www.scmagazine.com Open in urlscan Pro
2606:4700:20::681a:3d7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-...
Submission: On September 19 via api (September 19th 2020, 4:05:33 am UTC) from US

Summary HTTP 127 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 39 IPs in 6 countries across 26 domains to perform 127 HTTP transactions. The main IP is 2606:4700:20::681a:3d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.scmagazine.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 13th 2020. Valid for: a year.

This is the only time www.scmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	2606:4700:20:... 2606:4700:20::681a:3d7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	204.180.130.159 204.180.130.159	53866 (QTS-AS) (QTS-AS)
2	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:5a00:a:1779:3180:93a1	16509 (AMAZON-02) (AMAZON-02)
3	52.216.184.5 52.216.184.5	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE)
1 13	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:216	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.88.207.174 54.88.207.174	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:303... 2606:4700:3033::681c:60b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.157.54 99.84.157.54	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2600:1f14:e96... 2600:1f14:e96:5802:57bd:275a:39e5:ed69	16509 (AMAZON-02) (AMAZON-02)
1 3	2600:1f14:e96... 2600:1f14:e96:5802:5b52:db93:bb75:1bb4	16509 (AMAZON-02) (AMAZON-02)
1	143.204.201.121 143.204.201.121	16509 (AMAZON-02) (AMAZON-02)
17	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:817::2001	15169 (GOOGLE) (GOOGLE)
5	54.144.112.83 54.144.112.83	14618 (AMAZON-AES) (AMAZON-AES)
1	13.35.254.76 13.35.254.76	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 3	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
3	3.229.100.58 3.229.100.58	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c09::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
2	204.180.130.165 204.180.130.165	53866 (QTS-AS) (QTS-AS)
2 2	34.255.148.227 34.255.148.227	16509 (AMAZON-02) (AMAZON-02)
1 1	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	52.48.230.192 52.48.230.192	16509 (AMAZON-02) (AMAZON-02)
1	54.191.53.245 54.191.53.245	16509 (AMAZON-02) (AMAZON-02)
1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81d::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400a:800::2003	15169 (GOOGLE) (GOOGLE)
127	39

26 2606:4700:20::681a:3d7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.scmagazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 204.180.130.159 (Chicago, United States)

ASN53866 (QTS-AS, US)
PTR: my.omedastaging.com

olytics.omeda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:5a00:a:1779:3180:93a1 (United States)

ASN16509 (AMAZON-02, US)

content.maropost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.216.184.5 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.217.22.2 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:216 (United States)

ASN13335 (CLOUDFLARENET, US)

c.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.88.207.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-207-174.compute-1.amazonaws.com

accounts.haymarketmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::681c:60b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.157.54 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-157-54.txl52.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:e96:5802:57bd:275a:39e5:ed69 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

api.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f14:e96:5802:5b52:db93:bb75:1bb4 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

api-54-191-53-245.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.121 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-121.fra53.r.cloudfront.net

s.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9ec194b2b8116cd9c68bf6788230cd54.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.144.112.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-112-83.compute-1.amazonaws.com

polo.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
polo-v1.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.254.76 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-76.fra6.r.cloudfront.net

marco.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.220.145 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.229.100.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-100-58.compute-1.amazonaws.com

a.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c09::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.180.130.165 (Chicago, United States)

ASN53866 (QTS-AS, US)

oqs.omeda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.255.148.227 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-148-227.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.230.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.191.53.245 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-191-53-245.us-west-2.compute.amazonaws.com

api-54-191-53-245.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400a:800::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	scmagazine.com www.scmagazine.com	470 KB
19	googlesyndication.com 9ec194b2b8116cd9c68bf6788230cd54.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	161 KB
19	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	159 KB
10	omeda.com olytics.omeda.com oqs.omeda.com	81 KB
7	feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co polo-v1.feathr.co	37 KB
7	googletagservices.com www.googletagservices.com	158 KB
5	b2c.com 2 redirects api.b2c.com api-54-191-53-245.b2c.com	7 KB
4	2mdn.net s0.2mdn.net	144 KB
4	dpmsrv.com s.dpmsrv.com a.dpmsrv.com	40 KB
4	adsrvr.org 2 redirects js.adsrvr.org match.adsrvr.org insight.adsrvr.org	3 KB
4	google-analytics.com www.google-analytics.com	50 KB
4	gstatic.com fonts.gstatic.com csi.gstatic.com	43 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	amazonaws.com s3.amazonaws.com	2 MB
2	google.com adservice.google.com www.google.com	996 B
2	google.de adservice.google.de www.google.de	996 B
2	licdn.com snap.licdn.com	3 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	rlcdn.com idsync.rlcdn.com	66 B
1	crazyegg.com script.crazyegg.com
1	haymarketmedia.com accounts.haymarketmedia.com	616 B
1	lytics.io c.lytics.io	418 B
1	maropost.com content.maropost.com	3 KB
1	googletagmanager.com www.googletagmanager.com	47 KB
1	gravatar.com secure.gravatar.com	2 KB
127	26

	Domain	Requested by
26	www.scmagazine.com	www.scmagazine.com
13	securepubads.g.doubleclick.net	1 redirects www.googletagservices.com securepubads.g.doubleclick.net www.scmagazine.com
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.scmagazine.com tpc.googlesyndication.com
8	olytics.omeda.com	www.scmagazine.com olytics.omeda.com
7	www.googletagservices.com	www.scmagazine.com securepubads.g.doubleclick.net olytics.omeda.com
6	pagead2.googlesyndication.com	olytics.omeda.com securepubads.g.doubleclick.net
4	s0.2mdn.net	securepubads.g.doubleclick.net
4	googleads4.g.doubleclick.net	www.scmagazine.com
4	polo.feathr.co	cdn.feathr.co www.scmagazine.com
4	api-54-191-53-245.b2c.com	1 redirects www.scmagazine.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	a.dpmsrv.com	www.scmagazine.com s.dpmsrv.com
3	ib.adnxs.com	2 redirects www.scmagazine.com
3	fonts.gstatic.com	fonts.googleapis.com
3	s3.amazonaws.com	www.scmagazine.com
2	match.adsrvr.org	2 redirects
2	oqs.omeda.com	olytics.omeda.com
2	px.ads.linkedin.com	1 redirects www.scmagazine.com
2	snap.licdn.com	www.scmagazine.com snap.licdn.com
2	fonts.googleapis.com	www.scmagazine.com
1	csi.gstatic.com	securepubads.g.doubleclick.net
1	insight.adsrvr.org	js.adsrvr.org
1	idsync.rlcdn.com	www.scmagazine.com
1	cm.g.doubleclick.net	1 redirects
1	polo-v1.feathr.co	www.scmagazine.com
1	www.google.de	www.scmagazine.com
1	www.google.com	www.scmagazine.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.linkedin.com	1 redirects
1	marco.feathr.co	www.scmagazine.com
1	9ec194b2b8116cd9c68bf6788230cd54.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	s.dpmsrv.com	www.scmagazine.com
1	api.b2c.com	1 redirects
1	js.adsrvr.org	www.googletagmanager.com
1	script.crazyegg.com	www.googletagmanager.com
1	cdn.feathr.co	www.scmagazine.com
1	accounts.haymarketmedia.com	www.scmagazine.com
1	c.lytics.io	www.scmagazine.com
1	content.maropost.com	www.scmagazine.com
1	www.googletagmanager.com	www.scmagazine.com
1	secure.gravatar.com	www.scmagazine.com
127	43

This site contains links to these domains. Also see Links.

