.cbsistatic.com/fly/bundles/flyjs/js/managers/ 		52 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/bundles/flyjs/js/managers/gpt-4.3.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d48e0904f1b40972f1fc6dac3f358719e080fab3291d13d2ca4a60405707a88b

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
last-modified
Thu, 19 Apr 2018 09:47:08 GMT
server
nginx
etag
"5ad8659c-d143"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
10133
expires
Sun, 29 Jul 2018 04:49:26 GMT
fb_digioh.2.1.5.css
www.lightboxcdn.com/static/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/static/fb_digioh.2.1.5.css?cb=636645237103478653
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636668138649269836
Protocol
SPDY
Server
2400:cb00:2048:1::6810:4fa5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
010c5145d45e46469f50c376fd68ae284eec16ce330e843393777b3bf693a28f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
cf-cache-status
HIT
content-md5
SPXkOHRrmvkdtUVAkMsWtg==
cf-polished
origSize=5365
status
200
last-modified
Thu, 22 Jun 2017 21:54:44 GMT
x-ms-lease-status
unlocked
cf-bgj
minify
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-ms-request-id
0e4e20c4-601e-0110-5fcc-112572000000
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
43e347db2e8796fa-FRA
expires
Mon, 22 Jul 2019 04:49:26 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
pubads_impl_233.js
securepubads.g.doubleclick.net/gpt/ 		178 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
777b0f00d08011d3250b26f0f12ae95183db91e4c4ee05b98ad25a8d0d85c594
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 16 Jul 2018 16:04:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
62854
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:26 GMT
config.json
c.go-mpulse.net/api/ Frame A19E 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5107450&v=1.571.0&if=&sl=0&si=coh0ks8nvo-NaN&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,LOGN&acao=
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Server
104.108.48.32 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-48-32.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
307988cf9fcad415252361381eb81ef20b7e28e1c4c1bf8c062c65f37ebac688

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com

Response headers

Date
Sun, 22 Jul 2018 04:49:26 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
684
id
dpm.demdex.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&ts=1532234966597
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Server
34.214.245.56 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-214-245-56.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
205eefe89447614dbb282a32e428a70fc5a17da2a00b85a56be213240a240bfc

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
usw2-prod-dcscanary-e2d808bd.edge-usw2.demdex.com 5.34.2.20180719143257 4ms
Pragma
no-cache
Content-Encoding
gzip
X-TID
QPZVd+o0Tuo=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
748
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
114 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=cbsi/zdnetglobalsite/201807022317&cb=1532234966599
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B5) /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:26 GMT
last-modified
Thu, 14 Apr 2016 16:59:33 GMT
server
ECS (fcn/40B5)
etag
"144534940"
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Sun, 22 Jul 2018 04:59:26 GMT
c.gif
dw.cbsi.com/clear/ 		42 B
346 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dw.cbsi.com/clear/c.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&assettitle=this%20new%20windows%20malware%20wants%20to%20add%20your%20pc%20to%20a%20botnet%20-%20or%20worse&assettype=content_article&pubdate=2018-06-20%2011%3A30%3A53&viewguid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&devicetype=desktop&sitetype=responsive%20web&author=danny%20palmer&authorid=1aa87593-0f1d-4577-862b-a59b5ec9bc57&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&ts=1532234966561&ld=www.zdnet.com&ldc=8f61f3dc-bf11-43f0-98ab-873057bea1a0&brwinsz=1600x1200&brscrsz=1600x1200&brlang=en-US&tcset=utf8&im=dsjs&clgf=Ale%2FhVtUDNZnUDUY5js&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&title=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
64.30.224.172 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx1-dw-cbsi-xw-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Apache/2.4.25
Vary
*
Content-Type
image/gif
Cache-control
no-cache, must-revalidate, no-transform
Connection
Keep-Alive
Keep-Alive
timeout=80, max=714
Content-Length
42
Expires
Mon, 05 Jan 1970 12:12:12 GMT
/
36c3f470.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://36c3f470.akstat.io/?h.pg=article&when=1532234966624&t_other=custom4%7C736&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=6ffa6c2f6e6c5045c11a2ea5f8de7c5393df14f9&h.t=1532234966223&http.initiator=api&rt.start=api&rt.si=a555c2cd-6562-4962-86d4-82a3e9df6816&rt.ss=1532234967478&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Server
104.108.48.32 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-48-32.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:26 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Sun, 22 Jul 2018 04:49:26 GMT
ping
api.viglink.com/api/ 		266 B
946 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/ping
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Server
52.18.183.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
cd2e4c9f855d10a911913da3ef8a3c11e9cb6da8728aea03f6aaf8f28fef2aef

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
266
Expires
Thu, 01 Jan 1970 00:00:00 GMT
domains
api.viglink.com/api/ 		76 B
521 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Server
52.18.183.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
6cd3725bdcfa1c97be51595a116362bad6d18eef37cd43b188cdedeb03383f5f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:26 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
76
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cookie set dest5.html
cbsi.demdex.net/ Frame 9E1E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cbsi.demdex.net/dest5.html?d_nsid=undefined
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.89.247 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-16-89-247.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
cbsi.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Accept-Encoding
gzip, deflate
Cookie
demdex=08216931432766049902333237949992780530
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Sun, 22 Jul 2018 04:40:46 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=08216931432766049902333237949992780530;Path=/;Domain=.demdex.net;Expires=Fri, 18-Jan-2019 04:49:27 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
Zb4iLX8IT+Y=
Content-Length
2766
Connection
keep-alive
id
saa.cbsi.com/ 		90 B
766 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://saa.cbsi.com/id?d_visid_ver=2.3.0&d_fieldgroup=A&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&mid=08063460859201155262321281788580464522&ts=1532234966963
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Server
63.140.43.37 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
1802e168bbac454e87e3117b29627b5be8efdd7b1521006a97b9e3df63dc12aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Sun, 22 Jul 2018 04:49:27 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
90
X-XSS-Protection
1; mode=block
Server
Omniture DC/2.0.0
xserver
www105
Vary
Origin
Access-Control-Allow-Methods
GET, POST, DELETE
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=15
id
dpm.demdex.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&d_mid=08063460859201155262321281788580464522&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=AVID%012DAA066B85311112-6000010D200041A0&ts=1532234967091
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Server
34.214.245.56 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-214-245-56.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e02858a6376a1ee969dc0b5e46c5488fba8a70ba58aca9e7cf3211179e62bb83

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
usw2-prod-dcs-05902d03e.edge-usw2.demdex.com 5.34.2.20180719143257 6ms
Pragma
no-cache
Content-Encoding
gzip
X-TID
K7B5VbnIRUM=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
748
Expires
Thu, 01 Jan 1970 00:00:00 GMT
s3890265999725
saa.cbsi.com/b/ss/cnetzdnetglobalsite/10/JS-2.3.0/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://saa.cbsi.com/b/ss/cnetzdnetglobalsite/10/JS-2.3.0/s3890265999725?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=22%2F6%2F2018%204%3A49%3A27%200%200&d.&nsid=0&jsonv=1&.d&mid=08063460859201155262321281788580464522&aid=2DAA066B85311112-6000010D200041A0&aamlh=9&ce=UTF-8&ns=cbsinteractive&pageName=zdnet%3A%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&g=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&cc=USD&ch=editorial&server=www.zdnet.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=zdnet&v1=zdnet&h1=editorial%7Carticle&c2=D%3Dv2&v2=eu&l2=113c25b6-ec91-11e3-95d2-02911863765e&c3=D%3Dv3&v3=responsive%20web%7Cdesktop&l3=1aa87593-0f1d-4577-862b-a59b5ec9bc57&c4=D%3Dv4&c5=D%3Dv5&v5=cnetzdnetglobalsite&c6=D%3Dv6&v6=editorial%7Carticle&c7=D%3Dv7&v7=D%3Dg&c8=D%3Dv8&v8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&c9=D%3DUser-Agent&c10=D%3Dv10&v10=article&c11=D%3Dv11&v11=D%3Dch%2B%22%3A%22%2Bv10&v15=not%20authenticated%7Canon&c20=D%3Dv20&v20=this%20new%20windows%20malware%20wants%20to%20add%20your%20pc%20to%20a%20botnet%20-%20or%20worse&c22=D%3Dv22&v22=content_article&c23=D%3Dv23&v23=113c25b6-ec91-11e3-95d2-02911863765e&c24=D%3Dv24&v24=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&c25=D%3Dv25&c26=D%3Dv26&c28=D%3Dv28&c30=D%3Dv30&v30=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&c31=D%3Dv31&c33=D%3Dv33&c34=D%3Dv34&c35=D%3Dv35&v35=Ale%2FhVtUDNZnUDUY5js&c48=D%3Dv48&v48=zdnet&c50=D%3Dv50&v50=12%3A30AM&c51=D%3Dv51&v51=Sunday&c52=D%3Dv52&v52=1&c53=D%3Dv53&v53=New&c54=D%3Dv54&v54=First%20Visit&c65=D%3Dv65&v65=discover&c69=D%3Dv69&v85=true&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&AQE=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Server
63.140.43.37 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
bb0f26c0b78cd8c1e8f5d5d70e325924417a8e34a640a595037f6d7857eff501
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-AAM-TID
e7ORVgHUSI8=
Date
Sun, 22 Jul 2018 04:49:27 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
1956
X-XSS-Protection
1; mode=block
DCS
usw2-prod-dcs-b24600aa.edge-usw2.demdex.com 5.34.2.20180719143257 7ms
Pragma
no-cache
Last-Modified
Mon, 23 Jul 2018 04:49:27 GMT
Server
Omniture DC/2.0.0
xserver
www117
ETag
"3290449536613416960-6508335942573519837"
Vary
*
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Sat, 21 Jul 2018 04:49:27 GMT
measure.min.js
asset.pagefair.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://asset.pagefair.com/measure.min.js?_=1532234967742
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
HTTP/1.1
Server
23.111.9.30 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
6ac72fa11e76ea6fdbb1b310f67b3b9b24c11da94774a89323b71930ae544eee

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11 Jun 2018 11:42:29 GMT
Server
NetDNA-cache/2.2
x-amz-request-id
494FBB02F31D991A
ETag
W/"5631e8df5abfee420cd07a2737665a78"
Transfer-Encoding
chunked
X-Cache
MISS
Content-Type
application/x-javascript
Cache-Control
max-age=86400
Connection
keep-alive
x-amz-id-2
jdEOUZQQcR/na32Jc6CwA57vCOGu6vQbvIB104OYdG+S9v/joRywbU3ogJRNgvsz9VUYW4Ky0hQ=
Expires
Mon, 23 Jul 2018 04:49:28 GMT
ads.min.js
asset.pagefair.net/ 		0
501 B 		Script
General
Check archive.org
Download Go to
Full URL
https://asset.pagefair.net/ads.min.js?_=1532234967743
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
HTTP/1.1
Server
23.111.11.222 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:27 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Mar 2018 17:19:02 GMT
Server
NetDNA-cache/2.2
x-amz-request-id
3FED7A174DD930E7
ETag
"263dfc0b0e2e32b880781aa6f238a031"
X-Cache
MISS
Content-Type
application/x-javascript
Cache-Control
max-age=7200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31
x-amz-id-2
pYv5Uz1toK3xQkqZf8h1sW+3FXWWrlBuDeuk6BfE/9yOfByAKz5XIzfmCaBwHMMj9m7PIY2YUh8=
jpt
secure.adnxs.com/ 		0
683 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11834629&size=728x90&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=tKsQJ960&psa=0&promo_sizes=970x250&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
37.252.172.39 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 246.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.26:80
AN-X-Request-Uuid
d3046c07-e2db-4393-b4e9-54d2ca389049
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
684 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11834625&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=RsBCApsF&psa=0&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
37.252.172.39 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 246.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.136:80
AN-X-Request-Uuid
a1806a25-5ea2-4d76-aa99-b5932a822f6c
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
684 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11834627&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=euQpcmpZ&psa=0&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
37.252.172.42 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
247.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 247.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.132:80
AN-X-Request-Uuid
f1a8bcec-9096-4205-b43a-55bbcaab0ea0
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
683 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11834631&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=k9JffivS&psa=0&promo_sizes=300x600&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
37.252.172.39 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 246.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.17:80
AN-X-Request-Uuid
4656e921-7a30-489d-a784-49425c3387d5
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
683 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11834632&size=728x90&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=SMue8UtW&psa=0&promo_sizes=970x250&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
37.252.172.39 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 246.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.45:80
AN-X-Request-Uuid
25c44315-0b29-4be2-8f48-3cee85e70ea8
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
as-sec.casalemedia.com/ 		66 B
1001 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=7.2&s=182823&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A15232662%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22202%22%2C%22siteID%22%3A%22182829%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22220%22%2C%22siteID%22%3A%22183316%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22209%22%2C%22siteID%22%3A%22182828%22%7D%2C%22id%22%3A%223%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22210%22%2C%22siteID%22%3A%22182826%22%7D%2C%22id%22%3A%224%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22208%22%2C%22siteID%22%3A%22182824%22%7D%2C%22id%22%3A%225%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22222%22%2C%22siteID%22%3A%22182825%22%7D%2C%22id%22%3A%226%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22201%22%2C%22siteID%22%3A%22182823%22%7D%2C%22id%22%3A%227%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22219%22%2C%22siteID%22%3A%22183315%22%7D%2C%22id%22%3A%228%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%7D
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
62244315901765ab733deb32346f7d8d70974a27467b2fcc57e8392d3291a53d

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:27 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript
Content-Length
86
Expires
Sun, 22 Jul 2018 04:49:27 GMT
vglnk.js
cdn.viglink.com/api/ 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bf6a92a50156df8d8018b0916a7c98b22e9d2201e42c32dcf9d6d7187df8ab0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
39D65B6392DEF1A8
status
200
content-length
27815
x-amz-id-2
afWH7RfDYh6IqjVzYkqatqiiRlp1DRxWB70Hw60WT0w/NNQob8jUbqSKnt60yXnPUwALS5vlziI=
last-modified
Thu, 19 Jul 2018 20:17:17 GMT
server
cloudflare
etag
"15468e63d7aba3f957c1cb44354bddfa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
43e347e4a886bef3-FRA
expires
Sun, 22 Jul 2018 05:19:27 GMT
utag.1775.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1775.js?utv=ut4.43.201807022325
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AA) /
Resource Hash
0f4176807e149be9c6cc0e583699fffe630cccb37e57242ce5a7b1f7d63d859d

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Thu, 10 Nov 2016 20:41:55 GMT
server
ECS (fcn/41AA)
etag
"1112944691"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
8960
expires
Mon, 06 Aug 2018 04:49:27 GMT
utag.277.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
946 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.277.js?utv=ut4.43.201807022325
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40F9) /
Resource Hash
0e13cd6845611f0c419398a75b85ba014a7fffb1b9e9575c2e1b4cfefebd0017

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2016 20:43:58 GMT
server
ECS (fcn/40F9)
etag
"461771432"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
863
expires
Mon, 06 Aug 2018 04:49:27 GMT
utag.1772.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1020 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1772.js?utv=ut4.43.201807022325
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B3) /
Resource Hash
e482ba089d973ca257acfd70b2d7541447d5d333449b106d5c3dffebe322566a

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2016 20:43:58 GMT
server
ECS (fcn/40B3)
etag
"4198895974"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
959
expires
Mon, 06 Aug 2018 04:49:27 GMT
utag.1796.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1796.js?utv=ut4.43.201807022325
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40F9) /
Resource Hash
9337d4f2ef8a00759da573e178e302712fec944ac54cfd808f48c526b9816d3b

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Mon, 28 Nov 2016 15:09:53 GMT
server
ECS (fcn/40F9)
etag
"931235332"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2762
expires
Mon, 06 Aug 2018 04:49:27 GMT
pixel_details.html
www.everestjs.net/static/ Frame 9822
Redirect Chain
  • https://pixel.everesttech.net/4083/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26optout%3D__EFOPTOUT__%26throttleCook...
  • https://www.everestjs.net/static/pixel_details.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/pixel_details.html
Requested by
Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.240.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-240-158.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
www.everestjs.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