Domain
cyberrisk.dragonforms.com
www.parsintl.com
infosecworldusa.com
www.risksecconference.com
scawardsus.com
www.scmagazineuk.com
twitter.com
www.facebook.com
www.linkedin.com
reddit.com
onlinexperiences.com
www.youtube.com
events.cyberriskalliance.com
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-13` - `2021-08-13`	a year	crt.sh
*.omeda.com SSL.com RSA SSL subCA	`2020-07-31` - `2021-08-18`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.maropost.com Go Daddy Secure Certificate Authority - G2	`2019-06-10` - `2021-08-09`	2 years	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-08-04` - `2021-08-09`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
accounts.haymarketmedia.com Amazon	`2020-08-30` - `2021-09-30`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
b2c.com Let's Encrypt Authority X3	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.dpmsrv.com Amazon	`2020-06-15` - `2021-07-15`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
polo.feathr.co Let's Encrypt Authority X3	`2020-08-27` - `2020-11-25`	3 months	crt.sh
marco.feathr.co Amazon	`2020-08-22` - `2021-09-22`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
www.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Frame ID: 2B03A2CD29FA886C8B4064B563A3F71D
Requests: 93 HTTP requests in this frame

Frame: data://truncated
Frame ID: CD9C310AD69B24141A9FA6227D6E24F4
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&upid=e4qkh98&upv=1.1.0
Frame ID: 4E86966F1BCEC749B76F5A5C07EAE99E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: CEAD8FD79A39DABECE8256020F7288A7
Requests: 1 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_6TMqny6QiU4STSXQcoETfvoFAqw4cRuE8tAivFdmE2NWnXT0-i77aIhrMVxuYqX5D7buhM6kQmPFxQojj6a6kAJiiujd_oxI8drJ7NPhjuYW4dITCsNqY-mC9qnMLfgzY3hmNunZa0gTmga0UA87iDiRsw3Cv8eDMGFwPI9OQD56aUwVBdqzQm8Mqtx9oSU58bvZEYa1IY3j9Pxka1DfngxPpfswC0ESkJ33ESX4Azr9gBSGz-iwKoJ60qJjxwyffquH3e7CTjhcmg5Rpki2ZmTCEobSCe5o-weRd3VXSpfaajPQ02oU8NPre0if0m-K0EpPS9uHGSK_78fB1XOxSA&sig=Cg0ArKJSzLKrZvQVpqRfEAE&urlfix=1&adurl=
Frame ID: 1AE26A7CEB701630B2F563EF278F98ED
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E6BB1660A801C3E30F9B44C5D3B01338
Requests: 1 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsugm7jalilPcA8xCRCJfNigoJjx4XwFEAZbr7hHV2J3bAehSi5uxIAyOKM_3H1ZrkIiESs9vdKYUQwp_p_ghtc-BZyvpiqS_z-XwHqgmHVOkA7pOSetpykXP0hYyoDXE5kUUAVsl8vxKiXRvCzItnG2UVmRm51rIxRm99Qlgg4z_T7PZtz4eqPFAyjep3MumHjU64wKOfDjur5VfGeJj_MoXDwnlDF3PGTPN0fGoINYmLUw5RrDj5cOelHZ6lJ4Rvn4TrOwNnd8HFuujRUkN0XjvVV1jvSCONrt2cewvU5pw6Rmw5j1GZorq0BoXoXTaaKlQhsUJjMAlQ1ti5OdeTnbrQ&sig=Cg0ArKJSzEKIxwiEsZZxEAE&urlfix=1&adurl=
Frame ID: 2ADC9FBDCE80F72E5901A588D6C417D6
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5805F4AA307ED498442EA9FAA7BA68CA
Requests: 1 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssl7jNM7EgnXgHxekFdfN9c34OIAOeVE26sA35AXFbKk3OR5bxdyZBoNwikV56-8WPF-08N-XFt4I4JPteC6icvgdt2OiWi__CBFG6C3XSiUgD5XIDndVEBMIGX0Jpyivo4EEzaMrmmPFEO_P2cgen0uiVKlq8QgPanEwxC_O5Sm7HCWT2mIWPpnWtVMwbnLGOBno7zXscQkm1VjGCqXw0lpHcNSAz4sEE8l7QuFTIOz0oVsCrv2j4FSBY8iCxgF1aqjEsiT_sRsxnusIS8rtjAkOmw-2XEJFQzr9JrTgopZk0B4oFxuixfgAh6a5gBLhzjcdL1SUWS0wh8xS0&sig=Cg0ArKJSzA7APKWu8nBBEAE&urlfix=1&adurl=
Frame ID: 6BC687F4ADBC04E167C9F76DFC4803C4
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 706236E2628D42479F75EC497979B469
Requests: 1 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssSDZM5zB3SqI91wAFSXNTC9doXonRKHL3KNsVCA1OiQre5xcq0OpxVFKvKERV89_xZQS4VO3I9vCnK5UmXMqvSceYJDmFlMJC5vYzLzFxgYJo9-8wvFzdDwUOEGrPfKqDz2H3O4WmH8GenXOeTj6l81HWVkdw-Ek3TaxmApRMJPiYcvfX0JUGz7wMooPypTd7f3QsJT7RGvdaKKHWKhkFe2e7FrpsGPwUY-zm60vAV2LWidA1al8ruhKY589-gj-DpeOtLKMcz9gwpvq1kJXWPe0Xf7T-NCBpU3ft5Rwa2vEMtTVu91MpvM01IgnSC8f-RZojMUZuUmNdPTxw&sig=Cg0ArKJSzHIAW-UtOsfnEAE&urlfix=1&adurl=
Frame ID: A6D81A9A6836186CEAD6737EEF64AE23
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8B52D4657056ED1307235F35D5B34D96
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

127
Requests

100 %
HTTPS

60 %
IPv6

26
Domains

43
Subdomains

39
IPs

6
Countries

3060 kB
Transfer

4933 kB
Size

12
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://cyberrisk.dragonforms.com/loading.do?omedasite=SCM_newsletter
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://www.parsintl.com/publication/sc/
Title: Licensing & Product Reviews