Server
Apache
Last-Modified
Tue, 04 Oct 2011 16:14:21 GMT
ETag
"8623-a6-4ae7b62583140"
Accept-Ranges
bytes
Content-Type
text/html
Content-Encoding
gzip
Content-Length
146
Cache-Control
max-age=27652
Expires
Sun, 22 Jul 2018 12:30:19 GMT
Date
Sun, 22 Jul 2018 04:49:27 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Date
Sun, 22 Jul 2018 04:49:27 GMT
Server
Apache
Set-Cookie
everest_session_v2=W1QM1wAABMtwGz33; path=/; domain=.everesttech.net everest_g_v2=g_surferid~W1QM1wAABMtwGz33; path=/; domain=.everesttech.net; expires=Mon, 15-Jun-2020 15:29:27 GMT
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache
Location
https://www.everestjs.net/static/pixel_details.html#google=W1QM1wAABMtwGz33&gsurfer=W1QM1wAABMtwGz33&optout=0&throttleCookie=&time=20180722044927
Content-Length
345
Keep-Alive
timeout=15, max=988001
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
ls.html
www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame 640D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=636645237103478653
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636668138649269836
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4fa5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
www.lightboxcdn.com
:scheme
https
:path
/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=636645237103478653
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
cookie
__cfduid=d7b9a812282d8ad3f27d8f9dfda2921911532234966
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
date
Sun, 22 Jul 2018 04:49:28 GMT
content-type
text/html
content-md5
2QlVA6sVmgJp4XZ5c8SrrQ==
last-modified
Wed, 13 Jun 2018 21:55:10 GMT
x-ms-request-id
b6c4fcb7-e01e-0041-2177-217dd2000000
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
cf-cache-status
MISS
vary
Accept-Encoding
expires
Mon, 22 Jul 2019 04:49:28 GMT
cache-control
public, max-age=31536000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
43e347e4db9e96fa-FRA
content-encoding
gzip
Cookie set dest5.html
cbsi.demdex.net/ Frame 5122 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cbsi.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.182.129 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-17-182-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
cbsi.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Accept-Encoding
gzip, deflate
Cookie
demdex=88307300829592482563107405335148801242; dextp=269-1-1532234967085|3-1-1532234967187|420-1-1532234967288|477-1-1532234967388|771-1-1532234967489|22052-1-1532234967591|30646-1-1532234967691|121998-1-1532234967792
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Sun, 22 Jul 2018 04:41:25 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=88307300829592482563107405335148801242;Path=/;Domain=.demdex.net;Expires=Fri, 18-Jan-2019 04:49:27 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
/MMwh9m2RNw=
Content-Length
2766
Connection
keep-alive
ads
securepubads.g.doubleclick.net/gampad/ 		576 KB
155 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3856214195914187&correlator=460212577665692&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21062373&vrg=233&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=7x7%7C5x5%2C1x1%2C1600x1000%2C728x90%7C970x66%7C970x250%2C300x250%7C300x600%7C300x1050%2C300x250%2C300x250%2C728x90%7C970x66%7C970x250%2C371x771&ists=128&prev_scp=pos%3Dnav%7C%7Cpos%3Dtop%7Cpos%3Dtop%7Cpos%3Dtop%7Cpos%3Dmiddle%7Cpos%3Dbottom%7Cpos%3Dbottom%7Cpos%3Dtop&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%26env%3Dprod%26firstpg%3D1%26vguid%3Dae1b85eb-b336-487d-9ab0-bd57117a2b4f%26session%3Dd%26subses%3D3&cookie_enabled=1&bc=7&abxe=1&lmt=1532234967&dt=1532234967928&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&adys=0%2C116%2C0%2C0%2C0%2C0%2C0%2C0%2C0&adks=3272424244%2C756974236%2C1349602048%2C1865774549%2C164929707%2C1849993754%2C4033943233%2C3991326410%2C470013531&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&dssz=63&icsg=547880960&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x4168%7C1585x0%7C1585x-1%7C1585x-1%7C370x-1%7C370x-1%7C370x-1%7C1210x-1%7C370x-1&msz=7x30%7C1585x0%7C1600x-1%7C688x-1%7C300x-1%7C300x-1%7C300x-1%7C728x-1%7C371x-1&ga_vid=2125005542.1532234968&ga_sid=1532234968&ga_hid=1239138122
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
15352b487a76a4e8a7952dbbeb45f3d0d38de713d62c6f52837d80cd75808116
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
158350
x-xss-protection
1; mode=block
google-lineitem-id
4441986168,-2,131323809,-1,4696758888,-1,-1,-1,236907969
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138212690913,-2,31192576209,-1,138235644983,-1,-1,-1,72087703209
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_233.js
securepubads.g.doubleclick.net/gpt/ 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_233.js?cb=234
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
794d55d32d1c4b4c3287b9e1718b82c60bc301386f0fbd51ebaf15f80659669a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 16 Jul 2018 16:04:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
16399
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:27 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Purpose
prefetch
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires
Fri, 19 Jul 2019 09:15:13 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
content-type
text/html
/
www.zdnet.com/components/breaking-news/xhr/ 		719 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dab2e2bc3130d341255beae8587e0a612e86fa1d2643a609106f7d12b70eb4c1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/components/breaking-news/xhr/?slug=breaking-news-banner
pragma
no-cache
cookie
fly_device=desktop; nemo_highlander-author_focus=author_focus%3a1%3aexclude; fly_default_edition=eu; fly_preferred_edition=eu; fly_geo={"countryCode": "de"}; _ccmsi=1532234966144_ch8yfzygo|1532234966144; _ccmaid=5978151431620008567; zdnet_ad=%7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22uk%22%2C%22session%22%3A%22d%22%2C%22subSession%22%3A%223%22%7D; first_page_today=false; LDCLGFbrowser=8f61f3dc-bf11-43f0-98ab-873057bea1a0; XCLGFbrowser=Ale/hVtUDNZnUDUY5js; s_vnum=1534826966591%26vn%3D1; s_invisit=true; s_getNewRepeat=1532234966592-New; s_lv_zdnet=1532234966593; s_lv_zdnet_s=First%20Visit; AMCVS_10D31225525FF5790A490D4D%40AdobeOrg=1; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=-894706358%7CMCMID%7C08063460859201155262321281788580464522%7CMCAAMLH-1532839766%7C9%7CMCAAMB-1532839767%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1532242166s%7CNONE%7CMCAID%7C2DAA066B85311112-6000010D200041A0%7CvVersion%7C2.3.0; s_cc=true; aam_uuid=08216931432766049902333237949992780530; viewGuid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f; utag_main=v_id:0164c05224050018ffe971baf6fe00078006107000b08$_sn:1$_ss:0$_st:1532236767786$ses_id:1532234966022%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; RT="sl=1&ss=1532234964909&tt=2908&obo=0&bcn=%2F%2F36c3f470.akstat.io%2F&sh=1532234967821%3D1%3A0%3A2908&dm=zdnet.com&si=33a5d14a-2b98-41d3-9c5a-233f5439fe38&ld=1532234967821"
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
332
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 22 Jul 2018 04:28:54 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Sun, 22 Jul 2018 04:49:28 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
b59548a1-6ec2-4989-b839-4e96c782be72
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
accept-ranges
bytes
expires
Sun, 22 Jul 2018 05:58:54 GMT
/
graph.facebook.com/ 		650 B
834 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&callback=jQuery183031365511121913414_1532234965881&_=1532234967973
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
SPDY
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
a404f81c9bfd9c5ff859cd7a7306165585a58b626302f2a9478e6cab39c85339
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
etag
"f1b176e15003861557508540268f60830b0ff5a8"
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
x-fb-rev
4128136
content-length
420
pragma
no-cache
x-fb-debug
U+7HKpFbrd6uQyvj8EP0SfJ2MYZWGH+fx3/QakHZ7JhZ9nq1fCFac5326JZE5thMP3+ZLqXli02oKWIPLWBALg==
x-fb-trace-id
BvkBZbOsnYE
date
Sun, 22 Jul 2018 04:49:28 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.7
expires
Sat, 01 Jan 2000 00:00:00 GMT
share
www.linkedin.com/countserv/count/ 		195 B
489 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&callback=jQuery183031365511121913414_1532234965882&_=1532234967975
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
SPDY
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
10ec17811e29757782b8f38ae3cdc4394e76cf63aaa176226829e0799682dc5e
Security Headers
Name Value
Content-Security-Policy default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-li-uuid
9bWK0pWXQxUAn1stqisAAA==
server
Apache-Coyote/1.1
pragma
no-cache
x-li-pop
prod-efr5
x-frame-options
sameorigin
strict-transport-security
max-age=2592000
content-type
text/javascript;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
disqus-count-41a26f6cd2-rev.js
zdnet2.cbsistatic.com/fly/js/components/ 		331 B
441 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/components/disqus-count-41a26f6cd2-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8cd01e10a7b12ab943ec9b80f20de26ba89ed12e12a1b3557e7fc0aeea8df1b3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Thu, 24 May 2018 15:16:27 GMT
server
nginx
etag
"5b06d74b-14b"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
230
expires
Sun, 29 Jul 2018 04:49:27 GMT
controls-ffc487298f-rev.css
zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/ 		42 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-ffc487298f-rev.css
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f66d7fd334ebefe20bbb0ffd73cb19c0c69025d3c22a54e5a29e3f5288aa2ad3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Thu, 12 Jul 2018 13:43:19 GMT
server
nginx
etag
W/"5b475af7-a837"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
6648
expires
Sun, 29 Jul 2018 04:49:27 GMT
security-lock-keyboard-620x250.jpg
zdnet2.cbsistatic.com/hub/i/r/2015/02/24/84581dd9-a492-4b80-9a33-f648bf89db67/thumbnail/170x128/c4dd80f6af599203e7ccbfbe1daf3aeb/ 		5 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2015/02/24/84581dd9-a492-4b80-9a33-f648bf89db67/thumbnail/170x128/c4dd80f6af599203e7ccbfbe1daf3aeb/security-lock-keyboard-620x250.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b14231208407372e55b5bab7427e4077513f3d2a5edbd0d70af5131580954851

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Wed, 21 Dec 2016 03:02:53 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
4210
expires
Thu, 20 Sep 2018 04:49:27 GMT
iotsecurity.jpg
zdnet1.cbsistatic.com/hub/i/r/2018/04/19/7cca2b48-b288-4a0d-ae63-115164df4384/thumbnail/170x128/a1d256ed09dff3ef48b0e9fcd8994b2d/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2018/04/19/7cca2b48-b288-4a0d-ae63-115164df4384/thumbnail/170x128/a1d256ed09dff3ef48b0e9fcd8994b2d/iotsecurity.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6644eb3bfad8aba6c22c6195e339ec260857c776a1ae1b100086e4c17fe6bd52

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Thu, 26 Apr 2018 14:27:06 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
5979
expires
Thu, 20 Sep 2018 04:49:27 GMT
istock-473158924.jpg
zdnet4.cbsistatic.com/hub/i/r/2018/04/04/de17f5b0-88c9-4e7f-b009-9b9cd4eb1807/thumbnail/170x128/e5aaf78b83270582f9b1d3bde1c26edf/ 		12 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2018/04/04/de17f5b0-88c9-4e7f-b009-9b9cd4eb1807/thumbnail/170x128/e5aaf78b83270582f9b1d3bde1c26edf/istock-473158924.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b8eb6995d7ed063e974f13c18b2b07d13c09ab0109c2046a9d9016c42c2cb0aa

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Wed, 04 Apr 2018 14:57:17 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
11290
expires
Thu, 20 Sep 2018 04:49:27 GMT
venmo-hero1.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/07/20/28c67633-b74a-4d48-a51a-6dbab9e8e3fd/thumbnail/170x128/9c27f280f26dac5d69a86a2f8c90e189/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/07/20/28c67633-b74a-4d48-a51a-6dbab9e8e3fd/thumbnail/170x128/9c27f280f26dac5d69a86a2f8c90e189/venmo-hero1.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2f60bd168183bbfe87ff44232ac4dc90662cf4f0cafc9c65b0579ce5a6e50ddc

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Fri, 20 Jul 2018 21:07:32 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
5659
expires
Thu, 20 Sep 2018 04:49:27 GMT
/
www.zdnet.com/newsletter/xhr/widget-login/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
26e058121e64e3a97ae6e8b49247ba6b3c9e178ae36f03a2260a861eeb7086c1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/newsletter/xhr/widget-login/?topic=security
pragma
no-cache
cookie
fly_device=desktop; nemo_highlander-author_focus=author_focus%3a1%3aexclude; fly_default_edition=eu; fly_preferred_edition=eu; fly_geo={"countryCode": "de"}; _ccmsi=1532234966144_ch8yfzygo|1532234966144; _ccmaid=5978151431620008567; zdnet_ad=%7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22uk%22%2C%22session%22%3A%22d%22%2C%22subSession%22%3A%223%22%7D; first_page_today=false; LDCLGFbrowser=8f61f3dc-bf11-43f0-98ab-873057bea1a0; XCLGFbrowser=Ale/hVtUDNZnUDUY5js; s_vnum=1534826966591%26vn%3D1; s_invisit=true; s_getNewRepeat=1532234966592-New; s_lv_zdnet=1532234966593; s_lv_zdnet_s=First%20Visit; AMCVS_10D31225525FF5790A490D4D%40AdobeOrg=1; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=-894706358%7CMCMID%7C08063460859201155262321281788580464522%7CMCAAMLH-1532839766%7C9%7CMCAAMB-1532839767%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1532242166s%7CNONE%7CMCAID%7C2DAA066B85311112-6000010D200041A0%7CvVersion%7C2.3.0; s_cc=true; aam_uuid=08216931432766049902333237949992780530; viewGuid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f; utag_main=v_id:0164c05224050018ffe971baf6fe00078006107000b08$_sn:1$_ss:0$_st:1532236767786$ses_id:1532234966022%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; RT="sl=1&ss=1532234964909&tt=2908&obo=0&bcn=%2F%2F36c3f470.akstat.io%2F&sh=1532234967821%3D1%3A0%3A2908&dm=zdnet.com&si=33a5d14a-2b98-41d3-9c5a-233f5439fe38&ld=1532234967821"
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
728
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Sun, 22 Jul 2018 04:49:28 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
44b1d66c-4d81-4fee-bdea-6f1c650f1575
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
set-cookie
fly_session=f3c1354fm183il72km97eo1rf5; path=/; domain=.zdnet.com; secure; HttpOnly
accept-ranges
bytes
expires
Sun, 22 Jul 2018 04:49:28 GMT
/
www.zdnet.com/m3d0s1/xhr/right-rail/ 		9 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/m3d0s1/xhr/right-rail/?promo=2150&count=3&siteId=2&rsid=cnetzdnetglobalsite&sl=en&sc=eu&pagetype=article&topicname=security&secondarytopicnames=&topicbrcrm=editorial&assetguid=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&assettitle=this+new+windows+malware+wants+to+add+your+pc+to+a+botnet+-+or+worse&assettype=content_article&devicetype=desktop&viewguid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&upId=144126648&template=right-rail
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2b0cc01c6d9ba0434daba1f7354593670b85736dc15108322e8080e1c35051ba
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/m3d0s1/xhr/right-rail/?promo=2150&count=3&siteId=2&rsid=cnetzdnetglobalsite&sl=en&sc=eu&pagetype=article&topicname=security&secondarytopicnames=&topicbrcrm=editorial&assetguid=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&assettitle=this+new+windows+malware+wants+to+add+your+pc+to+a+botnet+-+or+worse&assettype=content_article&devicetype=desktop&viewguid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&upId=144126648&template=right-rail
pragma
no-cache
cookie
fly_device=desktop; nemo_highlander-author_focus=author_focus%3a1%3aexclude; fly_default_edition=eu; fly_preferred_edition=eu; fly_geo={"countryCode": "de"}; _ccmsi=1532234966144_ch8yfzygo|1532234966144; _ccmaid=5978151431620008567; zdnet_ad=%7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22uk%22%2C%22session%22%3A%22d%22%2C%22subSession%22%3A%223%22%7D; first_page_today=false; LDCLGFbrowser=8f61f3dc-bf11-43f0-98ab-873057bea1a0; XCLGFbrowser=Ale/hVtUDNZnUDUY5js; s_vnum=1534826966591%26vn%3D1; s_invisit=true; s_getNewRepeat=1532234966592-New; s_lv_zdnet=1532234966593; s_lv_zdnet_s=First%20Visit; AMCVS_10D31225525FF5790A490D4D%40AdobeOrg=1; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=-894706358%7CMCMID%7C08063460859201155262321281788580464522%7CMCAAMLH-1532839766%7C9%7CMCAAMB-1532839767%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1532242166s%7CNONE%7CMCAID%7C2DAA066B85311112-6000010D200041A0%7CvVersion%7C2.3.0; s_cc=true; aam_uuid=08216931432766049902333237949992780530; viewGuid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f; utag_main=v_id:0164c05224050018ffe971baf6fe00078006107000b08$_sn:1$_ss:0$_st:1532236767786$ses_id:1532234966022%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; RT="sl=1&ss=1532234964909&tt=2908&obo=0&bcn=%2F%2F36c3f470.akstat.io%2F&sh=1532234967821%3D1%3A0%3A2908&dm=zdnet.com&si=33a5d14a-2b98-41d3-9c5a-233f5439fe38&ld=1532234967821"; upid_144126648=1
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
1432
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Sun, 22 Jul 2018 04:49:28 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
a776c373-7398-437a-b1b4-6f0da8ca4c06
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Sun, 22 Jul 2018 04:49:28 GMT
5b509c9c60b27d5da4b65e4e-1280x7201jul192018194226poster.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/07/19/b0b36542-a7d6-4116-8f80-ef31fa96bf0d/thumbnail/170x128/5a1b0b7169eb5885ad4b921fd567d0ff/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/07/19/b0b36542-a7d6-4116-8f80-ef31fa96bf0d/thumbnail/170x128/5a1b0b7169eb5885ad4b921fd567d0ff/5b509c9c60b27d5da4b65e4e-1280x7201jul192018194226poster.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ba08ed4e0eb264ade74a0c2ce7f76abf37c0f8ffee9b2a4abe2828af2283d423

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:27 GMT
content-encoding
gzip
last-modified
Fri, 20 Jul 2018 16:29:47 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
8445
expires
Thu, 20 Sep 2018 04:49:27 GMT
5b5143f160b27d5da4b67bb8-1280x7201jul20201832747poster.jpg
zdnet1.cbsistatic.com/hub/i/r/2018/07/20/0252efa5-16c4-4f2d-b13f-52a8cde5477d/thumbnail/170x128/acf86c49cba587beeb0c0e3f4816bcc8/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2018/07/20/0252efa5-16c4-4f2d-b13f-52a8cde5477d/thumbnail/170x128/acf86c49cba587beeb0c0e3f4816bcc8/5b5143f160b27d5da4b67bb8-1280x7201jul20201832747poster.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ba500ec2b8fe5369597f8a979c3393a461483bcaaaa0c4820b99229c80c43ebb