Search URL Search Domain Scan URL

URL: http://infosecworldusa.com/
Title: InfoSec World

Search URL Search Domain Scan URL

URL: https://www.risksecconference.com/
Title: RiskSec

Search URL Search Domain Scan URL

URL: https://scawardsus.com/
Title: SC Awards

Search URL Search Domain Scan URL

URL: https://www.scmagazineuk.com/
Title: SC UK

Search URL Search Domain Scan URL

URL: https://twitter.com/bbb1216bbb
Title: Follow @bbb1216bbb

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/&text=NCR%20confirms%20malware%20in%20lab%20environment,%20says%20clients%20not%20at%20risk
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/&title=NCR%20confirms%20malware%20in%20lab%20environment,%20says%20clients%20not%20at%20risk
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=398C072A-1EF9-431B-BFE9-5DCF8E3D1868&AffiliateData=0916sc
Title: CATCH WHAT YOU MISSED at RiskSec: Sessions available on demand

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SCMag/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/scmagazine
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/scmediaus/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SCMagazineUS
Title:

Search URL Search Domain Scan URL

URL: https://events.cyberriskalliance.com/risksec-2020
Title: RiskSec Conference

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstq_-Csr9SStdlOeHqEvlTDvDdBgdszL5TLwmyEQ5ZSoOOC8COMXhRMGq6761xUA6mFRf3GlYwSwqB2atbS_SYJfihIl4sIm6bG7chX-007Cg7YJKdnn660G0zA0YGsmdTJHrqDTBmrbhXWx3dsj7WehECxouEfK54EJV53Jb1rO3f0m62S7bOKR29g6fYfL63enodjGwt5eCT3uKvFEHLNoc_raOy2uyreeJZ3qsvP54F62qQLk7u-PHDcXiYfJTxJJU6KMcQ&sai=AMfl-YR0WfNI9l-zB1IbxKNALRchgzytmI4zMS5zGyVc4BWul5tWzrhLok_5DFhKgF4UqPLWghJnbBTKh8HPxOjk0hUHwb7_A73LdvdyzeX1Zlz-3CaAuZoM19_vOk_mCUo&sig=Cg0ArKJSzAuoro-2OTkUEAE&urlfix=1&adurl=https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=AE8F47DF-E781-4D52-8535-31C0034B661E&AffiliateData=scpopup

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js HTTP 307
https://api-54-191-53-245.b2c.com/api/embed-kgq1KJFlowMLlQfs.js

Request Chain 59

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1600488315988 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fmalware%252Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%252F%26time%3D1600488315988%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1600488315988&liSync=true

Request Chain 61

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D1122%26pixelIndex%3D0%26r%3D260031%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fmalware%252Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%252F&_=1600488316006 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D1122%2526pixelIndex%253D0%2526r%253D260031%2526tzOffset%253D-120%2526url%253Dhttps%25253A%25252F%25252Fwww.scmagazine.com%25252Fhome%25252Fsecurity-news%25252Fmalware%25252Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%25252F%26_%3D1600488316006 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?id=2382416089407868531&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=260031&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&_=1600488316006

Request Chain 64

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvdgY5q7FT6qtLC4ARII8_2cP0D54EyZ4N9LB2H75x5VuSxPNbQsbFdplVx9UrJ0PQDxsWopl8Qq4FU8_rLofflQSp2Aa4MWnBYhuUNURNNyy4a5-RZx5zzJN5lYWfdxPfCdqAdAyYQFdlbBW2C1DDoGSObzBv6I39lnsbSrPXH2IiBUPI55NCueQm99NXvV6LN1KAbCGKRg_XKmH_Wa4sYRwYZ3WX0gZ4u44u8QRYquhJyDMH8TrOANKYV3akVtCxU2BHqlvDZtwD1nnKgBE3qRv1NZ0M3HRlxag&sai=AMfl-YTh3AYrP4dm6KiDzOSeAC7T7UQ1PtVI2kWqvsiX6g0FshXl7DijAm3MNBSvUaM3b7fQbzPcMOb6Q3VYqt3epBvXIT5fgEBuv_Y-0q0VaGKyiS9v7DtFSv6fJ4S2XLk&sig=Cg0ArKJSzAcPIz-V25n7EAE&urlfix=1&adurl=https://tpc.googlesyndication.com/simgad/18188086706592323727? HTTP 302
https://tpc.googlesyndication.com/simgad/18188086706592323727

Request Chain 74

https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f65837c63267f00084b71b2&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f65837c63267f00084b71b2&gdpr=0 HTTP 302
https://polo-v1.feathr.co/v1/analytics/match?f_id=5f65837c63267f00084b71b2&ttd_id=0fef04a6-eeaa-4d08-89d1-45df5267785e

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=2382416089407868531&pixelIndex=0&_=1600488316007 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2382416089407868531&pixelIndex=0&_=1600488316007&google_gid=CAESEE5VUlwapYPmW5RIuiY6scY&google_cver=1