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Fri, 20 Jul 2018 05:13:09 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
5545
expires
Thu, 20 Sep 2018 04:49:28 GMT
5b4f134c60b2a794676447cc-1280x7201jul19201871831poster.jpg
zdnet2.cbsistatic.com/hub/i/r/2018/07/19/4eeee96c-d127-438b-8f80-e7fcd25b84e2/thumbnail/170x128/581291e53396a80360324695920594b7/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2018/07/19/4eeee96c-d127-438b-8f80-e7fcd25b84e2/thumbnail/170x128/581291e53396a80360324695920594b7/5b4f134c60b2a794676447cc-1280x7201jul19201871831poster.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
84e27fba98543bded8b9013706847dad1dfa409edd8c4d333e1d7e409f10c4d9

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Thu, 19 Jul 2018 10:04:33 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
4070
expires
Thu, 20 Sep 2018 04:49:28 GMT
5b4e0cbc60b27d5da4b5f149-1280x7201jul182018111448poster.jpg
zdnet1.cbsistatic.com/hub/i/r/2018/07/18/72faa613-c685-4b83-b180-13c8a3175904/thumbnail/170x128/42762a91dc0309a3cb72d5407f4f9921/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2018/07/18/72faa613-c685-4b83-b180-13c8a3175904/thumbnail/170x128/42762a91dc0309a3cb72d5407f4f9921/5b4e0cbc60b27d5da4b5f149-1280x7201jul182018111448poster.jpg
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0ee1ac9b8205d664f3c96351689cb427dffc3d6efac40ba6a0bea9e4ae1154b6

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Wed, 18 Jul 2018 14:26:39 GMT
server
nginx
status
200
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
http://origin.img.hub.zdnet.com
cache-control
max-age=5184000
timing-allow-origin
*
content-length
3451
expires
Thu, 20 Sep 2018 04:49:28 GMT
cs.js
sb.scorecardresearch.com/c2/3005086/ 		0
400 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/c2/3005086/cs.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1775.js?utv=ut4.43.201807022325
Protocol
HTTP/1.1
Server
104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Apr 2011 23:11:26 GMT
ETag
"d41d8cd98f00b204e9800998ecf8427e:1349196464"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=259200
Connection
keep-alive
Content-Length
20
Expires
Wed, 25 Jul 2018 04:49:28 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=3005086&ns__t=1532234968004&ns_c=UTF-8&c8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&c...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1532234968004&ns_c=UTF-8&c8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1532234968004&ns_c=UTF-8&c8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&c9=
Protocol
HTTP/1.1
Server
104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1532234968004&ns_c=UTF-8&c8=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&c9=
Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
/
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		49 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_3xeBFJDuSs0SRW5&Q_LOC=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.277.js?utv=ut4.43.201807022325
Protocol
SPDY
Server
104.111.228.222 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-228-222.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c582a9af2c0c9cb257ad0f752dfae340f29bb44e9682d45fa462ab68fe10c8d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
status
200
cache-control
public, max-age=60
strict-transport-security
max-age=31536000; includeSubDomains; preload
servershortname
content-type
application/javascript
content-length
12212
expires
Sun, 22 Jul 2018 04:50:28 GMT
m
secure-us.imrworldwide.com/cgi-bin/
Redirect Chain
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/&rp=&ts=compact&rnd=153223...
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/&rp=&ts=compact&rnd=153223...
44 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/&rp=&ts=compact&rnd=1532234968006&ja=1
Protocol
HTTP/1.1
Server
138.108.96.100 Schaumburg, United States, ASN16477 (ACNIELSEN-AS - ACNIELSEN, US),
Reverse DNS
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Server
nginx
P3P
P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=5
Content-Length
44
Expires
Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Server
nginx
P3P
P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Location
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/&rp=&ts=compact&rnd=1532234968006&ja=1
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=5
Content-Length
0
Expires
Thu, 01 Dec 1994 16:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
5616a7380d74a78a42cd93efda3c9d277c3d66c189f2580b825f696af388b7f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
13314
x-xss-protection
0
pragma
public
x-fb-debug
Devn3OnpKjCc/cp6Zsvo8KsE4rpUDHX+/X+F0+4LVLzmsE4iblbQnCETU4U/vxhSWYl5jzaSZf2vyVunVukaZw==
date
Sun, 22 Jul 2018 04:49:28 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
headerstats
as-sec.casalemedia.com/ 		0
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=182823&u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&v=2
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
HTTP/1.1
Server
2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Server
Apache
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Sun, 22 Jul 2018 04:49:28 GMT
advertisement-d41d8cd98f-rev.js
zdnet2.cbsistatic.com/fly/js/utils/ 		0
167 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/utils/advertisement-d41d8cd98f-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
last-modified
Wed, 25 Oct 2017 10:04:06 GMT
server
nginx
content-type
application/x-javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
0
expires
Sun, 29 Jul 2018 04:49:28 GMT
comscore.streaming.6.1.1.171219.min.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/comscore/ 		104 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/comscore/comscore.streaming.6.1.1.171219.min.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
081873caa83744b6d819ab294b08927e20b60841dd8f23a87c2a57e15f65591c

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Mon, 26 Mar 2018 15:42:35 GMT
server
Apache
etag
"c3c30c0ebfc35a9426296256fc3133d8:1522078959"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=2592000
accept-ranges
bytes
content-length
18881
expires
Tue, 21 Aug 2018 04:49:28 GMT
fly-disqus-count-1f604770a3-rev.js
zdnet2.cbsistatic.com/fly/js/components/ 		882 B
672 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/components/fly-disqus-count-1f604770a3-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b2ab8784d5ca4bc5e4e1990ba55c6d9f041b8fe8cf41ad9afa37bc1c3dd12756

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Fri, 25 May 2018 17:24:03 GMT
server
nginx
etag
"5b0846b3-372"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
460
expires
Sun, 29 Jul 2018 04:49:28 GMT
4083-12969.js
www.everestjs.net/dl/4083/ 		484 B
655 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/dl/4083/4083-12969.js
Requested by
Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol
HTTP/1.1
Server
104.111.240.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-240-158.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1d4d518e1da495fb6d6d8b3d86bba79d7597b61b466e71c45cdb09ed79659c53

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Mon, 25 Nov 2013 14:23:10 GMT
Server
Apache
ETag
"4a5a49-1e4-4ec011a776f80"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=12357
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
288
Expires
Sun, 22 Jul 2018 08:15:25 GMT
v
pixel.everesttech.net/4083/ 		128 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/4083/v?ev___loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&ev___ref=%2F%2F
Protocol
HTTP/1.1
Server
66.117.28.68 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Last-Modified
Wed, 19 Oct 2016 22:11:25 GMT
Server
Apache
ETag
"9c37b1-80-53f3f17013d40"
Vary
Cookie
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=15, max=988975
Content-Length
128
1x1
pixel.everesttech.net/
Redirect Chain
  • https://cm.everesttech.net/cm
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=VzFRTTF3QUFCTXR3R3ozMw
  • https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEE8sXZyNNXxEbuLOrzT-v-o&google_cver=1
  • https://pixel.everesttech.net/1x1
128 B
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/1x1
Protocol
HTTP/1.1
Server
66.117.28.68 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Last-Modified
Wed, 19 Oct 2016 22:11:25 GMT
Server
Apache
ETag
"4436fc-80-53f3f17013d40"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=987964
Content-Length
128

Redirect headers

Date
Sun, 22 Jul 2018 04:49:27 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://pixel.everesttech.net/1x1
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
ring-animated.svg
zdnet2.cbsistatic.com/fly/1529513762-fly/bundles/zdnetcss/images/video/ 		704 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1529513762-fly/bundles/zdnetcss/images/video/ring-animated.svg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd

Request headers

Referer
https://zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-ffc487298f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 16:56:02 GMT
server
nginx
status
200
etag
"5b2a8722-2c0"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=28815387
accept-ranges
bytes
timing-allow-origin
*
content-length
364
expires
Thu, 20 Jun 2019 17:05:55 GMT
309391486091569
connect.facebook.net/signals/config/ 		62 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/309391486091569?v=2.8.23&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
SPDY
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
2fc69be9e352bf751667fa720596a24389a6e6b1d4ac5e901c392e7f7cc4e034
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
14368
x-xss-protection
0
pragma
public
x-fb-debug
AeVyY0q2iCkmZYFlR20/n6iG8whpkskFif52dGRnVQkv2ACvghPe71k7yKSbqFBrJlio3rIQeBv5AnHu0dWd9Q==
x-frame-options
DENY
date
Sun, 22 Jul 2018 04:49:28 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
ima3.js
s0.2mdn.net/instream/html5/ 		230 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/html5/ima3.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
SPDY
Server
2a00:1450:4001:81d::2006 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
79941af6b0e853b3636f40703ecaa06c1fba2646a66e1eb0a1762704317be10c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
80481
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:28 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1532234968071&s=ed3dd2e083233ff1dcf0d0df3efd8b91ffc577f5a43ad7e48af560c588c6cf53
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Server
104.108.48.32 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-48-32.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1edfaa2112f760a6430968fe0cd15bc1f1db68f2aa4fe7da5336d7034054f39

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
708
embed.js
zdnet-1.disqus.com/ 		63 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet-1.disqus.com/embed.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
HTTP/1.1
Server
151.101.12.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
openresty /
Resource Hash
1e917fc16cde2042e180fcddbb877ee1219faad4e9df360a550800b9daba533d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
21325
/
www.google.de/ads/user-lists/1036174608/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&amp;guid=ON&amp;script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&amp;guid=ON&amp;script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=2AxUW4X4B5HtgA...
  • https://www.google.com/ads/user-lists/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=897930739&crd=CKrPGw&cdct=2&is_vtc=1&random=1488855558
  • https://www.google.de/ads/user-lists/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=897930739&crd=CKrPGw&cdct=2&is_vtc=1&random=1488855558&ipr=y&ulfeg=n
42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/user-lists/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=897930739&crd=CKrPGw&cdct=2&is_vtc=1&random=1488855558&ipr=y&ulfeg=n
Protocol
SPDY
Server
2a00:1450:400f:80d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
adclick_server /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:28 GMT
x-content-type-options
nosniff
server
adclick_server
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sun, 22 Jul 2018 04:49:28 GMT
x-content-type-options
nosniff
server
adclick_server
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/user-lists/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=897930739&crd=CKrPGw&cdct=2&is_vtc=1&random=1488855558&ipr=y&ulfeg=n
cache-control
private, max-age=43200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
431
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:28 GMT
pixel
ad.yieldmanager.com/ 		0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.yieldmanager.com/pixel?id=2447099&t=2
Protocol
HTTP/1.1
Server
2a00:1288:110:422::3000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=3600

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Strict-Transport-Security
max-age=3600
Server
ATS
Connection
close
Content-Length
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Public-Key-Pins-Report-Only
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
s
pixel.everesttech.net/4083/ 		128 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/4083/s?s=12969
Protocol
HTTP/1.1
Server
66.117.28.68 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Last-Modified
Wed, 19 Oct 2016 22:11:25 GMT
Server
Apache
ETag
"143362-80-53f3f17013d40"
Vary
Cookie
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=15, max=997761
Content-Length
128
/
www.facebook.com/tr/ 		44 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=309391486091569&ev=PageView&dl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&rl=&if=false&ts=1532234968134&sw=1600&sh=1200&v=2.8.23&r=stable&a=tmtealium&ec=0&o=28&it=1532234968065
Protocol
SPDY
Server
2a03:2880:f12d:86:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Sun, 22 Jul 2018 04:49:28 GMT
adsense.js
asset.pagefair.com/adimages/ 		0
541 B 		Script
General
Check archive.org
Download Go to
Full URL
https://asset.pagefair.com/adimages/adsense.js
Requested by
Host: asset.pagefair.com
URL: https://asset.pagefair.com/measure.min.js?_=1532234967742
Protocol
HTTP/1.1
Server
23.111.9.30 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Mar 2018 17:19:01 GMT
Server
NetDNA-cache/2.2
x-amz-request-id
32909205DF9B2F54
ETag
"8193452d6ae440ec23eff2e1559d5461"
X-Cache
HIT
Content-Type
application/x-javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31
x-amz-id-2
EYNfz2cCUn6zl7aOOj3AyidFCBfhn3oZ5DTEs5N75jFPSwR7mz8W9k+r/4boL7XSni/xaAsKM9Q=
Expires
Mon, 23 Jul 2018 04:49:28 GMT
textlink-ads.jpg
asset.pagefair.net/adimages/ 		518 B
688 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://asset.pagefair.net/adimages/textlink-ads.jpg
Protocol
HTTP/1.1
Server
23.111.11.222 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
87bc265dda5e31597442c420def76eeadb5c516d016213a47f570c65d5558b72

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Mar 2018 17:19:02 GMT
Server
NetDNA-cache/2.2
x-amz-request-id
3B3139374314B953
ETag
"262857636d8f02be18171bed8e10c82b"
X-Cache
HIT
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
229
x-amz-id-2
kAgmjz7uy99RBO1HRq3ORiyKC/C9fXmt7ZeHnQSM+kCX92IAHwBnJDiV8xJAhAP7z6s/n+K8+i8=
textlink-ads.jpg
asset.pagefair.com/adimages/ 		518 B
726 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://asset.pagefair.com/adimages/textlink-ads.jpg
Protocol
HTTP/1.1
Server
23.111.9.30 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
87bc265dda5e31597442c420def76eeadb5c516d016213a47f570c65d5558b72

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Mar 2018 17:19:02 GMT
Server
NetDNA-cache/2.2
x-amz-request-id
5551CCB8D73DAFFC
ETag
"262857636d8f02be18171bed8e10c82b"
X-Cache
HIT
Content-Type
image/jpeg
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
229
x-amz-id-2
Jw+Wn2j9SHurfmn16dSDyQp4Q9202pgaRQJo4EQEgnjNkzPX0FO1pYT0zqaX4IuLhI+PQ/I1OXQ=
Expires
Mon, 23 Jul 2018 04:49:28 GMT
count.js
zdnet-1.disqus.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet-1.disqus.com/count.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1347-fly/js/libs/require-2.1.2.js
Protocol
HTTP/1.1
Server
151.101.112.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1890346
P3P
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 28 Jun 2018 20:30:54 GMT
Server
nginx
ETag
"5b35457e-367"
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=86400
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
a.js
stats.pagefair.com/stats/page_view_event/3393B7A52D1447DD/ 		25 B
722 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.pagefair.com/stats/page_view_event/3393B7A52D1447DD/a.js?wl_div_hid_t0=0&div_hid_t0=0&s_blk=0&wl_i_blk=0&i_blk=0&is_ab=0&is_wl=1&new_monthly=1&new_daily=1&_=1532234968181
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
HTTP/1.1
Server
52.209.124.253 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-124-253.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2671d72b96d6d9a1b8bbc1429048505ea6dbc3514daf22ab6dd6dfc8a70ce8d3

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:35 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
CP="NID DSP ALL COR"
Access-Control-Allow-Origin
https://www.zdnet.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript
Access-Control-Allow-Headers
Authorization,Content-Type,Accept,Origin,User-Agent,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-TOKEN
Content-Length
25
/
36c3f470.akstat.io/ 		0
354 B 		Other
General
Check archive.org
Download Go to
Full URL
https://36c3f470.akstat.io/
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Server
104.108.48.32 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-48-32.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Cache-Control
max-age=0
Origin
https://www.zdnet.com
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Sun, 22 Jul 2018 04:49:28 GMT
mux.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/ 		70 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/mux.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
SPDY
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3ae5d0f70dfeb1308462aaaa19d8326a6bd2d41781323b07db04cccffc09cf5f

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Mon, 26 Mar 2018 15:42:36 GMT
server
Apache
etag
"6ff5de35d5b5d1d667e341d5109a9c19:1522078959"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=2592000
accept-ranges
bytes
content-length
21978
expires
Tue, 21 Aug 2018 04:49:28 GMT
ggcmb510.js
cdn-gl.imrworldwide.com/novms/js/2/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
HTTP/1.1
Server
54.192.94.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-94-10.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 26 Jun 2018 21:10:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 26 Jun 2018 21:10:08 GMT
Server
AmazonS3
Age
27519
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
x-amz-version-id
VcFAeUXUptNrXnq1rWRdJRDC.fYfAuEh
Via
1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Cache-Control
max-age=86400
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
X-Amz-Cf-Id
mIg1hzV6UKsobfMh35o93U9OjMrcWRkt0C7HrOecHZtjtKiBaNVwkA==
AppMeasurement-2.3.0.min.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
SPDY
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4974c54f5183f50fd1f3c3d49c496fd79602f8159b6d393d3fab09e4433555dd

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Mon, 26 Mar 2018 15:42:35 GMT
server
Apache
etag
"d71ba6c9a930b6864408830c3e2705f9:1522078958"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=2592000
accept-ranges
bytes
content-length
27260
expires
Tue, 21 Aug 2018 04:49:28 GMT
VideoHeartbeat-2.0.2.min.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/ 		143 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
SPDY
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e08209b44a15fd9f6b9977d2580034e8d3da36542235802c2722ff8db4c0a461

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Mon, 26 Mar 2018 15:42:35 GMT
server
Apache
etag
"215943f0e77b4fcc9cc72b98a8ea1cfc:1522078958"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=2592000
accept-ranges
bytes
content-length
28977
expires
Tue, 21 Aug 2018 04:49:28 GMT
truncated
/ 		2 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e9696aabfbb60803028b14636581f459404cea187d0c0c50b7d4d5cf8e1a3b1