Request Chain 86

https://api-54-191-53-245.b2c.com/api/x?kgq1KJFlowMLlQfs$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL21hbHdhcmUvZXhjbHVzaXZlLXRyb2phbi1hcHBhcmVudGx5LWluZmVjdHMtbmNyLXBvc2luZy1wb3NzaWJsZS1zdXBwbHktY2hhaW4tcmlzay8iLCJyZWZlcnJlciQwJCIsImFuY2VzdG9yT3JpZ2lucyQwJCIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQwIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDEiLCJ3aW5kb3ckMCQxNjAweDEyMDAiLCJpbm5lciQwJDE2MDB4MTIwMCIsIm91dGVyJDAkMTYwMHgxMjAwIiwibG9jYWxTdG9yYWdlJDAkMSIsInNlc3Npb25TdG9yYWdlJDEkMSIsImFwcENvZGVOYW1lJDEkTW96aWxsYSIsImFwcE5hbWUkMSROZXRzY2FwZSIsImFwcFZlcnNpb24kMSQ1LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQxJHRydWUiLCJkb05vdFRyYWNrJDEkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQxJDE2IiwibGFuZ3VhZ2UkMSRlbi1VUyIsInBsYXRmb3JtJDEkTGludXggeDg2XzY0IiwicHJvZHVjdCQxJEdlY2tvIiwicHJvZHVjdFN1YiQxJDIwMDMwMTA3Iiwic2VuZEJlYWNvbiQxJDEiLCJ1c2VyQWdlbnQkMSRNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODMuMC40MTAzLjYxIFNhZmFyaS81MzcuMzYiLCJ2ZW5kb3IkMSRHb29nbGUgSW5jLiIsInZlbmRvclN1YiQxJCIsImZvbnRyZW5kZXIkNSQxIiwid2ViZ2wkNiRuL2EiLCJ0aW1lJDYkMTYwMDQ4ODMxNjkxNyIsInRpbWV6b25lJDYkLTEyMCIsInBsdWdpbnMkNiROb25lIiwibWVtLXRvdGFsSlNIZWFwU2l6ZSQ3JDE4Ljc4MzEzNiIsIm1lbS11c2VkSlNIZWFwU2l6ZSQ3JDE2LjY1MzA4IiwibWVtLWpzSGVhcFNpemVMaW1pdCQ3JDQyOTQuNzA1MTUyIiwidGltZS1kb21haW5Mb29rdXBTdGFydCQ3JDEiLCJ0aW1lLWRvbWFpbkxvb2t1cEVuZCQ3JDEiLCJ0aW1lLWNvbm5lY3RTdGFydCQ3JDEiLCJ0aW1lLWNvbm5lY3RFbmQkNyQxNSIsInRpbWUtc2VjdXJlQ29ubmVjdGlvblN0YXJ0JDckNyIsInRpbWUtcmVxdWVzdFN0YXJ0JDckMTUiLCJ0aW1lLXJlc3BvbnNlU3RhcnQkNyQ1MDEiLCJ0aW1lLXJlc3BvbnNlRW5kJDckNTAzIiwidGltZS1kb21Mb2FkaW5nJDckNTA0IiwidGltZS1kb21JbnRlcmFjdGl2ZSQ3JDE1MjUiLCJ0aW1lLWRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0JDckMjUzMCIsInRpbWUtZG9tQ29udGVudExvYWRlZEV2ZW50RW5kJDckMjU1NSIsIm5hdmlnYXRpb24tcmVkaXJlY3RDb3VudCQ3JDAiLCJuYXZpZ2F0aW9uLXR5cGUkNyRuYXZpZ2F0ZSIsImdsb2JhbHMtdGltZSQxMyQxLjU1NSIsImdsb2JhbHMkMTMkOTVmODMyOTciLCJkb2N1bWVudC10aW1lJDE2JDAuODM1IiwiZG9jdW1lbnQkMTckOWMyZDZlNTMiLCJjb25uZWN0aW9uJDE3JCIsImRvd25saW5rTWF4JDE3JCIsImdldFVzZXJNZWRpYSQxNyQyIiwiY2xvY2skMjEkMzU0NyIsImJhdHRlcnkkMzEkMSAxIDAgSW5maW5pdHkiLCJwZXJtaXNzaW9uLWdlb2xvY2F0aW9uJDMxJHByb21wdCIsImF1ZGlvY29udGV4dCQzMSRmN2U3MTJkOSIsImludGVyc2VjdGlvbi1zaXplJDMyJDE2MDB4MTIwMCIsImludGVyc2VjdGlvbiQzMiQyOSIsInBlcm1pc3Npb24tbm90aWZpY2F0aW9ucyQzMiRwcm9tcHQiLCJwZXJtaXNzaW9uLWNhbWVyYSQzMiRwcm9tcHQiLCJwZXJtaXNzaW9uLW1pY3JvcGhvbmUkMzIkcHJvbXB0IiwicGVybWlzc2lvbi1wZXJzaXN0ZW50LXN0b3JhZ2UkMzIkcHJvbXB0Iiwic29ydCQ1NyQxMy41MjUiLCJmcmFtZXJhdGUkMTMzJDkwIiwiYWRibG9jayQxOTAkMA HTTP 302
https://api-54-191-53-245.b2c.com:444/api/4?kgq1KJFlowMLlQfs

127 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/ 86 KB
20 KB 501ms
486ms Document
text/html 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

309b626337a8814c28f9975d6a7d6d62b9c1b20254d6285b4cd534d4c5e5b869

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

:method: GET
:authority: www.scmagazine.com
:scheme: https
:path: /home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 19 Sep 2020 04:05:14 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dbe083a3346ade8be2466d391e50dfd611600488314; expires=Mon, 19-Oct-20 04:05:14 GMT; path=/; domain=.scmagazine.com; HttpOnly; SameSite=Lax; Secure
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie,X-WPENGINE-SEGMENT
x-frame-options: SAMEORIGIN SAMEORIGIN
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/" <https://www.scmagazine.com/?p=106972>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 1
x-cache-group: normal
cf-cache-status: DYNAMIC
cf-request-id: 054622ade200000eb79524c200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5d506d5c9d640eb7-FRA
content-encoding: br

GET
H2 200 style.min.css
www.scmagazine.com/wp-includes/css/dist/block-library/ 52 KB
7 KB 16ms
12ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 859946
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afcf00000eb79525b200000001
last-modified: Fri, 24 Apr 2020 15:32:14 GMT
server: cloudflare
etag: W/"5ea3067e-d159"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb9940eb7-FRA

GET
H2 200 shared-style.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 47 KB
6 KB 16ms
13ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/shared-style.min.css?ver=1596173836

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a716b26ff515ccfb6f33b4b06b82c9587674938c5994d81e261ef41907d57529

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3292475
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afcf00000eb79525c200000001
last-modified: Fri, 31 Jul 2020 05:37:16 GMT
server: cloudflare
etag: W/"5f23ae0c-bdba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb9960eb7-FRA

GET
H/1.1 200 olytics.css
olytics.omeda.com/olytics/css/v3/p/ 28 KB
3 KB 706ms
113ms Stylesheet
text/css 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/css/v3/p/olytics.css?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

c9729d6e62c9df65567bbcd5b1b8353617b67d36c4c3d6d7a97e0a092a2872e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Jul 2020 16:03:22 GMT
Server: Apache
ETag: W/"28537-1595606602000"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Transfer-Encoding: chunked
Accept-Ranges: bytes
vary: accept-encoding
X-XSS-Protection: 1; mode=block
Expires: Sat, 19 Sep 2020 10:05:15 GMT

GET
H2 200 style.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 241 KB
28 KB 20ms
17ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1599828412

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

794224b5f30fd821d59b61813e974c82ef6879801b42dff5785cfa30c972b1c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 254216
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afcf00000eb79525d200000001
last-modified: Fri, 11 Sep 2020 12:46:52 GMT
server: cloudflare
etag: W/"5f5b71bc-3c571"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb9970eb7-FRA

GET
H2 200 css
fonts.googleapis.com/ 3 KB
604 B 21ms
18ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c14a94a28817f61a07c64ad2431d29662763ae0237fb0317d4aeede78e5d24b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Sep 2020 02:50:46 GMT
server: ESF
date: Sat, 19 Sep 2020 04:05:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Sep 2020 04:05:14 GMT

GET
H2 200 lytics.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 37 KB
3 KB 14ms
11ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/lytics.min.css?ver=1576575436

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 859946
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb79525e200000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-95f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb9980eb7-FRA

GET
H2 200 css
fonts.googleapis.com/ 827 B
491 B 19ms
17ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Bree+Serif&ver=0.1.1