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
video/mp4
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
glcfg510.js
cdn-gl.imrworldwide.com/novms/js/2/configs/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol
HTTP/1.1
Server
54.192.94.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-94-10.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 26 Jun 2018 21:10:44 GMT
Content-Encoding
gzip
Last-Modified
Tue, 26 Jun 2018 21:10:07 GMT
Server
AmazonS3
Age
27517
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
x-amz-version-id
9ZRjlDcYBDcvoCUSuqOgTNg_VxQgklXF
Via
1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Cache-Control
max-age=86400
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
X-Amz-Cf-Id
sBPM_wsfFcKgjmlDngf_rl7ob5yclejfTKNG7joKarQ3sNiGYJYV-A==
id
dpm.demdex.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&d_mid=08063460859201155262321281788580464522&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=AVID%012DAA066B85311112-6000010D200041A0&d_cid_ic=userId%01&d_cid_ic=puuid%01&ts=1532234968291
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Protocol
HTTP/1.1
Server
34.214.245.56 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-214-245-56.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
b663028aac33a1a6ed8af45be45a220d009ba3395a3bee22a45db024d6d94859

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
usw2-prod-dcs-07f134cfc.edge-usw2.demdex.com 5.34.2.20180719143257 9ms
Pragma
no-cache
Content-Encoding
gzip
X-Error
300,300
X-TID
9BHa+2zhRLg=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
748
Expires
Thu, 01 Jan 1970 00:00:00 GMT
bridge3.221.0_en.html
imasdk.googleapis.com/js/core/ Frame 5209 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.221.0_en.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.221.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
160811
date
Tue, 17 Jul 2018 13:51:34 GMT
expires
Wed, 17 Jul 2019 13:51:34 GMT
last-modified
Mon, 16 Jul 2018 20:41:13 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
age
399474
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
client.js
s0.2mdn.net/instream/video/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js
Protocol
SPDY
Server
2a00:1450:4001:81d::2006 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
10523
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:28 GMT
play.svg
zdnet2.cbsistatic.com/fly/1529513762-fly/bundles/zdnetcss/images/video/ 		299 B
423 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1529513762-fly/bundles/zdnetcss/images/video/play.svg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d5e9dfd6066c2872be4f85c25aa0186402b124ea3f80152e2e2b767906793284

Request headers

Referer
https://zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-ffc487298f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 16:56:02 GMT
server
nginx
status
200
etag
"5b2a8722-12b"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=28815491
accept-ranges
bytes
timing-allow-origin
*
content-length
213
expires
Thu, 20 Jun 2019 17:07:39 GMT
default-se4908240cd.png
zdnet2.cbsistatic.com/fly/images/sprites/video/controls/1x/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/images/sprites/video/controls/1x/default-se4908240cd.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1347-fly/js/main.default.js
Protocol
SPDY
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
de4b8c1882f3c5f3e8d7ed920d1f4f31865ee05228fa7c60800656f3b279287d

Request headers

Referer
https://zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-ffc487298f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Wed, 25 Oct 2017 10:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
7728
expires
Sun, 29 Jul 2018 04:49:28 GMT
/
www.zdnet.com/video/selector/botnet-beast-how-to-slay-the-ddos-dragon/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/video/selector/botnet-beast-how-to-slay-the-ddos-dragon/?acp=sz%3D640x483%26iu%3D%2F8264%2Fvaw-zdnet%2Fdesktop%2Fzdnet%26ciu_szs%3D300x60%26impl%3Ds%26gdfp_req%3D1%26env%3Dvp%26output%3Dxml_vmap1%26unviewed_position_start%3D1%26url%3Dhttps%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%26description_url%3Dhttps%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%26correlator%3D1532234968330%26cmsid%3D2289%26vid%3DJEssb0_X9L1x8vzDYHK_jf_A418s7NCq%26pp%3Dvpaid_js%26cust_params%3Dvid%253DJEssb0_X9L1x8vzDYHK_jf_A418s7NCq%2526ptype%253Darticle%2526vguid%253Dae1b85eb-b336-487d-9ab0-bd57117a2b4f%2526session%253Dd%2526subses%253D3%2526microsite%253D%2526campaign%253D%2526cid%253Dthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2526collection%253D%2526mfr%253D%2526carrier%253D%2526section%253Deditorial%2526userGroup%253D%2526tag%253D%2526edition%253D%2526test%253D%2526score%253D%2526feat%253D%2526subcollection%253D%2526topic%253Dsecurity%2526sectopic%253D&m=%2Fvideo%2Fmanifest%2Fbotnet-beast-how-to-slay-the-ddos-dragon.m3u8%3Fdevice%3Dott%26change-to-host%3Dtechrepublicmedia.akamaized.net%26secure%3Dtrue&callback=uvpHandleJsonpResult
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d7a5a2238d8569ea642f512280f5716bf64431e6dc483f914227c235cf84aae0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/video/selector/botnet-beast-how-to-slay-the-ddos-dragon/?acp=sz%3D640x483%26iu%3D%2F8264%2Fvaw-zdnet%2Fdesktop%2Fzdnet%26ciu_szs%3D300x60%26impl%3Ds%26gdfp_req%3D1%26env%3Dvp%26output%3Dxml_vmap1%26unviewed_position_start%3D1%26url%3Dhttps%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%26description_url%3Dhttps%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F%26correlator%3D1532234968330%26cmsid%3D2289%26vid%3DJEssb0_X9L1x8vzDYHK_jf_A418s7NCq%26pp%3Dvpaid_js%26cust_params%3Dvid%253DJEssb0_X9L1x8vzDYHK_jf_A418s7NCq%2526ptype%253Darticle%2526vguid%253Dae1b85eb-b336-487d-9ab0-bd57117a2b4f%2526session%253Dd%2526subses%253D3%2526microsite%253D%2526campaign%253D%2526cid%253Dthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2526collection%253D%2526mfr%253D%2526carrier%253D%2526section%253Deditorial%2526userGroup%253D%2526tag%253D%2526edition%253D%2526test%253D%2526score%253D%2526feat%253D%2526subcollection%253D%2526topic%253Dsecurity%2526sectopic%253D&m=%2Fvideo%2Fmanifest%2Fbotnet-beast-how-to-slay-the-ddos-dragon.m3u8%3Fdevice%3Dott%26change-to-host%3Dtechrepublicmedia.akamaized.net%26secure%3Dtrue&callback=uvpHandleJsonpResult
pragma
no-cache
cookie
fly_device=desktop; nemo_highlander-author_focus=author_focus%3a1%3aexclude; fly_default_edition=eu; fly_preferred_edition=eu; fly_geo={"countryCode": "de"}; _ccmsi=1532234966144_ch8yfzygo|1532234966144; _ccmaid=5978151431620008567; zdnet_ad=%7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22uk%22%2C%22session%22%3A%22d%22%2C%22subSession%22%3A%223%22%7D; first_page_today=false; LDCLGFbrowser=8f61f3dc-bf11-43f0-98ab-873057bea1a0; XCLGFbrowser=Ale/hVtUDNZnUDUY5js; s_vnum=1534826966591%26vn%3D1; s_invisit=true; s_getNewRepeat=1532234966592-New; s_lv_zdnet=1532234966593; s_lv_zdnet_s=First%20Visit; AMCVS_10D31225525FF5790A490D4D%40AdobeOrg=1; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=-894706358%7CMCMID%7C08063460859201155262321281788580464522%7CMCAAMLH-1532839766%7C9%7CMCAAMB-1532839767%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1532242166s%7CNONE%7CMCAID%7C2DAA066B85311112-6000010D200041A0%7CvVersion%7C2.3.0; s_cc=true; aam_uuid=08216931432766049902333237949992780530; viewGuid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f; utag_main=v_id:0164c05224050018ffe971baf6fe00078006107000b08$_sn:1$_ss:0$_st:1532236767786$ses_id:1532234966022%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; RT="sl=1&ss=1532234964909&tt=2908&obo=0&bcn=%2F%2F36c3f470.akstat.io%2F&sh=1532234967821%3D1%3A0%3A2908&dm=zdnet.com&si=33a5d14a-2b98-41d3-9c5a-233f5439fe38&ld=1532234967821"; upid_144126648=1; bm_last_load_status=NOT_BLOCKING; bm_monthly_unique=true; bm_daily_unique=true; zdnetSettingsPermanent=%7B%22autoplayEnabled%22%3A%22on%22%7D
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.zdnet.com
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
:scheme
https
:method
GET
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
984
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Sun, 22 Jul 2018 04:49:28 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
3ea94cfe-c0fe-41eb-9ae7-524d3f876da7
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Sun, 22 Jul 2018 04:49:28 GMT
e.gif
dw.cbsi.com/levt/video/ 		43 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dw.cbsi.com/levt/video/e.gif?bitrate=0&blockcntry=&codec=&componentid=9d78f5808d6a11e89ef2cfb26f12067b&contsessid=&device=type%3Adesktop%3Bos%3Aos%2520x%3Bver%3A10.13.5%3Bscreensz%3A1600x1200&distntwrk=&encodeprfl=&event=init&eventdur=0&gestval=&ip=&mapp=UVPJS%3B2.8.3&medastid=0&medid=0&medlength=0&mednum=0&medrls=&medtime=0&medtitle=&medtype=0&mso=&pageurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&part=zdnet&playerembed=0&playersz=&playertime=0&qosnum=0&recommend=&relsessid=&sdlvrytype=&siteid=2&sponsored=&srchost=www.zdnet.com&subj=&ts=1532234968286&ua=&ursuid=&usrbndwdth=0&v16=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&v17=security&v18=security&v19=article&v20=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&v21=desktop%2520web&v22=&v23=cnetzdnetglobalsite&v25=anon&v26=&videosz=&volume=0
Protocol
HTTP/1.1
Server
64.30.224.172 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx1-dw-cbsi-xw-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Server
Apache/2.4.25
Vary
*
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate, no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=80, max=360
Content-Length
43
Expires
Fri, 23 Jan 1970 12:12:12 GMT
PF7B87067-BF4D-F80F-E040-070AAD316CE6.js
cdn-gl.imrworldwide.com/conf/ 		40 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/conf/PF7B87067-BF4D-F80F-E040-070AAD316CE6.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Protocol
HTTP/1.1
Server
54.192.94.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-94-10.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
767ac875d0dc66c8aa26888d3bcb142901d56e0e69762d142b64b61dba872b68

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:40:41 GMT
Content-Encoding
gzip
Last-Modified
Sun, 22 Jul 2018 04:24:21 GMT
Server
AmazonS3
Age
528
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
x-amz-version-id
Wn6A7MW2YblyBF0yLBsD.zi_v_dGLEy6
Via
1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
X-Amz-Cf-Id
D7RcaSmoIDWeIacB8ToplXzZWs5aEuFz1SYG7JTdqSpL9jCZQPoR3g==
count-data.js
zdnet-1.disqus.com/ 		243 B
766 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet-1.disqus.com/count-data.js?1=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/count.js
Protocol
HTTP/1.1
Server
151.101.112.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
193afc65cb0fdd68b7339da5f62fd8ae689e51cc812b52ae12a3d38d24afb18a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary
Accept-Encoding
Cache-Control
public, max-age=600
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
205
X-XSS-Protection
1; mode=block
nlsSDK600.bundle.min.js
cdn-gl.imrworldwide.com/novms/js/2/ 		147 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PF7B87067-BF4D-F80F-E040-070AAD316CE6.js
Protocol
HTTP/1.1
Server
54.192.94.10 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-94-10.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
266f769c26eaf0afda122baeec73cf9548eaba0d1fb8c78d65b1e45f91a3f96e

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 26 Jun 2018 21:10:44 GMT
Content-Encoding
gzip
Last-Modified
Tue, 26 Jun 2018 21:10:09 GMT
Server
AmazonS3
Age
27522
x-amz-server-side-encryption
AES256
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
x-amz-version-id
5cwUTY1YBWDYYz7wVApcPpBPjk.2ok3h
Via
1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Cache-Control
max-age=86400
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
X-Amz-Cf-Id
UGH3kLAHJKiYPpVKqKjIfgM804BQkb1ImKtv_jiV-I1W2RKXku9Yuw==
lounge.3999ac261b914f8b8b5e85df0ff3eaea.css
c.disquscdn.com/next/embed/styles/ 		96 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.3999ac261b914f8b8b5e85df0ff3eaea.css
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/embed.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
84c3e9dd0a587bebc22dad106e0ea25041a0a3b1e5dd14e740673b93f03e4061
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
18579
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Thu, 31 May 2018 21:35:08 GMT
server
cloudflare
fastly-debug-digest
cc3dd3c1cbf28cc886187eca3aabbd13e26c8c8bdb874f855caaa0f69188bf15
etag
"5b106a8c-4893"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
43e347e89f3764a5-FRA
expires
Fri, 31 May 2019 21:43:09 GMT
common.bundle.40e1175903c8bfb9e65177eace372a69.js
c.disquscdn.com/next/embed/ 		242 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.40e1175903c8bfb9e65177eace372a69.js
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/embed.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
506d37ceb33160257caca58ab2e5cf15b51974fef652ff5550843e0dd2f2fdbd
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
82694
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Wed, 11 Jul 2018 09:54:06 GMT
server
cloudflare
fastly-debug-digest
69cf3d2af786e69f975867fefa4b08a9eb6a26a3fc413a05421ccd6ed8196578
etag
"5b45d3be-14306"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
43e347e89f3864a5-FRA
expires
Tue, 16 Jul 2019 20:41:42 GMT
lounge.bundle.2540bb2ef6fac66d558411d802126c7e.js
c.disquscdn.com/next/embed/ 		349 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.2540bb2ef6fac66d558411d802126c7e.js
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/embed.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e14d7cb3c05478a6241bc97f40ac9ee596676199aa4c95ddf4725bd94fd1e6b3
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
93492
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Tue, 17 Jul 2018 23:43:53 GMT
server
cloudflare
fastly-debug-digest
9733e420474f34f62f61eea6d8ef97046693f50f72a2270b148dc112f966b070
etag
"5b4e7f39-16d34"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
43e347e89f3964a5-FRA
expires
Wed, 17 Jul 2019 23:49:41 GMT
config.js
disqus.com/next/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/embed.js
Protocol
HTTP/1.1
Server
151.101.0.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
d7dd169aa6c16b4261468e7e721c83bd59a7b66bf05406f691bf69bdb5d43206
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
61
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2178
X-XSS-Protection
1; mode=block
Server
nginx
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin
*
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/ Frame 4EEF 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 16 Jul 2018 13:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485999
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26170
x-xss-protection
1; mode=block
server
cafe
etag
10782178046593131600
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:29 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 4EEF 		283 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 Jul 2018 15:56:03 GMT
Server
AmazonS3
x-amz-request-id
70BC386FC9B23DCD
ETag
"ea1622d80a6b8f8a8a50f8492853a974"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58339
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88976
x-amz-id-2
pE6DMUUfQX+vWKBCzN0yPeX//RMyrek6lxj5VtH1d/B3hEogENKoUaxsi2cZSPPRIwsZysp/41c=
osd.js
pagead2.googlesyndication.com/pagead/ 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
98967be95015e8c9218a2d31f44b5335c8eeb5fd9c3a5eddd5e779280c87f771
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:09:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2427
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26232
x-xss-protection
1; mode=block
server
cafe
etag
10899681090142805410
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sun, 22 Jul 2018 05:09:01 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/ Frame 8884 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 16 Jul 2018 13:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485999
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26170
x-xss-protection
1; mode=block
server
cafe
etag
10782178046593131600
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:29 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 8884 		283 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 Jul 2018 15:56:03 GMT
Server
AmazonS3
x-amz-request-id
70BC386FC9B23DCD
ETag
"ea1622d80a6b8f8a8a50f8492853a974"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58339
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88976
x-amz-id-2
pE6DMUUfQX+vWKBCzN0yPeX//RMyrek6lxj5VtH1d/B3hEogENKoUaxsi2cZSPPRIwsZysp/41c=
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame E880 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_233.js?cb=234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-29/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 19 Jul 2018 09:15:13 GMT
expires
Fri, 19 Jul 2019 09:15:13 GMT
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, immutable, max-age=31536000
age
243255
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
/
servedby.flashtalking.com/imp/1/94362;3207612;201;js;CBSi;UKCBSiZDNet300x600/ Frame 922E 		903 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servedby.flashtalking.com/imp/1/94362;3207612;201;js;CBSi;UKCBSiZDNet300x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&cachebuster=463953.6308840011
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
prod-xre-app4.frk11 /
Resource Hash
cdffb35e3c07cc5dfb8e052efa4486811a1463c7f87421781bc5d2bf39b3b055

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Server
prod-xre-app4.frk11
X-HW
1532234968.dop007.fr8.t,1532234968.cds014.fr8.shn,1532234968.dop007.fr8.t,1532234968.cds019.fr8.sc,1532234968.cds019.fr8.p
P3P
policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Type
text/javascript
Content-Length
903
Expires
Fri, 01 Jan 1990 00:00:00 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/ Frame 922E 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 16 Jul 2018 13:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485999
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26170
x-xss-protection
1; mode=block
server
cafe
etag
10782178046593131600
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:29 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 922E 		283 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 Jul 2018 15:56:03 GMT
Server
AmazonS3
x-amz-request-id
70BC386FC9B23DCD
ETag
"ea1622d80a6b8f8a8a50f8492853a974"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58339
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88976
x-amz-id-2
pE6DMUUfQX+vWKBCzN0yPeX//RMyrek6lxj5VtH1d/B3hEogENKoUaxsi2cZSPPRIwsZysp/41c=
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame 5C60 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_233.js?cb=234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-29/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 19 Jul 2018 09:15:13 GMT
expires
Fri, 19 Jul 2019 09:15:13 GMT
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, immutable, max-age=31536000
age
243255
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame 8248 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_233.js?cb=234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-29/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 19 Jul 2018 09:15:13 GMT
expires
Fri, 19 Jul 2019 09:15:13 GMT
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, immutable, max-age=31536000
age
243255
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame 74A1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_233.js?cb=234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-29/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 19 Jul 2018 09:15:13 GMT
expires
Fri, 19 Jul 2019 09:15:13 GMT
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, immutable, max-age=31536000
age
243255
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
adKit.min.js
rev.cbsi.com/common/js/ Frame B53C 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rev.cbsi.com/common/js/adKit.min.js?2016375484
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
576e8bf4510a62d7cdcfedd8b749f3039d0c5aa8b2bdfe2e38a44645e0f982e4

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
last-modified
Mon, 07 Nov 2016 21:14:51 GMT
server
Apache
etag
"61acd092be7016e54f2dac81f3076225:1478553291"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
accept-ranges
bytes
content-length
2158
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/ Frame B53C 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 16 Jul 2018 13:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485999
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26170
x-xss-protection
1; mode=block
server
cafe
etag
10782178046593131600
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:29 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame B53C 		283 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js?v=234
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 Jul 2018 15:56:03 GMT
Server
AmazonS3
x-amz-request-id
70BC386FC9B23DCD
ETag
"ea1622d80a6b8f8a8a50f8492853a974"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58339
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88976
x-amz-id-2
pE6DMUUfQX+vWKBCzN0yPeX//RMyrek6lxj5VtH1d/B3hEogENKoUaxsi2cZSPPRIwsZysp/41c=
view
securepubads.g.doubleclick.net/pcs/ Frame 4EEF 		0
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRxqFVtemq81GlBTzpehrJr5TZw5UhHj18msd6FXJQ0tzfTf5boUkVE9MZb4bZc8WkhMcl_PRAapkZcNc5K9RugE0v37aJnVU2OHwNcADjnBWRTrlabMdKIdUSARMXtLWyMsoc2kuDDz-qKjShXvg3CXyVWAbQjXkkiC5pDncLjlAivPnVg0Mo-3exUuOj-lQxgaUXIGhQvQO3tItuxb5pFhEwgfstLXdaZPzlwRpMUzxwFDyjeTvZ70Eyn_LX&sai=AMfl-YRabqrRQzE2DvhH6JcCXCX9ciKaytok1XOLagBcMkXBEDGo6OaUnzX1lV3CQmWWvPop080iEzMECHF_dDBmYv2elx8cJwqdb79uSJioblMcBU5IlWIbr0x_oTo&sig=Cg0ArKJSzJkXziMptB-7EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control
private
content-type
text/html; charset=UTF-8
view
securepubads.g.doubleclick.net/pcs/ Frame 8884 		0
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstzBd7_6EwD0doh7dhCVg1CdPP1f3kl27Ic46No93TbGcKUICER2q46pj9blq0l9HlNt5Iwc8jEO7bS6OCb-DpyOy83AzbB8ih7TDEBjtqdRg95SGVBRQlqUbS1tbatuzgoWXK4pAZaHa-ED8zBRWgkP36fMCWXmtB6YUcVz8DlQ_l9qIrzu7kSsYDBC1yeIIZHcILzvtKe1-er4tXN72WSKO4jABSXg29tw0GJ5Fw-D2Y79smE55-8tj2Z&sai=AMfl-YTfW1AErOQnp2_Zx6VOY6SkU44uHvfV4f_sO6DgL0WfVx_U32w5HfANaTfUpP01nEdWsCXH7nCDYHFtB8zPEaD9lwcyftzIJwa9Pur5K4AUweclQR0WGEpDnmQ&sig=Cg0ArKJSzMF5ZNcUmR9PEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control
private
content-type
text/html; charset=UTF-8
view
securepubads.g.doubleclick.net/pcs/ Frame 922E 		0
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRj0nG2SbHwVKhD_P80aQ3DlqU2JEO09DB2WQaDlnJ_3WW63aTb6UD_L77e1MvWMFH3HwwlQSn45oAF2q3mBJH8lqLSYAOQi1B-zlaZxk6Ma7apUyycb2GsGC7wuZ4R6WRVQd-DOuIXrt0rAbFdfc4MzjP26YKggwebZPSNPuXA5H01i8spgvZEeFZ-MaapZEJfZIStECk58rTC8nkPcy5bLLG2a_FkuVmdT9uCIWF1tZrSE8DIrI9wE92HrNiug&sai=AMfl-YSEHgPGZj8zTd3QHm47LJZ_-z8Q8-X48cm9RkpJsAK4LfdUOUu8sQMPCkqAc46Xh_jcMHUKXwLLBnA90lqHuU_0lEU0KaYZHHxNbONr9wn3-i206rFm-fxiLsc&sig=Cg0ArKJSzPP_Ec6Lsld_EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control
private
content-type
text/html; charset=UTF-8
view
securepubads.g.doubleclick.net/pcs/ Frame B53C 		0
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsts7oaRpl7pdn3MCt8pN0C-fom9BnVRiXxS8PBbs5_FD_B4w9XEcGir09xy7mUL20FSFV-Hz_L7HBRXeg8LocECQ0n9ze1MmSeLGJli-GcBAzeZvts9xMK-tAz4xQMU8B1e8n8-O5xY29yHhYA2NHe5fcDv5vgR5jq5lvwsrOQbDHvYcDVPv2CT6SjLmsKZvelt4KZOW2chs-dIfz1qaSEwrgKDxtI7tiPc8zrFt52GSdxJnt28k5tUdduGiIM&sai=AMfl-YQqjQqSAjkBOftw29glaFG8qj04XdFYRay8NKGi7QZNOCjbHrtb7IT5Yz5IWUIzAsLEZkLu6WTMqocdkldn4QorqOKUIiTu0_gFDPARARn0fk8HjUavmwBZDt4&sig=Cg0ArKJSzG4GpMnIcyn3EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control
private
content-type
text/html; charset=UTF-8
j-3207612-2249815.js
cdn.flashtalking.com/xre/320/3207612/2249815/js/ Frame 922E 		42 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flashtalking.com/xre/320/3207612/2249815/js/j-3207612-2249815.js
Requested by
Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/94362;3207612;201;js;CBSi;UKCBSiZDNet300x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&cachebuster=463953.6308840011
Protocol
HTTP/1.1
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
f4efb95cc63b692b69be5dbcd96a96e9b145b10b7f87c4d6483ebbc8718c08a4

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
x-amz-request-id
200E5D6643AA0CB8
X-HW
1532234968.dop005.fr8.t,1532234968.cds035.fr8.shn,1532234968.dop005.fr8.t,1532234968.cds004.fr8.c
Connection
Keep-Alive
Content-Length
10340
x-amz-id-2
Vs5ctXeazzRKK5I29ROgcCLVC9p9k5aeUt8m7G2Uxq1A4ynNmh364AhAgTvp0INaJalt+AZTwOA=
Last-Modified
Thu, 07 Jun 2018 13:07:02 GMT
ETag
W/"e5272fa0f22d9ff8e0656cfc24c578da"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=189
Accept-Ranges
bytes
ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 1970 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.94.184 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-94-184.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Host
cdn-gl.imrworldwide.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Accept-Encoding
gzip, deflate
Cookie
IMRID=36292377-38da-4efa-a5da-03e6d90ec538
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Date
Tue, 26 Jun 2018 21:10:44 GMT
Last-Modified
Tue, 26 Jun 2018 21:10:06 GMT
x-amz-server-side-encryption
AES256
Cache-Control
max-age=86400
x-amz-version-id
vKKXF39_FwJKMa.6hF2NdVuSjY5qoHYw
Server
AmazonS3
Content-Encoding
gzip
Vary
Accept-Encoding
Age
27523
X-Cache
Hit from cloudfront
Via
1.1 8391f131e4acb30724947dab1f8592a5.cloudfront.net (CloudFront)
X-Amz-Cf-Id
1fOPXTrfoa6kx5nnOH1kESFW6Qfk28mnjxkOZnglHGb7qLUbXN_CLA==
/
disqus.com/embed/comments/ Frame A817 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=zdnet-1&t_i=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&t_u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&t_e=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse&t_d=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse&t_t=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse&s_o=default
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.64.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Last-Modified
Wed, 04 Jul 2018 05:12:09 GMT
ETag
W/"lounge:view:6743289519.a147e802bdbad1800177c9a742279778.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Content-Length
6201
Date
Sun, 22 Jul 2018 04:49:29 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
gpt.js
www.googletagservices.com/tag/js/ Frame B53C 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: rev.cbsi.com
URL: https://rev.cbsi.com/common/js/adKit.min.js?2016375484
Protocol
SPDY
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
22d98aa81412edaaee9d9e8f1843b206f49f349dd8a483c8c5d960428bac53a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"5 / 809 of 1000 / last-modified: 1532226201"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
7850
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:28 GMT
vglnk.js
cdn.viglink.com/api/ 		79 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bf6a92a50156df8d8018b0916a7c98b22e9d2201e42c32dcf9d6d7187df8ab0

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
39D65B6392DEF1A8
status
200
content-length
27815
x-amz-id-2
afWH7RfDYh6IqjVzYkqatqiiRlp1DRxWB70Hw60WT0w/NNQob8jUbqSKnt60yXnPUwALS5vlziI=
last-modified
Thu, 19 Jul 2018 20:17:17 GMT
server
cloudflare
etag
"15468e63d7aba3f957c1cb44354bddfa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
43e347ea7abbbef3-FRA
expires
Sun, 22 Jul 2018 05:19:28 GMT
0.7665813004422518
saa.cbsi.com/b/ss/cnetzdnetglobalsite/1/G.4--NS/ 		43 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://saa.cbsi.com/b/ss/cnetzdnetglobalsite/1/G.4--NS/0.7665813004422518?AQB=1&ce=UTF%2D8&events=event66&v0=ftag_cd:LGN22ef1e6&v2=en&v3=desktop&v4=right-rail&v10=article&v20=this+new+windows+malware+wants+to+add+your+pc+to+a+botnet+-+or+worse&v22=content_article&v23=&v24=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&v30=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&v60=33164070,33164073,33164072&v64=2150&v69=&c0=D%3Dv0&c2=D%3Dv2&c3=D%3Dv3&c4=D%3Dv4&c10=D%3Dv10&c20=D%3Dv20&c22=D%3Dv22&c23=D%3Dv23&c24=D%3Dv24&c30=D%3Dv30&c60=D%3Dv60&c64=D%3Dv64&c69=D%3Dv69&pe=lnk_o&pev2=medusa_impression&vid=201807220-leadgen-zdnet&AQE=1
Protocol
HTTP/1.1
Server
63.140.43.37 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Mon, 23 Jul 2018 04:49:28 GMT
Server
Omniture DC/2.0.0
xserver
www31
ETag
"3290449538760900608-4778988823864474461"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Sat, 21 Jul 2018 04:49:28 GMT
e.gif
dw.cbsi.com/levt/ria/ 		43 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dw.cbsi.com/levt/ria/e.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&assettitle=this%20new%20windows%20malware%20wants%20to%20add%20your%20pc%20to%20a%20botnet%20-%20or%20worse&assettype=content_article&pubdate=2018-06-20%2011%3A30%3A53&viewguid=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&devicetype=desktop&sitetype=responsive%20web&author=danny%20palmer&authorid=1aa87593-0f1d-4577-862b-a59b5ec9bc57&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&s8=cnetzdnetglobalsite&v23=cnetzdnetglobalsite&v19=article&v17=113c25b6-ec91-11e3-95d2-02911863765e&v20=07d2a80f-3b6b-40e4-8e43-d9a6635ff5c1&v16=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&riaevent=impression&comptyp=spot&mapp=medusa_app&objtyp=medusa&eventt=log&v18=security&comp=ucwc&ts=1532234968716&tcset=utf8&im=dsjs&title=This%20new%20Windows%20malware%20wants%20to%20add%20your%20PC%20to%20a%20botnet%20-%20or%20worse%20%7C%20ZDNet&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F
Protocol
HTTP/1.1
Server
64.30.224.172 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx1-dw-cbsi-xw-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:28 GMT
Server
Apache/2.4.25
Vary
*
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate, no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=80, max=241
Content-Length
43
Expires
Fri, 23 Jan 1970 12:12:12 GMT
domains
api.viglink.com/api/ 		42 B
487 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Server
52.48.254.224 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-48-254-224.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
8c981c02ad4ff4171e6ced84b596a09bb57912d41ca244c2b0c8452c18b50a59

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:27 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT
2249815.gif
cdn.flashtalking.com/xre/320/3207612/2249815/image/ Frame 922E 		189 KB
189 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.flashtalking.com/xre/320/3207612/2249815/image/2249815.gif?737370952
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
HTTP/1.1
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
ad82ba455e3abf870a4f35e3721e472fc7c9df2a627e1882a58997ed8ff79e59

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
x-amz-request-id
5EE327C2B1C98047
X-HW
1532234968.dop005.fr8.t,1532234968.cds035.fr8.shn,1532234968.dop005.fr8.t,1532234968.cds019.fr8.c
Connection
Keep-Alive
Content-Length
193182
x-amz-id-2
zQxlCPrPj0kG5eGo848ERBIKRlBjqQ53jfEStFnrg55lS+78knkBWDL99c/e7CLAUexAVWGKCBs=
Last-Modified
Thu, 07 Jun 2018 13:07:22 GMT
ETag
W/"f058092de2f13aa421e5fd6898411fc4"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
image/gif
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=192
Accept-Ranges
bytes
/
www.facebook.com/tr/ Frame BA6C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f12d:86:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
3305
pragma
no-cache
cache-control
no-cache
origin
https://www.zdnet.com
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
accept-encoding
gzip, deflate
cookie
fr=0a0XVXs2RL1YM0NnZ..BbVAzY...1.0.BbVAzY.
Origin
https://www.zdnet.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
A950BB56C963E59B78BFD298DBD1EE50
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/

Response headers

status
200
content-type
text/plain
content-length
0
server
proxygen-bolt
date
Sun, 22 Jul 2018 04:49:28 GMT
truncated
/ Frame 922E 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45a173424b7ff32c59da7185bd9dc343a0277c093ea8613e255a8211566ff2f4

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame B53C 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ Frame B53C 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
pubads_impl_233.js
securepubads.g.doubleclick.net/gpt/ Frame B53C 		178 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
777b0f00d08011d3250b26f0f12ae95183db91e4c4ee05b98ad25a8d0d85c594
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 16 Jul 2018 16:04:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
62854
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:28 GMT
n.js
geo.moatads.com/ Frame 4EEF 		105 B
267 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&qq=000000000000&qr=0&is=voqBBkBBBBHhBBBBBZkJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoKOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvBCfBBBBBBBBBBBBBBCBMBaBeBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGxCBcBBBC9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCS6IDDDCCCCDDCCCCCCCBdh2eBBBGI79kNB8DJoDBBBBCiBBiB&iv=6&gz=0&hh=0&hn=0&qt=0&i=CBSDFPCW2&hp=1&cm=21&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&tw=c%3FgD3W%3CA&j=&o=3&t=1532234968878&de=397119542203&m=0&ar=be38341603-clean&q=2&cb=0&cu=1532234968878&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29759169%3A148224849%3A4441986168%3A138212690913&zGSRC=1&zMoatPS=nav&zMoatSECT=-&zMoatPT=article&zMoatFT=Not%20Specified&zMoatW=7&zMoatH=7&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&zMoatSN=d&zMoatAID=-&zMoatIMP=-&zMoatCP=-&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse&zMoatDev=Desktop&zMoatCnet=-&zMoatNotCnet=true&zMoatSZ=7x7&zMoatSZPS=7x7%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatJS=-&zMoatSL=-&zMoatSlotId=nav-ad&zMoatDfpSlotId=-&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMAKns=-&zMoatAB=content_article-zdnet&zMoatMMAKan=-&zMoatMMAKai=-&zMoatMMAKv=-&zMoatMMAKOSv=-&zMoatMMAKvs=-&zMoatMMAKin=-&zMoatAR=-&zMoatWDAC=-&zMoatAdUnit1=-&zMoatAdUnit2=-&zMoatMadisonLogic=-&zMoatAdUnit3=-&zMoatOptimize=-&qs=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&fs=147985&na=1767577662&cs=0&callback=MoatSuperV26.gna254343
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
HTTP/1.1
Server
54.85.214.46 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-85-214-46.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
2c09a3ad07c1d0e5fa5c43ede2cd385d007bbfd01b04a1f1fc75f9b173d846d9