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7385bc83ced10d8f10ccbc3c714a0e3e44fad6aca40c8c007b5f84af5f9120

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 19 Sep 2020 02:58:55 GMT
server: ESF
date: Sat, 19 Sep 2020 04:05:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Sep 2020 04:05:14 GMT

GET
H2 200 jquery.js Show response
www.scmagazine.com/wp-includes/js/jquery/ 95 KB
32 KB 26ms
24ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10040358
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb79525f200000001
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb9990eb7-FRA

GET
H2 200 jquery-migrate.min.js Show response
www.scmagazine.com/wp-includes/js/jquery/ 10 KB
4 KB 14ms
12ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975782
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb795260200000001
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: cloudflare
etag: W/"573eaa90-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb99a0eb7-FRA

GET
H2 200 cookie.min.js Show response
www.scmagazine.com/wp-content/mu-plugins/cookie-controller/js/ 2 KB
1 KB 15ms
13ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/mu-plugins/cookie-controller/js/cookie.min.js?ver=1.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975782
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb795261200000001
last-modified: Tue, 17 Dec 2019 09:37:13 GMT
server: cloudflare
etag: W/"5df8a1c9-834"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb99b0eb7-FRA

GET
H2 200 hm-olytics-beacon.js Show response
www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/ 1 KB
627 B 12ms
10ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975782
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb795262200000001
last-modified: Tue, 17 Dec 2019 09:37:14 GMT
server: cloudflare
etag: W/"5df8a1ca-421"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb99c0eb7-FRA

GET
H2 200 UtilityMove-custom.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/ 2 KB
846 B 12ms
11ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1576744511

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975782
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb795263200000001
last-modified: Thu, 19 Dec 2019 08:35:11 GMT
server: cloudflare
etag: W/"5dfb363f-751"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb99d0eb7-FRA

GET
H2 200 polyfill.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/assets/js/frontend/ 102 KB
33 KB 27ms
25ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/js/frontend/polyfill.min.js?ver=1576575436

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975782
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb795264200000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-19873"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb99f0eb7-FRA

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 52 KB
17 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d5921a1db0ca67cb1626c00c164a1af68c3895936e4b0e89b8c84c1581f0d91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "637 / 660 of 1000 / last-modified: 1600467439"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17775
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:14 GMT

GET
H2 200 head.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 43 KB
12 KB 19ms
18ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/head.min.js?ver=1590323446

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bc0803af1c71fdc1d1e21502a3ad2bfad197707fbfb0b471b9d4f3af6ac3786

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10164262
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622afd000000eb795265200000001
last-modified: Sun, 24 May 2020 12:30:46 GMT
server: cloudflare
etag: W/"5eca68f6-ac71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5fb9a00eb7-FRA

GET
H2 200 SC-MEDIACYBERSOURCEnotag.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/01/ 138 KB
138 KB 14ms
13ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/01/SC-MEDIACYBERSOURCEnotag.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad6110f575081c4de945f980ccf2e045737f164ad2a3d294daffd192f7a5c914

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12786408
status: 200
vary: Accept-Encoding
content-length: 141243
cf-request-id: 054622b05c00000eb79526f200000001
last-modified: Tue, 21 Jan 2020 20:09:10 GMT
server: cloudflare
etag: "5e275a66-227bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5d506d609a960eb7-FRA
cf-bgj: h2pri

GET
H2 200 /
secure.gravatar.com/avatar/ 1 KB
2 KB 11ms
11ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/?s=96&d=mm&r=g
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 148b35f5e5d3dd37d6fc44caa577d6b478b0a62bb1200439d1f77e21f9c88c64

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Sat, 19 Sep 2020 04:05:14 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="none.png"
accept-ranges: bytes
link: <http://www.gravatar.com/avatar/?s=96&d=mm&r=g>; rel="canonical"
content-length: 1528
expires: Sat, 19 Sep 2020 04:10:14 GMT

GET
H2 200 GettyImages-630047974-1024x683.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/08/ 106 KB
106 KB 748ms
747ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/08/GettyImages-630047974-1024x683.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcc6f3e870333d7408f543f7085b40b8aa8a1ea7ef0aa36f39724bcd8bdaf390

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 108268
cf-request-id: 054622b07b00000eb795270200000001
last-modified: Thu, 27 Aug 2020 17:45:18 GMT
server: cloudflare
etag: "5f47f12e-1a6ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5d506d60cac00eb7-FRA

GET
H2 200 image1-256x300.png
www.scmagazine.com/wp-content/uploads/sites/2/2020/08/ 16 KB
16 KB 482ms
482ms Image
image/png 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/08/image1-256x300.png

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c64f79d1ed7c8294b66215d68a6074637ed28ec9cce330a2e6801ebdf5ca4f18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 15915
cf-request-id: 054622b31a00000eb795283200000001
last-modified: Thu, 27 Aug 2020 16:45:37 GMT
server: cloudflare
etag: "5f47e331-3e2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5d506d64f85c0eb7-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 146 KB
47 KB 24ms
21ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc007a4560cc3671f0eb8a9eab0501d8a442e473656e2774238bf41a4a8b7c2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47932
x-xss-protection: 0
last-modified: Sat, 19 Sep 2020 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 19 Sep 2020 04:05:15 GMT

GET
H2 200 spinner.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/ 694 B
520 B 13ms
10ms Image
image/svg+xml 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/spinner.svg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13978649
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622b34a00000eb795284200000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-2b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d6548c80eb7-FRA
cf-bgj: h2pri

GET
H2 200 email-decode.min.js Show response
www.scmagazine.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
843 B 7ms
7ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
cf-request-id: 054622aff200000eb795266200000001
last-modified: Mon, 14 Sep 2020 19:48:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f5fc924-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 5d506d5fe9e60eb7-FRA
expires: Mon, 21 Sep 2020 04:05:14 GMT

GET
H2 200 Kaspersky_getty-scaled-e1598303018659-150x150.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/08/ 10 KB
10 KB 376ms
373ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/08/Kaspersky_getty-scaled-e1598303018659-150x150.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7977b4e4f640b8099f1f05d09b568d190977386a69173baef976892ea52eadd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 9890
cf-request-id: 054622b34a00000eb795285200000001
last-modified: Mon, 24 Aug 2020 21:03:38 GMT
server: cloudflare
etag: "5f442b2a-26a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5d506d6548c90eb7-FRA

GET
H2 200 2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js Show response
content.maropost.com/uploads/1325/websites/1/ 3 KB
3 KB 41ms
6ms Script
text/plain 2600:9000:2057:5a00:a:1779:3180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.maropost.com/uploads/1325/websites/1/2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js?ver=1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:5a00:a:1779:3180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 05:21:03 GMT
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
last-modified: Thu, 13 Dec 2018 20:46:06 GMT
server: AmazonS3
age: 81853
etag: "33bca5680760348835deea8e5dcbdb62"
x-cache: Hit from cloudfront
status: 200
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 2565
x-amz-cf-id: 80SDlRFmOusSn-Xd49ceYI0Z3ciXmX5aeL-zK-57-U7ULCGtn9ztTg==

GET
H2 200 blocks.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 7 KB
3 KB 14ms
14ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/blocks.min.js?ver=1580891445

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dfb849a3b8bcf3e07184092c4cc99a9f08f27f01e5de41a871d3ee8750303bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975782
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622affb00000eb795268200000001
last-modified: Wed, 05 Feb 2020 08:30:45 GMT
server: cloudflare
etag: W/"5e3a7d35-1b54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d5ff9f20eb7-FRA

GET
H2 200 feather-tool.js Show response
www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/ 548 B
442 B 13ms
10ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579a9beff0c400b8b0e87f99d32c3ec8b2b3232232d6ac63438434a0a0d7a8b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13975783
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622b34b00000eb795286200000001
last-modified: Tue, 17 Dec 2019 09:37:14 GMT
server: cloudflare
etag: W/"5df8a1ca-224"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d6548ca0eb7-FRA

GET
H2 200 hm-olytics-page-tag.js Show response
www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/ 103 B
179 B 13ms
11ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-page-tag.js?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 859946
status: 200
vary: Accept-Encoding, Accept-Encoding
cf-request-id: 054622b34b00000eb795287200000001
last-modified: Tue, 17 Dec 2019 09:37:14 GMT
server: cloudflare
etag: W/"5df8a1ca-67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d6548cb0eb7-FRA

GET
H/1.1 200
OK hmi-registration-ui.manifest.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 870 B
1 KB 417ms
114ms Script
application/javascript 52.216.184.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.manifest.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.184.5 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 5e8095cad5b71456e02e88835892814dba44009f6403b5a84416db008e5d357f

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:17 GMT
Last-Modified: Tue, 11 Aug 2020 02:56:01 GMT
Server: AmazonS3
x-amz-request-id: E17F65F624376E98
ETag: "da9d29c4843b0bac5dd6ef34da93b22e"
Content-Type: application/javascript
x-amz-version-id: lBVwAglHDmp6fLxZy4fz12pXZDZUxHyZ
Accept-Ranges: bytes
Content-Length: 870
x-amz-id-2: AKEXX2ROnAZDyMHPISDNUKqeqMipojY+U2cgZ+0SUuVjrg9B2mYFWAEr4kygvistnIyF0bB9Zrs=

GET
H/1.1 200
OK hmi-registration-ui.vendor.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 357 KB
357 KB 416ms
108ms Script
application/javascript 52.216.184.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.vendor.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.184.5 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 8e1c678764d16a66f783dfd8bee93916cf2b055635cef0362bc0640b610df5b5

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:17 GMT
Last-Modified: Tue, 11 Aug 2020 02:56:01 GMT
Server: AmazonS3
x-amz-request-id: 0D2F829CCAEC214C
ETag: "3d50e45eac853d7ff5898c6e8355f1cb"
Content-Type: application/javascript
x-amz-version-id: wulLLPFCPRcEdDRYL1_1QW.A2D.Je67N
Accept-Ranges: bytes
Content-Length: 365126
x-amz-id-2: 1oNIqBDjx0OPZSbOBi5+lBzrtefmAKCLW+mRaSc6B8w0bug0wOmSz54hrp07cYSxsjVnvnbFMgk=

GET
H/1.1 200
OK hmi-registration-ui.bundle.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 1 MB
1 MB 479ms
149ms Script
application/javascript 52.216.184.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.bundle.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.184.5 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f8c3bc6b4612e018296f32dec014b0e8d4c8ef0c7ff449f26a28b641d3497da1

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:17 GMT
Last-Modified: Tue, 11 Aug 2020 02:56:01 GMT
Server: AmazonS3
x-amz-request-id: C3A982F1FFFE37C4
ETag: "7f48d5418252c54a9baf9ce1a74980be"
Content-Type: application/javascript
x-amz-version-id: P5VRJucwn2qmvNWevdaMGPbAlXCLHFuw
Accept-Ranges: bytes
Content-Length: 1322506
x-amz-id-2: 4+5qhNL9uLnR4lAjVXeHOy4R6Py3VlZLnZrdey/2p4hgAWX38jTv5dFjsGJ0KwSCn4F5tE5AXFw=

GET
H2 200 frontend.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 146 KB
36 KB 27ms
27ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1596173836

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b07d33346e965fe1252367b608b4d9616cb5e66587a3b069c429521affc93d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4313653
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622b00a00000eb795269200000001
last-modified: Fri, 31 Jul 2020 05:37:16 GMT
server: cloudflare
etag: W/"5f23ae0c-24980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d601a130eb7-FRA

GET
H2 200 iab.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 8 KB
2 KB 12ms
11ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1596173836

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caf25dc098703f2fcea24b5e306913111132a325e92f923f8be310f35adf3982

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4313653
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622b03100000eb79526c200000001
last-modified: Fri, 31 Jul 2020 05:37:16 GMT
server: cloudflare
etag: W/"5f23ae0c-1ecd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d604a400eb7-FRA

GET
H2 200 wp-embed.min.js Show response
www.scmagazine.com/wp-includes/js/ 1 KB
800 B 10ms
10ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/js/wp-embed.min.js?ver=5.4.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8202541
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622b03e00000eb79526e200000001
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: cloudflare
etag: W/"5db39083-59a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d606a600eb7-FRA

GET
H/1.1 200 olytics.min.js Show response
olytics.omeda.com/olytics/js/v3/p/ 278 KB
76 KB 119ms
117ms Script
application/javascript 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

a8afaefe255b45755c5041cbbd717295b2ba949b7ab6fa43d4e7300e7adff9a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 15:49:06 GMT
Server: Apache
ETag: W/"284296-1598543346000"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Transfer-Encoding: chunked
Accept-Ranges: bytes
vary: accept-encoding
X-XSS-Protection: 1; mode=block
Expires: Sat, 19 Sep 2020 10:05:15 GMT

GET
H2 200 src.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/ 33 KB
9 KB 14ms
12ms Other
image/svg+xml 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 859946
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 054622b34b00000eb795288200000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-8317"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5d506d6548cc0eb7-FRA

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.scmagazine.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:22:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:59 GMT
server: sffe
age: 294169
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:22:26 GMT

GET
H2 200 pubads_impl_2020091501.js Show response
securepubads.g.doubleclick.net/gpt/ 263 KB
93 KB 86ms
32ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

ddf938119baaea8aab1fea95405f5a270d92869f8a9fe6f96b2c4e8861a9cf67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 08:49:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94409
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:15 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v17/ 14 KB
14 KB 28ms
13ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.scmagazine.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:23:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:25 GMT
server: sffe
age: 294077
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14176
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:23:58 GMT