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:29 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
105
Content-Type
text/html; charset=UTF-8
n.js
geo.moatads.com/ Frame 922E 		104 B
266 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&qq=000000000000&qr=0&is=voqBBkBBBBHhBBBBBZkJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoKOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvBCfBBBBBBBBBBBBBBCBMBaBeBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGxCBcBBBC9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCS6IDDDCCCCDDCCCCCCCBdh2eBBBGI79kNB8DJoDBBBBCiBBiB&iv=6&gz=0&hh=0&hn=0&qt=0&i=CBSDFPCW2&hp=1&cm=16&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&tw=c%3FgD3W%3CA&j=&o=3&t=1532234968919&de=177339024191&m=0&ar=be38341603-clean&q=6&cb=0&cu=1532234968919&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=4535589725%3A2324404553%3A4696758888%3A138235644983&zGSRC=1&zMoatPS=top&zMoatSECT=-&zMoatPT=article&zMoatFT=Not%20Specified&zMoatW=300&zMoatH=600&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&zMoatSN=d&zMoatAID=-&zMoatIMP=-&zMoatCP=-&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse&zMoatDev=Desktop&zMoatCnet=-&zMoatNotCnet=true&zMoatSZ=300x600&zMoatSZPS=300x600%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatJS=-&zMoatSL=-&zMoatSlotId=mpu-plus-top&zMoatDfpSlotId=-&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMAKns=-&zMoatAB=content_article-zdnet&zMoatMMAKan=-&zMoatMMAKai=-&zMoatMMAKv=-&zMoatMMAKOSv=-&zMoatMMAKvs=-&zMoatMMAKin=-&zMoatAR=-&zMoatWDAC=-&zMoatAdUnit1=-&zMoatAdUnit2=-&zMoatMadisonLogic=-&zMoatAdUnit3=-&zMoatOptimize=-&qs=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&fs=147985&na=840786630&cs=0&callback=MoatSuperV26.gna166168
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
HTTP/1.1
Server
54.85.214.46 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-85-214-46.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
2c43932a1f0cc299edc59a25859363f57c618f1b67daff85f6901f5742507b95

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:29 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
104
Content-Type
text/html; charset=UTF-8
n.js
geo.moatads.com/ Frame B53C 		104 B
266 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&qq=000000000000&qr=0&is=voqBBkBBBBHhBBBBBZkJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoKOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvBCfBBBBBBBBBBBBBBCBMBaBeBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGxCBcBBBC9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCS6IDDDCCCCDDCCCCCCCBdh2eBBBGI79kNB8DJoDBBBBCiBBiB&iv=6&gz=0&hh=0&hn=0&qt=0&i=CBSDFPCW2&hp=1&cm=23&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&tw=c%3FgD3W%3CA&j=&o=3&t=1532234968990&de=38821629513&m=0&ar=be38341603-clean&q=10&cb=0&cu=1532234968990&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29759169%3A148224849%3A236907969%3A72087703209&zGSRC=1&zMoatPS=top&zMoatSECT=-&zMoatPT=article&zMoatFT=Not%20Specified&zMoatW=371&zMoatH=771&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&zMoatSN=d&zMoatAID=-&zMoatIMP=-&zMoatCP=-&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse&zMoatDev=Desktop&zMoatCnet=-&zMoatNotCnet=true&zMoatSZ=371x771&zMoatSZPS=371x771%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatJS=-&zMoatSL=-&zMoatSlotId=dynamic-showcase-top&zMoatDfpSlotId=-&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMAKns=-&zMoatAB=content_article-zdnet&zMoatMMAKan=-&zMoatMMAKai=-&zMoatMMAKv=-&zMoatMMAKOSv=-&zMoatMMAKvs=-&zMoatMMAKin=-&zMoatAR=-&zMoatWDAC=-&zMoatAdUnit1=-&zMoatAdUnit2=-&zMoatMadisonLogic=-&zMoatAdUnit3=-&zMoatOptimize=-&qs=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&fs=147985&na=1784445663&cs=0&callback=MoatSuperV26.gna662187
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
HTTP/1.1
Server
52.5.158.155 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-158-155.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
632edd13aec51f93c017b1f3fc0bc3b1b4c0aaa90b332dbf87205ced1f0d88bf

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:29 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
104
Content-Type
text/html; charset=UTF-8
n.js
geo.moatads.com/ Frame 8884 		106 B
268 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&qq=000000000000&qr=0&is=voqBBkBBBBHhBBBBBZkJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoKOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvBCfBBBBBBBBBBBBBBCBMBaBeBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGxCBcBBBC9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCS6IDDDCCCCDDCCCCCCCBdh2eBBBGI79kNB8DJoDBBBBCiBBiB&iv=6&gz=0&hh=0&hn=0&qt=0&i=CBSDFPCW2&hp=1&cm=15&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&tw=c%3FgD3W%3CA&j=&o=3&t=1532234969026&de=647341141540&m=0&ar=be38341603-clean&q=14&cb=0&cu=1532234969026&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29759169%3A148224849%3A131323809%3A31192576209&zGSRC=1&zMoatPS=top&zMoatSECT=-&zMoatPT=article&zMoatFT=Not%20Specified&zMoatW=1600&zMoatH=1000&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&zMoatSN=d&zMoatAID=-&zMoatIMP=-&zMoatCP=-&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse&zMoatDev=Desktop&zMoatCnet=-&zMoatNotCnet=true&zMoatSZ=1600x1000&zMoatSZPS=1600x1000%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatJS=-&zMoatSL=-&zMoatSlotId=skin&zMoatDfpSlotId=-&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMAKns=-&zMoatAB=content_article-zdnet&zMoatMMAKan=-&zMoatMMAKai=-&zMoatMMAKv=-&zMoatMMAKOSv=-&zMoatMMAKvs=-&zMoatMMAKin=-&zMoatAR=-&zMoatWDAC=-&zMoatAdUnit1=-&zMoatAdUnit2=-&zMoatMadisonLogic=-&zMoatAdUnit3=-&zMoatOptimize=-&qs=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&fs=147985&na=472543257&cs=0&callback=MoatSuperV26.gna252716
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
HTTP/1.1
Server
54.85.214.46 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-85-214-46.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
8dbb51259557b9ce44aba88e5618c67f57066955ae3a3357ce289d404eeada68

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:29 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
106
Content-Type
text/html; charset=UTF-8
ads
securepubads.g.doubleclick.net/gampad/ Frame B53C 		32 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2639290057198568&correlator=3734680185037538&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21061646%2C21062083&vrg=233&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=372x142%2C372x142&prev_scp=pos%3D%26campaign%3D%26env%3Dprod%26session%3Dd%26subses%3D3%26ptype%3Darticle%26vguid%3Dae1b85eb-b336-487d-9ab0-bd57117a2b4f%7Cpos%3D%26campaign%3D%26env%3Dprod%26session%3Dd%26subses%3D3%26ptype%3Darticle%26vguid%3Dae1b85eb-b336-487d-9ab0-bd57117a2b4f&cookie=ID%3D7abd9618e20a51a8%3AT%3D1532234967%3AS%3DALNI_MYy7jMS7-8j0s3j-_RbxKuQbRo3wg&cdm=www.zdnet.com&bc=7&lmt=1532234969&dt=1532234969135&frm=23&biw=1585&bih=1200&isw=371&ish=771&oid=3&adxs=0%2C0&adys=0%2C0&adks=3261246841%2C3261246840&gut=v2&ifi=1&ifk=1090781421&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&dssz=16&icsg=43552&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0%7C0x0&msz=0x0%7C0x0&ga_vid=392144016.1532234969&ga_sid=1532234969&ga_hid=2129112606
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
090edb110522b8706f0f5db0257876cdb51892b32983d01d041e3ac51186e751
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Origin
https://www.zdnet.com

Response headers

date
Sun, 22 Jul 2018 04:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
7579
x-xss-protection
1; mode=block
google-lineitem-id
236987769,236987769
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
72120427449,72120430809
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_233.js
securepubads.g.doubleclick.net/gpt/ Frame B53C 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_233.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
794d55d32d1c4b4c3287b9e1718b82c60bc301386f0fbd51ebaf15f80659669a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 16 Jul 2018 16:04:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
16399
x-xss-protection
1; mode=block
expires
Sun, 22 Jul 2018 04:49:29 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame B53C 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Purpose
prefetch
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires
Wed, 10 Jul 2019 21:52:55 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
content-type
text/html
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/ Frame 0083 		70 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Mon, 16 Jul 2018 13:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485999
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26170
x-xss-protection
1; mode=block
server
cafe
etag
10782178046593131600
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:29 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 0083 		283 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3

Request headers

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 Jul 2018 15:56:03 GMT
Server
AmazonS3
x-amz-request-id
70BC386FC9B23DCD
ETag
"ea1622d80a6b8f8a8a50f8492853a974"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58339
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88976
x-amz-id-2
pE6DMUUfQX+vWKBCzN0yPeX//RMyrek6lxj5VtH1d/B3hEogENKoUaxsi2cZSPPRIwsZysp/41c=
n.js
geo.moatads.com/ Frame 0083 		107 B
269 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&qq=000000000000&qr=0&is=voqBBkBBBBHhBBBBBZkJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoKOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvBCfBBBBBBBBBBBBBBCBMBaBeBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGxCBcBBBC9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCS6IDDDCCCCDDCCCCCCCBdh2eBBBGI79kNB8DJoDBBBBCiBBiB&iv=6&gz=0&hh=0&hn=0&qt=0&i=CBSDFPCW2&hp=1&cm=24&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&tw=c%3FgD3W%3CA&j=&o=3&t=1532234969237&de=124500455761&m=0&ar=be38341603-clean&q=18&cb=0&cu=1532234969237&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29759169%3A148224849%3A236987769%3A72120427449&zGSRC=1&zMoatPS=Not%20Specified&zMoatSECT=-&zMoatPT=article&zMoatFT=Not%20Specified&zMoatW=372&zMoatH=142&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&zMoatSN=d&zMoatAID=-&zMoatIMP=-&zMoatCP=-&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse&zMoatDev=Desktop&zMoatCnet=-&zMoatNotCnet=true&zMoatSZ=372x142&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatJS=-&zMoatSL=-&zMoatSlotId=dynamic-showcase-top&zMoatDfpSlotId=-&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMAKns=-&zMoatAB=content_article-zdnet&zMoatMMAKan=-&zMoatMMAKai=-&zMoatMMAKv=-&zMoatMMAKOSv=-&zMoatMMAKvs=-&zMoatMMAKin=-&zMoatAR=-&zMoatWDAC=-&zMoatAdUnit1=-&zMoatAdUnit2=-&zMoatMadisonLogic=-&zMoatAdUnit3=-&zMoatOptimize=-&qs=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&fs=147985&na=1679340772&cs=0&callback=MoatSuperV26.gna801264
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
HTTP/1.1
Server
52.5.188.239 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-188-239.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
7845f77347831cd3aa9c8014ea32b2c871b888ff140e27b300b4636ab03294fc

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:29 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
107
Content-Type
text/html; charset=UTF-8
osd.js
pagead2.googlesyndication.com/pagead/ Frame B53C 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
98967be95015e8c9218a2d31f44b5335c8eeb5fd9c3a5eddd5e779280c87f771
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 22 Jul 2018 04:09:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2428
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26232
x-xss-protection
1; mode=block
server
cafe
etag
10899681090142805410
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sun, 22 Jul 2018 05:09:01 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/ Frame 4685 		70 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/activeview/osd_listener.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Mon, 16 Jul 2018 13:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485999
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26170
x-xss-protection
1; mode=block
server
cafe
etag
10782178046593131600
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:29 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 4685 		283 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_233.js
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3

Request headers

Response headers

Date
Sun, 22 Jul 2018 04:49:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 Jul 2018 15:56:03 GMT
Server
AmazonS3
x-amz-request-id
70BC386FC9B23DCD
ETag
"ea1622d80a6b8f8a8a50f8492853a974"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58339
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88976
x-amz-id-2
pE6DMUUfQX+vWKBCzN0yPeX//RMyrek6lxj5VtH1d/B3hEogENKoUaxsi2cZSPPRIwsZysp/41c=
n.js
geo.moatads.com/ Frame 4685 		106 B
268 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&qq=000000000000&qr=0&is=voqBBkBBBBHhBBBBBZkJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoKOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvBCfBBBBBBBBBBBBBBCBMBaBeBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGxCBcBBBC9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCS6IDDDCCCCDDCCCCCCCBdh2eBBBGI79kNB8DJoDBBBBCiBBiB&iv=6&gz=0&hh=0&hn=0&qt=0&i=CBSDFPCW2&hp=1&cm=20&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&tw=c%3FgD3W%3CA&j=&o=3&t=1532234969334&de=862282050332&m=0&ar=be38341603-clean&q=22&cb=0&cu=1532234969334&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29759169%3A148224849%3A236987769%3A72120430809&zGSRC=1&zMoatPS=Not%20Specified&zMoatSECT=-&zMoatPT=article&zMoatFT=Not%20Specified&zMoatW=372&zMoatH=142&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&zMoatSN=d&zMoatAID=-&zMoatIMP=-&zMoatCP=-&zMoatCURL=zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse&zMoatDev=Desktop&zMoatCnet=-&zMoatNotCnet=true&zMoatSZ=372x142&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatJS=-&zMoatSL=-&zMoatSlotId=dynamic-showcase-top&zMoatDfpSlotId=-&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMAKns=-&zMoatAB=content_article-zdnet&zMoatMMAKan=-&zMoatMMAKai=-&zMoatMMAKv=-&zMoatMMAKOSv=-&zMoatMMAKvs=-&zMoatMMAKin=-&zMoatAR=-&zMoatWDAC=-&zMoatAdUnit1=-&zMoatAdUnit2=-&zMoatMadisonLogic=-&zMoatAdUnit3=-&zMoatOptimize=-&qs=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&fs=147985&na=1804046798&cs=0&callback=MoatSuperV26.gna832080
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
HTTP/1.1
Server
54.85.214.46 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-85-214-46.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
48f9bddade007f27f942ee4ab3adbda26951d9f2762f50981fb33cb101637f90