GET
H3-Q050 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v17/ 15 KB
15 KB 26ms
13ms Font
font/woff2 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.scmagazine.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:25:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:59 GMT
server: sffe
age: 293957
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14864
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:25:58 GMT

GET
H2 200 lio.js Show response
c.lytics.io/api/tag// 40 B
418 B 35ms
17ms Script
application/javascript 2606:4700:20::681a:216
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/tag//lio.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1596173836
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5d506d661bf4c2d6-FRA
date: Sat, 19 Sep 2020 04:05:15 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 72
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=7200
content-encoding: br
access-control-allow-origin: *
cf-request-id: 054622b3d00000c2d637208200000001

GET
H2 200 most-widget Show response
www.scmagazine.com/wp-json/haymarket/v1/ 5 KB
2 KB 129ms
128ms XHR
application/json 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-json/haymarket/v1/most-widget?id=most-5

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1596173836

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

ea6fe4d66d6584558c1e8a7c90e2617f6681225b138b597a40b05dc55685382c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: SHORT
x-powered-by: WP Engine
x-cache: HIT: 5
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
cf-request-id: 054622b3c000000eb79528c200000001
x-cache-group: normal
access-control-allow-headers: Authorization, Content-Type
allow: GET
x-robots-tag: noindex
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
cache-control: max-age=600, must-revalidate
cf-ray: 5d506d6609930eb7-FRA
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 / Show response
accounts.haymarketmedia.com/sso/check/ 45 B
616 B 327ms
108ms XHR
application/json 54.88.207.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.haymarketmedia.com/sso/check/?gn=106
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1596173836
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.88.207.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-88-207-174.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 916b46685de3064525220ba828d946e60ab332f5e65c62d7df5fe9877f9c54b2

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
x-aspnetmvc-version: 4.0
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: private
access-control-allow-credentials: true
content-length: 45

GET
H2 200 boomerang.min.js Show response
cdn.feathr.co/js/ 114 KB
34 KB 43ms
42ms Script
application/javascript 2606:4700:3033::681c:60b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.feathr.co/js/boomerang.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:60b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 806c9975656fb05571e902f1154303c7b1553ae12444ca54da5b1a150007146c

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
cf-cache-status: HIT
age: 2631
status: 200
x-amz-request-id: CB7C53CB3D25A612
x-amz-id-2: mZmoaZSmgoWEDE7rw2TnzKHiOwqZWlCMBB5w0bGe2gcbVYKxaTjRJBI/ZBW84RruGzH4VNKC3ZA=
last-modified: Wed, 06 May 2020 17:47:20 GMT
server: cloudflare
etag: W/"360b036656090b581ae5d1ecb2572847"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 054622b3d000002bd654be3200000001
cf-ray: 5d506d661dcd2bd6-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 5494
date: Sat, 19 Sep 2020 02:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Sat, 19 Sep 2020 04:33:41 GMT

GET
H2 410 7341.js
script.crazyegg.com/pages/scripts/0034/ 0
0 36ms
16ms Script
application/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0034/7341.js?444580
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
cf-cache-status: HIT
last-modified: Fri, 18 Sep 2020 19:12:40 GMT
server: cloudflare
age: 31955
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 410
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 5d506d664d9e0610-FRA
content-length: 0
cf-request-id: 054622b3f000000610d5b32200000001

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 107ms
35ms Script
application/x-javascript 99.84.157.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.157.54 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-157-54.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 15:14:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Aug 2020 16:44:58 GMT
Server: AmazonS3
Age: 46251
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 5e73c9f0818a1864e592f61fe6506072.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: TXL52-C1
X-Amz-Cf-Id: DwBxjLfVOOu3doHnzYHXOlEt3THcJ6-gsgPuOqDOxRGw_VdmyKNdRw==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
760 B 21ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 83af74f9ae1d1e4be00a7e271ab233c20ecc5769bdbd1c72e0524dc86bdf12e4

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Sep 2020 18:39:56 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=44274
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 447

GET
H/1.1

200
OK

embed-kgq1KJFlowMLlQfs.js Show response
api-54-191-53-245.b2c.com/api/
Redirect Chain

https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js
https://api-54-191-53-245.b2c.com/api/embed-kgq1KJFlowMLlQfs.js

12 KB
5 KB

506ms
167ms

Script
text/javascript

2600:1f14:e96:5802:5b52:db93:bb75:1bb4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-191-53-245.b2c.com/api/embed-kgq1KJFlowMLlQfs.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:5b52:db93:bb75:1bb4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 1d82c064c90575f6855cea37780e5c8370390cd4f60ad4ae7870c41a0b585149

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Sep 2020 04:05:16 GMT
Content-Encoding: gzip
Server: openresty
Transfer-Encoding: chunked
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: -1

Redirect headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:16 GMT
server: openresty
status: 307
content-type: text/html; charset=utf-8
location: //api-54-191-53-245.b2c.com/api/embed-kgq1KJFlowMLlQfs.js
cache-control: no-cache, no-store, must-revalidate
content-length: 168
expires: -1

GET
H/1.1 200
OK dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js Show response
s.dpmsrv.com/ 107 KB
38 KB 102ms
27ms Script
application/x-javascript 143.204.201.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dpmsrv.com/dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.121 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-121.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 109c7d8a51ec08e938cb287c7c49d3b95fde451a35cf2850ded7345213abdbaf

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 12:42:26 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 May 2020 20:48:12 GMT
Server: AmazonS3
Age: 55370
ETag: "25a22cf2cfbb747dfa1612c976511761"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Accept-Ranges: bytes
Content-Length: 38028
X-Amz-Cf-Id: 9fWDWHWMDRpr8ouMV468UkDGXNKpudiqivRiE_x84x929QZQ6nPThg==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
890 B 34ms
14ms Script
application/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
890 B 34ms
15ms Script
application/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 423 B
945 B 102ms
68ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=499453746542066&correlator=604999071912159&output=ldjh&impl=fif&eid=21067443%2C21067482&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200919&iu_parts=21883553441%2CSkin&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1600488315&dt=1600488315908&dlt=1600488314825&idt=1056&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=0&adks=1385187290&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=56&icsg=1125822769333236&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x4107&msz=1200x-1&ga_vid=1615188696.1600488316&ga_sid=1600488316&ga_hid=1054336863&fws=516&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