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 22 Jul 2018 04:49:30 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
106
Content-Type
text/html; charset=UTF-8
view
securepubads.g.doubleclick.net/pcs/ Frame 0083 		0
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumAMg3coTnNHIFN7P2yoqHTMf2jOKPMHnWk5lfxrAx3dwv2VVbHmr9keYtBwniZYiMvq7qr533T5uYmJBbPZI43UF1tCbi2r28_LsCxeSOR0O9D7cPmMc6IMqHlMr7Q7Pig-dObKjpWcbe2RBu8junXpJUlYWvNXpqOzzH6Z06PBUIZaC2TGFk5jeaPUL32tMzSsqCePXHYVO2GaC4dYmnj4serqj_PH4g5bZVZf_S1mkxxAIT2JXmDCbuuZw&sai=AMfl-YRa5SrErpAp6xIscXYgeNt5liKz09yU17ZPQqetsxi1ZPYGyP8Ox1slQRtsnDvo7plMv-p_19-0Zj8uY6XTzn5sLEPgGtJR2jj4gcrjedd4Y9MGjbdP7r8pTXs&sig=Cg0ArKJSzE48_hh5Qu4SEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
cache-control
private
expires
Sun, 22 Jul 2018 04:49:29 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 4685 		0
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsulcODLM9GdWspMVbuNqe0xWFKhdbjX0mESoQuWlkbM5jMDYfBgRttG8_G903kaMjqJs3R-7a7bNdaNd1gaJmlh4bRu7dTvQImUwKzXqSDmlYkFrHag40k79cNaayqvOW_7koL1aNBcPSQWYe4K4bZvsM5PsgHBa89PaxfCNOo2BnkAGHITmxDAahDfjRgsg2NJso1cjXYjcmHnY0AHCHW1fT8RXtiu2MfQMKWkkqERsUuQ7ptZKI5C6XypauY&sai=AMfl-YShaKpij8zML8MPG-5ICeA7yuVvZmqLmxjiXTgHwXgbdFkHxi1nDaEtJYxFMn2nq4WqQ_0rXJ8-dU4wz4S7h5AHirWP8EX1wtnEXrFK82HYP_fWPDzP3PexnqE&sig=Cg0ArKJSzBgOhP33CCkiEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
cache-control
private
expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=9&fi=1&apd=17&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=4535589725&L2id=2324404553&L3id=4696758888&L4id=138235644983&S1id=23605329&S2id=23619609&ord=1532234968919&r=177339024191&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=1&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=9&fi=1&apd=17&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=4535589725&L2id=2324404553&L3id=4696758888&L4id=138235644983&S1id=23605329&S2id=23619609&ord=1532234968919&r=177339024191&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=2&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=222&fi=1&apd=230&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=4535589725&L2id=2324404553&L3id=4696758888&L4id=138235644983&S1id=23605329&S2id=23619609&ord=1532234968919&r=177339024191&t=hdn&os=1&fi2=0&div1=0&ait=107&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=3&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 8884 		42 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstUUYWT7OFoqIy9gYxfxFvdzCoihC1aQkt_wp6MQnsOeQYbptNeJEoWYGeE4hjjolOwbTpik-0dUQRRaE057q960eHzHh5pRSQ&sig=Cg0ArKJSzCZxoCGJKhL_EAE&r=z&adk=1349602048&tt=662&bs=1585%2C1200&mtos=0%2C0%2C0%2C0%2C0&tos=0%2C0%2C0%2C0%2C0&p=0%2C0%2C0%2C0&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1585%2C4433&ss=1600%2C1200&pt=18&deb=1-8-8-10-11-3-39-2&tvt=660&op=1&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=10&clc=0&cac=0&cd=0x0&v=r20180716
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=8&fi=1&apd=15&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29759169&L2id=148224849&L3id=131323809&L4id=31192576209&S1id=23605329&S2id=23619609&ord=1532234969026&r=647341141540&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=1&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=8&fi=1&apd=15&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29759169&L2id=148224849&L3id=131323809&L4id=31192576209&S1id=23605329&S2id=23619609&ord=1532234969026&r=647341141540&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=2&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=388&fi=1&apd=395&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29759169&L2id=148224849&L3id=131323809&L4id=31192576209&S1id=23605329&S2id=23619609&ord=1532234969026&r=647341141540&t=hdn&os=1&fi2=0&div1=0&ait=190&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=3&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
rum.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/ Frame 0083 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/rum.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb3ea51f7d25a9f40c5f5297875da8833c3752c470071ecb03df8afa58afb4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 16 Jul 2018 13:49:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485993
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
15804
x-xss-protection
1; mode=block
server
cafe
etag
12872360508127877586
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:36 GMT
csi
csi.gstatic.com/ Frame 0083 		0
56 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~jjwd512m&chm=1&ctx=2&qqid=CI61soj0sdwCFQVB4Aod4G8Isg&met.4=fb.2s~lb.32~ol.ae~dt.9&met.3=123.2x_2~121.5e~118.72~115.8d~122.8d~117.ae~118.ag~113.aw_4~112.au_5&met.1=1.jjwd50rq~14.n~15.n~16.n~17.n~18.n~19.o~20.o~21.o&met.7=CAcQChgBIGUoZTBlaGVwZYABuswBiAHesgSwAQG4AQE~CBsQCiBm~CBsQCiCwATiOAQ~CCIQBhgBIPcBKPcBMLECODo~CBgQChgBIPkCKPkCMIIDOAlo-gJwgAN4vHyAAbx7iAHFygKwAQG4AQM&met.2=15.5~16.cak
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/rum.js
Protocol
SPDY
Server
2607:f8b0:4004:805::2003 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Cache-Control
max-age=0
Origin
https://www.zdnet.com
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:29 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
status
204
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 4EEF 		42 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssO69p9v2FpRfR6461BzRNK4tNQV1mAGacuSVLsq23n1xQDqxJeD-EjqB8LXnq4Q8qpTO2rAw8aTZ0CfSXHvScx-YgXboBK3NQ&sig=Cg0ArKJSzOTLbHHubx8rEAE&r=z&adk=3272424244&tt=771&bs=1585%2C1200&mtos=0%2C0%2C0%2C0%2C0&tos=0%2C0%2C0%2C0%2C0&p=0%2C0%2C0%2C0&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1585%2C4433&ss=1600%2C1200&pt=18&deb=1-8-8-11-12-3-77-3&tvt=769&op=1&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=10&clc=0&cac=0&cd=0x0&v=r20180716
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 0083 		42 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu2N8N5fsNVHtlInnC84sB1Hl--CdaMG8xt8_mfwNOhC7846XHiyl3PFwc3e0x8nDvPgNh3t5iCR3B19LmCwocK9yUzw8Gzgz8&sig=Cg0ArKJSzPE_LbdzacqJEAE&r=z&adk=3261246841&tt=104&bs=1585%2C1200&mtos=0%2C0%2C0%2C0%2C0&tos=0%2C0%2C0%2C0%2C0&p=0%2C0%2C0%2C0&opac=1&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1585%2C4433&ss=1600%2C1200&pt=-1&deb=1-0-2-1-2--1-1-0&tvt=52&is=371%2C771&op=1&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=11&clc=0&cac=0&cd=0x0&v=r20180716
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=693&fi=1&apd=701&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=4535589725&L2id=2324404553&L3id=4696758888&L4id=138235644983&S1id=23605329&S2id=23619609&ord=1532234968919&r=177339024191&t=nht&os=1&fi2=0&div1=0&ait=578&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=4&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=589&fi=1&apd=596&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29759169&L2id=148224849&L3id=131323809&L4id=31192576209&S1id=23605329&S2id=23619609&ord=1532234969026&r=647341141540&t=nht&os=1&fi2=0&div1=0&ait=391&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=4&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:29 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=903&tet=1096&fi=1&apd=1104&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=4535589725&L2id=2324404553&L3id=4696758888&L4id=138235644983&S1id=23605329&S2id=23619609&ord=1532234968919&r=177339024191&t=iv&os=1&fi2=0&div1=1&ait=981&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=5&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:30 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:30 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 4685 		42 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1lDq_sAeqnHuyXpzG1iesGhY87kHaPCKAdsldZlbb-EiDECOiTXXU_Oay_gJhHzSafgsC8ikv2UIcWQ8KPTVUhri5TpneREM&sig=Cg0ArKJSzJT2R2on4VymEAE&r=z&adk=3261246840&tt=606&bs=1585%2C1200&mtos=0%2C0%2C0%2C0%2C0&tos=0%2C0%2C0%2C0%2C0&p=0%2C0%2C0%2C0&opac=1&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1585%2C5951&ss=1600%2C1200&pt=-1&deb=1-0-2-1-4--1-13-2&tvt=554&is=371%2C771&op=1&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse%2F&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=11&clc=0&cac=0&cd=0x0&v=r20180716
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum.js
tpc.googlesyndication.com/pagead/js/r20180716/r20110914/ Frame 4685 		41 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/rum.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
Protocol
SPDY
Server
2a00:1450:4001:814::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb3ea51f7d25a9f40c5f5297875da8833c3752c470071ecb03df8afa58afb4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Mon, 16 Jul 2018 13:49:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485993
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
15804
x-xss-protection
1; mode=block
server
cafe
etag
12872360508127877586
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 13:49:36 GMT
csi
csi.gstatic.com/ Frame 4685 		0
56 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~jjwd51if&chm=1&ctx=2&qqid=CI-1soj0sdwCFQVB4Aod4G8Isg&met.4=fb.5f~lb.5m~ol.qg~dt.5&met.3=123.5h_2~121.6q~118.6u~115.8u~122.8u~115.bo~122.bo~115.eg~122.eh~115.h9~122.h9~197.je~118.jf~118.jg~118.jg~118.jg~115.k1~122.k1~115.mt~122.mt~115.pm~122.pm~118.pq~118.pr~118.pr~118.pr~118.pr~118.pr~118.pr~117.qg~118.qh~118.qh~113.qk_1~112.qj_1&met.1=1.jjwd50ru~14.l~15.l~16.l~17.l~18.l~19.m~20.m~21.m&met.7=CAcQChgBIMQBKMQBMMQBaMQBcMQBgAG6zAGIAd6yBLABAbgBAQ~CBsQCiDEAQ~CBsQCiDsATjLBQ~CCIQBhgBIPMBKPMBMK4CODo~CCAQBhgBIJ4HKJ4HMK0HOA9onwdwrQd4cIABKogBKrABAbgBAw~CBgQChgBILoHKLoHMLoHaLoHcLoHgAG8e4gBxcoCsAEBuAEB&met.2=15.6~16.34
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20180716/r20110914/rum.js
Protocol
SPDY
Server
2607:f8b0:4004:805::2003 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Cache-Control
max-age=0
Origin
https://www.zdnet.com
Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:30 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
status
204
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 922E 		42 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst3X-yAsZnrgD4b7tHn8GbZlt4nMgSpUfLKBA562pQIisQ-VMnZsFaAyEPfMTcyKqkQWBEavpuB_19iUGKVl4iMIsyIiQMb6FQ&sig=Cg0ArKJSzLyDYIACQTvBEAE&adk=164929707&tt=1392&bs=1585%2C1200&mtos=1076%2C1076%2C1076%2C1076%2C1076&tos=1076%2C0%2C0%2C0%2C0&p=531%2C1043%2C1131%2C1343&mcvt=1076&rs=3&ht=0&tfs=332&tls=1408&mc=1&lte=1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1585%2C4433&ss=1600%2C1200&pt=18&deb=1-8-8-19-18-3-384-9&tvt=1390&op=1&r=v&id=osdim&ti=1&uc=52&tgt=DIV&cl=1&cec=14&clc=1&cac=0&cd=300x600&v=r20180716
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B53C 		42 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstS2yDX2okwVMd5WVs2qabtZb2LnclSTJDB_aiYcac9pWuQ2dJUTIb46zEUwUU7oRZ8FxFdsNlDj4S34oNEal5JjDcDZ50KsaM&sig=Cg0ArKJSzMYsqcoFHgW0EAE&r=z&adk=470013531&tt=1392&bs=1585%2C1200&mtos=0%2C0%2C0%2C0%2C0&tos=0%2C0%2C0%2C0%2C0&p=0%2C0%2C0%2C0&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1585%2C4433&ss=1600%2C1200&pt=18&deb=1-8-8-19-18-3-384-9&tvt=1390&op=1&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=12&clc=0&cac=0&cd=0x0&v=r20180716
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 Jul 2018 04:49:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1003&tet=1197&fi=1&apd=1204&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29759169&L2id=148224849&L3id=131323809&L4id=31192576209&S1id=23605329&S2id=23619609&ord=1532234969026&r=647341141540&t=iv&os=1&fi2=0&div1=1&ait=999&zMoatVGUID=ae1b85eb-b336-487d-9ab0-bd57117a2b4f&bedc=1&q=5&nu=1&ib=1&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 Jul 2018 04:49:30 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sun, 22 Jul 2018 04:49:30 GMT

Verdicts & Comments Add Verdict or Comment

195 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| soastaTracking object| ZdnetPageVars object| ZdnetFunctions boolean| gdprConsent object| evidon object| cbsiGptDivIds function| UUIDv4 string| __tealium_data_guid object| utag_data function| requirejs function| require function| define number| BOOMR_lstart object| headertag object| googletag function| headertag_render object| pbjs function| $ function| jQuery undefined| easyXDM object| BOOMR object| BOOMR_mq object| fly object| __core-js_shared__ function| setImmediate function| clearImmediate function| UUIDv1 function| clamp object| STR undefined| UUID object| utag_err boolean| utag_condload function| getCookieValue object| isInternal object| js object| s object| adData string| adCookieName undefined| adCookieData undefined| adRegion function| parseJson object| match object| utag function| runInternalUserFuncs function| cbsiInternal function| _tealium_old_error boolean| isEuUser object| vglnk object| omnitureMgr object| dwMgr object| om object| jQuery183031365511121913414 function| lightboxjs function| lightboxlib object| _ml function| dw_callback object| EF function| setUpAgknTag function| pf_notify function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| doSiteCatalystTag object| headID object| newScript object| s_c_il number| s_c_in function| Visitor object| visitor function| DIL number| s_objectID number| s_giq object| swfobject object| Modernizr function| Waypoint object| debug object| __ql string| path string| host object| scriptTags function| agknTagBuilder object| _agknTag string| _agknTagName object| _agknEchoTag number| _isAgknTagSet function| vl_cB function| vl_disable function| vglnk_15322349661605 object| TRUE_ANTHEM object| CryptoJS object| mPulseApp object| DIGIOH_API undefined| _ function| Hls undefined| uuid function| addResizeListener function| removeResizeListener function| Spinner object| uvpjs function| Class object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| renderAdCallback function| blankAdCallback string| firstpgvar object| mpulseUserTiming string| waypointContextKey object| sticky object| GPT_jstiming object| closure_memoize_cache_ undefined| google_measure_js_timing number| BOOMR_configt object| DW function| dw_anonc object| DW_anonc object| optimizely string| f0 object| omMgr undefined| vglnk_15322349666636 object| _bmrEvents undefined| vglnk_15322349668088 object| s_i_cnetzdnetglobalsite number| BOOMR_onload string| bm_website_code object| $tealium boolean| google_noFetch boolean| google_DisableInitialLoad number| __google_ad_urls_id object| ret number| google_unique_id object| gaGlobal boolean| searchOpen object| $lastFocusedInput string| pageType undefined| jQuery183031365511121913414_1532234965881 undefined| jQuery183031365511121913414_1532234965882 function| udm_ function| ns_order object| ns_ object| ns_p string| ZN_3xeBFJDuSs0SRW5_ed string| ZN_3xeBFJDuSs0SRW5_sampleRate string| ZN_3xeBFJDuSs0SRW5_url function| fbq function| _fbq function| disqus_config function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| QSI string| disqus_shortname number| _rnd string| __prot object| __i function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| ima function| onYouTubeIframeAPIReady object| google object| platform function| mux object| NOLCMB object| ADB object| closure_lm_462933 boolean| autoplay object| NOLBUNDLE object| DISQUSWIDGETS undefined| disqus_domain object| closure_lm_288204 object| DISQUS object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired string| emmUrlKey string| optoutCookieKey object| ns object| paramsPassed object| stateObject string| BUILDVERSION object| stateEvents string| q function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb undefined| vglnk_153223496877411 object| Moat#G26 boolean| Moat#EVA object| MoatSuperV26

28 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 88307300829592482563107405335148801242
.zdnet.com/ Name: RT
Value: "sl=1&ss=1532234964909&tt=2908&obo=0&bcn=%2F%2F36c3f470.akstat.io%2F&sh=1532234967821%3D1%3A0%3A2908&dm=zdnet.com&si=33a5d14a-2b98-41d3-9c5a-233f5439fe38&ld=1532234967821"
.zdnet.com/ Name: s_lv_zdnet_s
Value: First%20Visit
.zdnet.com/ Name: aam_uuid
Value: 08216931432766049902333237949992780530
.zdnet.com/ Name: fly_default_edition
Value: eu
.zdnet.com/ Name: AMCV_10D31225525FF5790A490D4D%40AdobeOrg
Value: -894706358%7CMCMID%7C08063460859201155262321281788580464522%7CMCAAMLH-1532839766%7C9%7CMCAAMB-1532839767%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1532242166s%7CNONE%7CMCAID%7C2DAA066B85311112-6000010D200041A0%7CvVersion%7C2.3.0
.demdex.net/ Name: dextp
Value: 269-1-1532234967085|3-1-1532234967187|420-1-1532234967288|477-1-1532234967388|771-1-1532234967489|22052-1-1532234967591|30646-1-1532234967691|121998-1-1532234967792
.agkn.com/ Name: u
Value: C|0CEAi5slWIubJVwAAAAABAg1RAQCADVIBAIABEUEAAAAA
.zdnet.com/ Name: AMCVS_10D31225525FF5790A490D4D%40AdobeOrg
Value: 1
www.zdnet.com/ Name: viewGuid
Value: ae1b85eb-b336-487d-9ab0-bd57117a2b4f
.zdnet.com/ Name: s_invisit
Value: true
.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse Name: CBS_INTERNAL
Value: 0
.zdnet.com/ Name: fly_geo
Value: {"countryCode": "de"}
.agkn.com/ Name: ab
Value: 0001%3AR%2BGU67cteXmniINOuwVv6EtCR4QuZKjtHcXJu2ftvkdbn1WawGdNKg%3D%3D
www.zdnet.com/ Name: _ccmaid
Value: 5978151431620008567
.zdnet.com/ Name: s_getNewRepeat
Value: 1532234966592-New
.zdnet.com/ Name: s_vnum
Value: 1534826966591%26vn%3D1
.zdnet.com/ Name: first_page_today
Value: false
.zdnet.com/ Name: s_cc
Value: true
.zdnet.com/ Name: fly_device
Value: desktop
.zdnet.com/ Name: s_lv_zdnet
Value: 1532234966593
www.zdnet.com/ Name: _ccmsi
Value: 1532234966144_ch8yfzygo|1532234966144
www.zdnet.com/ Name: XCLGFbrowser
Value: Ale/hVtUDNZnUDUY5js
.zdnet.com/ Name: fly_preferred_edition
Value: eu
www.zdnet.com/ Name: LDCLGFbrowser
Value: 8f61f3dc-bf11-43f0-98ab-873057bea1a0
.zdnet.com/ Name: zdnet_ad
Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22uk%22%2C%22session%22%3A%22d%22%2C%22subSession%22%3A%223%22%7D
.zdnet.com/ Name: utag_main
Value: v_id:0164c05224050018ffe971baf6fe00078006107000b08$_sn:1$_ss:0$_st:1532236767786$ses_id:1532234966022%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session
.zdnet.com/ Name: nemo_highlander-author_focus
Value: author_focus%3a1%3aexclude

48 Console Messages

Source Level URL
Text
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service pending (GDPR consent not granted): script_mpulse
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service pending (GDPR consent not granted): script_indexexchange
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 670)
Message:
ADS: queuing nav-ad-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1144)
Message:
ADS: queuing intromercial-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1212)
Message:
ADS: queuing skin-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1221)
Message:
ADS: queuing leader-plus-top-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1359)
Message:
ADS: queuing inpage-video-top-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1369)
Message:
ADS: queuing sharethrough-top-5b5401f38b888 for display
console-api log URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js(Line 1)
Message:
dom not ready, setting event
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1460)
Message:
ADS: queuing mpu-plus-top-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1573)
Message:
ADS: queuing dynamic-showcase-top-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1580)
Message:
ADS: queuing mpu-middle-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1643)
Message:
ADS: queuing mpu-bottom-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 1660)
Message:
ADS: queuing leader-plus-bottom-5b5401f38b888 for display
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service pending (GDPR consent not granted): script_sharethrough
console-api log URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js(Line 1)
Message:
dom ready, triggering load
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
GDPR consent granted
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent finally granted): script_mpulse
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent finally granted): script_indexexchange
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent finally granted): script_sharethrough
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 9)
Message:
Missing adCookieData!
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92)
Message:
zdnet
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_mpulse
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_ad
console-api log (Line 2)
Message:
ADS: queuing mpu-bottom-5b5401f38b888 for display
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201807022324(Line 177)
Message:
Service: sitecatalyst
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92)
Message:
zdnet
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_sharebar
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_video
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_sharebar
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_async_load
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): disqus_init
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_disqus_count
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 106)
Message:
Service loading (GDPR consent already granted): script_disqus_count
console-api log URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js(Line 20)
Message:
UVPJS 2.8.3 03/26/18 8:42:19 AM (PDT)
console-api warning URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js(Line 8)
Message:
mPulse: Custom Timer 'video_ploaded' is not defined
console-api log (Line 33)
Message:
blank creative loaded: 138212690913 (7 x 7, pos=nav)
console-api log (Line 33)
Message:
blank creative loaded: 31192576209 (1600 x 1000, pos=top)
console-api log URL: https://www.zdnet.com/article/this-new-windows-malware-wants-to-add-your-pc-to-a-botnet-or-worse/(Line 164)
Message:
Dynamic Showcase Center container ::: creative id = 72087703209
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92)
Message:
zdnet
console-api log (Line 33)
Message:
blank creative loaded: 72120427449 (372 x 142, pos=)
console-api log (Line 33)
Message:
blank creative loaded: 72120430809 (372 x 142, pos=)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1105data.com
36c3f470.akstat.io
ad.yieldmanager.com
adservice.google.com
adservice.google.de
api.viglink.com
as-sec.casalemedia.com
asset.pagefair.com
asset.pagefair.net
beacon.tru.am
c.disquscdn.com
c.evidon.com
c.go-mpulse.net
cbsdfp5832910442.s.moatpixel.com
cbsi.demdex.net
cdn-gl.imrworldwide.com
cdn.flashtalking.com
cdn.viglink.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
csi.gstatic.com
d.agkn.com
disqus.com
dpm.demdex.net
dw.cbsi.com
geo.moatads.com
googleads.g.doubleclick.net
graph.facebook.com
idsync.rlcdn.com
iicbsi-a.akamaihd.net
imasdk.googleapis.com
in.ml314.com
js-sec.indexww.com
js.agkn.com
l.betrad.com
ml314.com
native.sharethrough.com
pagead2.googlesyndication.com
pixel.everesttech.net
pixel.mathtag.com
ps.eyeota.net
rev.cbsi.com
s0.2mdn.net
saa.cbsi.com
sb.scorecardresearch.com
secure-us.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
servedby.flashtalking.com
stags.bluekai.com
stats.pagefair.com
sync.crwdcntrl.net
tags.bluekai.com
tags.tiqcdn.com
tpc.googlesyndication.com
tru.am
vidtech.cbsinteractive.com
www.everestjs.net
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagservices.com
www.lightboxcdn.com
www.linkedin.com
www.zdnet.com
z.moatads.com
zdnet-1.disqus.com
zdnet1.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
104.108.48.32
104.108.51.30
104.111.214.103
104.111.228.222
104.111.240.158
104.111.244.243
13.32.222.102
138.108.96.100
151.101.0.134
151.101.112.134
151.101.12.134
151.101.64.134
172.217.22.98
18.184.225.117
2.18.233.143
2.18.233.149
2.18.233.201
2.18.234.21
2.18.235.40
205.162.46.68
205.185.216.10
205.185.216.42
216.58.206.2
216.58.208.34
23.111.11.222
23.111.9.30
2400:cb00:2048:1::6810:4ca6
2400:cb00:2048:1::6810:4fa5
2400:cb00:2048:1::6810:a40d
2400:cb00:2048:1::6819:a222
2400:cb00:2048:1::6819:a322
2600:9000:200c:8200:15:efbc:e300:93a1
2607:f8b0:4004:805::2003
2a00:1288:110:422::3000
2a00:1450:4001:814::2001
2a00:1450:4001:814::2002
2a00:1450:4001:814::2004
2a00:1450:4001:81d::2006
2a00:1450:4001:81d::200a
2a00:1450:4001:820::2002
2a00:1450:400f:80d::2003
2a02:26f0:6c00::210:ba61
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:86:face:b00c:0:50fb
2a05:f500:10:101::b93f:9101
34.198.36.32
34.214.245.56
34.249.136.192
34.249.37.235
34.250.87.211
37.252.172.39
37.252.172.42
52.16.89.247
52.17.182.129
52.18.183.216
52.206.152.90
52.209.124.253
52.34.176.154
52.48.254.224
52.5.158.155
52.5.188.239
54.175.190.102
54.192.94.10
54.192.94.184
54.201.217.203
54.85.214.46
63.140.43.37
64.30.224.172
66.117.28.68
66.117.28.86
68.232.35.180
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
010c5145d45e46469f50c376fd68ae284eec16ce330e843393777b3bf693a28f
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
07b69027231d985f5bdcd4d5a539f120d26003feef6e9dc0a6b77a4b43a9b21f
081873caa83744b6d819ab294b08927e20b60841dd8f23a87c2a57e15f65591c
090edb110522b8706f0f5db0257876cdb51892b32983d01d041e3ac51186e751
0e13cd6845611f0c419398a75b85ba014a7fffb1b9e9575c2e1b4cfefebd0017
0e32d18839abdb0d3bd1e7bfdaabfd2a6239e236396a69fc152c1531f8c6f262
0ee1ac9b8205d664f3c96351689cb427dffc3d6efac40ba6a0bea9e4ae1154b6
0f4176807e149be9c6cc0e583699fffe630cccb37e57242ce5a7b1f7d63d859d
10113bad06fefd5698a45480ffaedd421c6e06f9dbd0d1c772b7128bbea0842d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10ec17811e29757782b8f38ae3cdc4394e76cf63aaa176226829e0799682dc5e
122d78976bfc083338ea0bbbee7ede31726a809f7f90752ed08b5f883c0628ce
1491a1594a4058a62ea4c08441cfcbbfe82a0916b4f26b55f3605af896766dd7
15352b487a76a4e8a7952dbbeb45f3d0d38de713d62c6f52837d80cd75808116
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c
1802e168bbac454e87e3117b29627b5be8efdd7b1521006a97b9e3df63dc12aa
193afc65cb0fdd68b7339da5f62fd8ae689e51cc812b52ae12a3d38d24afb18a
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9
1d4d518e1da495fb6d6d8b3d86bba79d7597b61b466e71c45cdb09ed79659c53
1e917fc16cde2042e180fcddbb877ee1219faad4e9df360a550800b9daba533d
1fd9cb1187942e358453708b06ce4c6ece34a1ce3a1d80bd316c34d56e661742
205eefe89447614dbb282a32e428a70fc5a17da2a00b85a56be213240a240bfc
21245e002a0825c3b6525b825d6f5a89598a48dfa220c8f42c0c3a105873606d
218912b63ac19620c183e6ecb95fa37a2ac47f218902513dd51f59f15376858f
22d98aa81412edaaee9d9e8f1843b206f49f349dd8a483c8c5d960428bac53a1
255edb1f0d3fb5a7d930c19a27388967ec3141a3fce88d7507b336a8ae27ba97
266f769c26eaf0afda122baeec73cf9548eaba0d1fb8c78d65b1e45f91a3f96e
2671d72b96d6d9a1b8bbc1429048505ea6dbc3514daf22ab6dd6dfc8a70ce8d3
26e058121e64e3a97ae6e8b49247ba6b3c9e178ae36f03a2260a861eeb7086c1
27676ea482895bdddd3f3796f430a812e11364efc224227c86973a52398966c2
2b0cc01c6d9ba0434daba1f7354593670b85736dc15108322e8080e1c35051ba
2c09a3ad07c1d0e5fa5c43ede2cd385d007bbfd01b04a1f1fc75f9b173d846d9
2c43932a1f0cc299edc59a25859363f57c618f1b67daff85f6901f5742507b95
2ccd728594ce65fa7e6651109e3bbd61877e548c4dab5480cafa6965f358a4e0
2f60bd168183bbfe87ff44232ac4dc90662cf4f0cafc9c65b0579ce5a6e50ddc
2fc69be9e352bf751667fa720596a24389a6e6b1d4ac5e901c392e7f7cc4e034
307988cf9fcad415252361381eb81ef20b7e28e1c4c1bf8c062c65f37ebac688
33e5e19bca3a0cd6eb3c73b7160afe3a752ddefc95b05e82f74fce1f727e14cd
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3ae5d0f70dfeb1308462aaaa19d8326a6bd2d41781323b07db04cccffc09cf5f
3c599ef176cecdb3de25c6c36bc2945b92c12bcbc2ab03350729f4de296b53b8
3ff065de0d90b0510727a72c173d05652c30967c5e6561dbf1d82fa077cabb22
4403da4c6249d385d6480af53f62118f5b328c7f1c69b2866cfd494c45b0b186
45a173424b7ff32c59da7185bd9dc343a0277c093ea8613e255a8211566ff2f4
48f599c941a65c34009c5931b4a1e4c04c4f669dfe6d89bce0e2c9d143d288d3
48f9bddade007f27f942ee4ab3adbda26951d9f2762f50981fb33cb101637f90
4933147c831f2e620e6ef9a801b44dbe632a54191bb4f8560205743fd5a68cd7
4974c54f5183f50fd1f3c3d49c496fd79602f8159b6d393d3fab09e4433555dd
4d049d83eef469c1f2cc0f5df820144ff6c5eb896b4e4aa2e681a1cba7d622a9
506d37ceb33160257caca58ab2e5cf15b51974fef652ff5550843e0dd2f2fdbd
5616a7380d74a78a42cd93efda3c9d277c3d66c189f2580b825f696af388b7f7
576e8bf4510a62d7cdcfedd8b749f3039d0c5aa8b2bdfe2e38a44645e0f982e4
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
62244315901765ab733deb32346f7d8d70974a27467b2fcc57e8392d3291a53d
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
632edd13aec51f93c017b1f3fc0bc3b1b4c0aaa90b332dbf87205ced1f0d88bf
6644eb3bfad8aba6c22c6195e339ec260857c776a1ae1b100086e4c17fe6bd52
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6ac72fa11e76ea6fdbb1b310f67b3b9b24c11da94774a89323b71930ae544eee
6bf6a92a50156df8d8018b0916a7c98b22e9d2201e42c32dcf9d6d7187df8ab0
6cd3725bdcfa1c97be51595a116362bad6d18eef37cd43b188cdedeb03383f5f
7234f4f5beaeca84f0bf50465b9d79a4b34e33ffc685ea67845756dc1712ade6
763fa0bd7eff816d0a5f8c3e4075f9173a5cebf51a1e2c0d1174f841de10b9dd
767ac875d0dc66c8aa26888d3bcb142901d56e0e69762d142b64b61dba872b68
777b0f00d08011d3250b26f0f12ae95183db91e4c4ee05b98ad25a8d0d85c594
7845f77347831cd3aa9c8014ea32b2c871b888ff140e27b300b4636ab03294fc
794d55d32d1c4b4c3287b9e1718b82c60bc301386f0fbd51ebaf15f80659669a
79941af6b0e853b3636f40703ecaa06c1fba2646a66e1eb0a1762704317be10c
799ce2327805e028c1acd8e6f94b68430d91620ea5c3c0948ae83b3242916b28
7c86eaa4b8bdc723889ae234e1f7bfac8efa8ab14e32662639eb43b63dbd16c4
7e9696aabfbb60803028b14636581f459404cea187d0c0c50b7d4d5cf8e1a3b1
7eae865fd7c820936603897a072b7ddd77b2c74e8022160fd19792291a63fac8
8190f953a646f8fd1144f2c5609fc4c7bcf041fde59c2906039baefe5ff465cb
84c3e9dd0a587bebc22dad106e0ea25041a0a3b1e5dd14e740673b93f03e4061
84e27fba98543bded8b9013706847dad1dfa409edd8c4d333e1d7e409f10c4d9
87bc265dda5e31597442c420def76eeadb5c516d016213a47f570c65d5558b72
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a27fab6c5a0b1db438219c7d24ce2fff95e0910378fe4bdeb64b4f970eebccc
8c981c02ad4ff4171e6ced84b596a09bb57912d41ca244c2b0c8452c18b50a59
8cd01e10a7b12ab943ec9b80f20de26ba89ed12e12a1b3557e7fc0aeea8df1b3
8dbb51259557b9ce44aba88e5618c67f57066955ae3a3357ce289d404eeada68
9337d4f2ef8a00759da573e178e302712fec944ac54cfd808f48c526b9816d3b
98967be95015e8c9218a2d31f44b5335c8eeb5fd9c3a5eddd5e779280c87f771
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9e059f8f79614910d0cfc7beddc959777538a16c71ad83509f8b782e34b85c5e
9ff8ad7ed98b6ec7b3cce11ff52822c56e0d3145b6c596a19d32682ce74d4a44
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a404f81c9bfd9c5ff859cd7a7306165585a58b626302f2a9478e6cab39c85339
a882ed0de2cbc72018357222851d2cdfb8e55ab2e71164d5fef176f67fb51e44
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3
ad82ba455e3abf870a4f35e3721e472fc7c9df2a627e1882a58997ed8ff79e59
b0af43bed31ce98cb518dcc3d10b2ea4d8bf2d41bbb9715cc648d65e67a8c5fa
b14231208407372e55b5bab7427e4077513f3d2a5edbd0d70af5131580954851
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1edfaa2112f760a6430968fe0cd15bc1f1db68f2aa4fe7da5336d7034054f39
b26220c8966d6221f85bdbcfef8df4bce727890ef64ab1e1718edd3ac8dd9fdd
b2ab8784d5ca4bc5e4e1990ba55c6d9f041b8fe8cf41ad9afa37bc1c3dd12756
b5c9194053ff64cbd9797b72f1b5f7766a01489df826fa6ad382169dcc0045f5
b663028aac33a1a6ed8af45be45a220d009ba3395a3bee22a45db024d6d94859
b8eb6995d7ed063e974f13c18b2b07d13c09ab0109c2046a9d9016c42c2cb0aa
ba08ed4e0eb264ade74a0c2ce7f76abf37c0f8ffee9b2a4abe2828af2283d423
ba500ec2b8fe5369597f8a979c3393a461483bcaaaa0c4820b99229c80c43ebb
bb0f26c0b78cd8c1e8f5d5d70e325924417a8e34a640a595037f6d7857eff501
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c582a9af2c0c9cb257ad0f752dfae340f29bb44e9682d45fa462ab68fe10c8d2
cd2e4c9f855d10a911913da3ef8a3c11e9cb6da8728aea03f6aaf8f28fef2aef
cd5e6512fdbb698425174148dba05f72357a3b1944413f8812c55c4025d3d562
cdffb35e3c07cc5dfb8e052efa4486811a1463c7f87421781bc5d2bf39b3b055
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfb455fabf46adc1d34ed3f7ebcdd747876d5b65e7b3e67bcd011b437f869dda
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41
d32e487cce68091fc74d12a4076f14c47d132566aafaff35b64acad1f3e07937
d48e0904f1b40972f1fc6dac3f358719e080fab3291d13d2ca4a60405707a88b
d5e9dfd6066c2872be4f85c25aa0186402b124ea3f80152e2e2b767906793284
d696da403b0169c2191d0ec0b0fcdaa85487b21b19fd58f4b1fb5b9edf40b153
d7a5a2238d8569ea642f512280f5716bf64431e6dc483f914227c235cf84aae0
d7dd169aa6c16b4261468e7e721c83bd59a7b66bf05406f691bf69bdb5d43206
dab2e2bc3130d341255beae8587e0a612e86fa1d2643a609106f7d12b70eb4c1
dabf73474662398f4f686a1b3103542f53384dd6241e6ac13f8ba535c6372aff
de4b8c1882f3c5f3e8d7ed920d1f4f31865ee05228fa7c60800656f3b279287d
de749bdbeeb7bb7f79cb31ff00fe6830004064419f73fe9a6ec982e9de8bf19d
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e02858a6376a1ee969dc0b5e46c5488fba8a70ba58aca9e7cf3211179e62bb83
e08209b44a15fd9f6b9977d2580034e8d3da36542235802c2722ff8db4c0a461
e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f
e14d7cb3c05478a6241bc97f40ac9ee596676199aa4c95ddf4725bd94fd1e6b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41f9d0fb2d51a0375967a0ef23dac71eabde665b7ad3af7cf65e2f5f0cb784a
e482ba089d973ca257acfd70b2d7541447d5d333449b106d5c3dffebe322566a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e877164adb1c8d6045688b706b5fe85736a8f5e89a1d30367f4c9ec6719f6f60
e9b3eb7f022396e969766ad5e908b21df0b646c943e149902c64de590e9549d9
ed2c3c51640ce6884fdbe34181ccd48f0208fab69bd793cc25d02abedbfab104
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbae295f78a835041fb71d600ad64164ee2a9c20599e183bebf65e2dd038877
f401431a8d231fbf4334e582d4686b70a693b6d1827dc8dbcb03272e20c4a06c
f4efb95cc63b692b69be5dbcd96a96e9b145b10b7f87c4d6483ebbc8718c08a4
f66b77e9062e31fc65a0e6402c7c504b717f27363d39b7bd74bdc98a89ee41b4
f66d7fd334ebefe20bbb0ffd73cb19c0c69025d3c22a54e5a29e3f5288aa2ad3
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473
fb755053f7e8d7f850d9fc4aa6da49c2567e7bd54678ea8c0f9fd69516af81e2
fb9007c254c493be4a067de535b19a30f5e5aef3d5b19f58b1c72d2c65a04f79
fc5d56363919d449fe99d20c71608b6ecf4bcb76e680e72c03178982910cc7aa
fcbc952d73603173d1289c64eff23efb16b17636dd83d60f424c2c7edcfce304
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
ffb3ea51f7d25a9f40c5f5297875da8833c3752c470071ecb03df8afa58afb4d