6db161bccbb1bde8e3d66fd3c41004a69473632c5d3504931c02e09b5a837902

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 228
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9ec194b2b8116cd9c68bf6788230cd54.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 28ms
13ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9ec194b2b8116cd9c68bf6788230cd54.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 25ms
6ms Other
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 8 KB
4 KB 107ms
78ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=499453746542066&correlator=604999071912159&output=ldjh&impl=fif&eid=21067443%2C21067482&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200919&iu_parts=21883553441%2CPrestitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1600488315&dt=1600488315919&dlt=1600488314825&idt=1056&frm=20&biw=1600&bih=1200&oid=3&adxs=0&adys=4106&adks=1753008912&ucis=2&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=56&icsg=1125822769333236&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x4107&msz=1600x1&ga_vid=1615188696.1600488316&ga_sid=1600488316&ga_hid=1054336863&fws=4&ohw=1600&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

73fea71b75dc30b2bf54d008b3727ed732c3c77a3c0682b3e8d48c76313492d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3744
x-xss-protection: 0
google-lineitem-id: 5480813162
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138324072466
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 78 KB
31 KB 43ms
28ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TCMLVLP&t=gtm2&cid=1615188696.1600488316

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

faa2c6996e45203de0e9e5414466d191f62e5d1a485607e948e7471827360cbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:15 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31407
x-xss-protection: 0
last-modified: Sat, 19 Sep 2020 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 19 Sep 2020 04:05:15 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=30068
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 integrations Show response
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/ 31 B
363 B 315ms
103ms XHR
application/json 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/integrations

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

559382b44a7cb0b397c474fe76532f50b622824e15440784425d1f4a42a991de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 31

GET
H2 200 refresh
marco.feathr.co/v1/ 43 B
587 B 188ms
129ms Image
image/gif 13.35.254.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marco.feathr.co/v1/refresh
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.254.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-76.fra6.r.cloudfront.net
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amzn-requestid: 83830bd5-a2ca-471b-a2f8-55b6d98a3226
status: 200
access-control-allow-methods: *
content-type: image/gif
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5f65837c-a5bb2289ac486f27f39ebf94;Sampled=0
x-cache: Miss from cloudfront
x-amz-apigw-id: TGF7ZFnCoAMFVpg=
content-length: 43
x-amz-cf-id: wXLDYQhCC3cCL0KaljwYffVmNw_L5jI4D31Xw3oUTzTLMsZLH7oguA==
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain...

0
58 B

108ms
108ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1600488315988&liSync=true
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: z5fm1qQTNhZQYhVzdCsAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: 2+q/0aQTNhZgiIL54ioAAA==
pragma: no-cache
x-li-pop: afd-prod-edc2
x-msedge-ref: Ref A: D4C4E32BF0E44A74A07362E4B9CA55F6 Ref B: FRAEDGE0720 Ref C: 2020-09-19T04:05:16Z
x-frame-options: sameorigin
date: Sat, 19 Sep 2020 04:05:15 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1600488315988&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
191 B 13ms
13ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1054336863&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&ul=en-us&de=UTF-8&dt=Exclusive%3A%20Trojan%20apparently%20infects%20NCR%2C%20posing%20possible%20supply-chain%20risk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCjAAAADQAAAAC~&jid=1826705139&gjid=1040143193&cid=1615188696.1600488316&tid=UA-1290429-10&_gid=1971871097.1600488316&_r=1&gtm=2wg990MHZ6C39&cd1=106972%3A0&cd2=cybercrime%2Cmalware&cd3=Bradley%20Barth&cd4=75&cd5=post&cd6=News&cd7=&cd9=2020-08-27&cd10=1052&cd12=&cd14=&cd15=&z=1496560559

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D1122%26pixelIndex%3D0%26r%3D260031%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.scmagazine.c...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D1122%2526pixelIndex%253D0%2526r%253D260031%2526tzOffset%2...
https://a.dpmsrv.com/dpmpxl/index.php?id=2382416089407868531&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=260031&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusi...

245 B
998 B

466ms
114ms

Script
text/javascript

3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?id=2382416089407868531&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=260031&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&_=1600488316006
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: c4a7ac1bd20cb98c8e8fba8aaf9f0b7f645c0df85e97ecc2aafa8605426bdad6

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 219
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 19 Sep 2020 04:05:16 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.118:80
AN-X-Request-Uuid: 8e093067-16dd-4e93-86ae-7ff3a7aa2f4b
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://a.dpmsrv.com/dpmpxl/index.php?id=2382416089407868531&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=260031&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&_=1600488316006
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-1290429-10&cid=1615188696.1600488316&jid=1826705139&gjid=1040143193&_gid=1971871097.1600488316&_u=aCjAAAACQAAAAC~&z=457610900

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 19 Sep 2020 04:05:16 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame CD9C 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e6b5871100843d13e97696d3dbe3cd9a405736a7d3c8c4deca4324b61fee85f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

200

18188086706592323727
tpc.googlesyndication.com/simgad/
Redirect Chain

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvdgY5q7FT6qtLC4ARII8_2cP0D54EyZ4N9LB2H75x5VuSxPNbQsbFdplVx9UrJ0PQDxsWopl8Qq4FU8_rLofflQSp2Aa4MWnBYhuUNURNNyy4a5-RZx5zzJN5lYWfdxPfCdqAdAyYQF...
https://tpc.googlesyndication.com/simgad/18188086706592323727?

89 KB
89 KB

27ms
14ms

Image
image/jpeg

2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18188086706592323727?

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

180f18539a9ea0afd9b7392542690b6b0b6affcf1103b3fb3952a4aa6f5d51b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:53:15 GMT
x-content-type-options: nosniff
age: 36721
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90869
x-xss-protection: 0
last-modified: Fri, 18 Sep 2020 17:47:55 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Sep 2021 17:53:15 GMT

Redirect headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:16 GMT
x-content-type-options: nosniff
server: cafe
status: 302
location: https://tpc.googlesyndication.com/simgad/18188086706592323727?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aab305617162a2abd2300d0b9364f62cd3687d6fa5a8f8b854b76903d006b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600429198305210"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27591
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:16 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 17ms
17ms Image
image/gif 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1290429-10&cid=1615188696.1600488316&jid=1826705139&_u=aCjAAAACQAAAAC~&z=1911916206

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 18ms
17ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1290429-10&cid=1615188696.1600488316&jid=1826705139&_u=aCjAAAACQAAAAC~&z=1911916206

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 42ms
23ms Fetch
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 17763564034184956522
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:16 GMT

OPTIONS
H/1.1 200 olytics
oqs.omeda.com/oqs/rest/ Frame 0
0 571ms
113ms Other
text/plain 204.180.130.165
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://oqs.omeda.com/oqs/rest/olytics
Protocol: HTTP/1.1
Server: 204.180.130.165 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
Sec-Fetch-Mode: cors

Response headers

Access-Control-Max-Age: 600
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Access-Control-Request-Headers, Content-Type, Origin, Accept, Accept-Encoding, Accept-Language, HOST, User-Agent, Access-Control-Request-Method, Access-Control-Max-Age

POST
H/1.1 200 olytics Show response
oqs.omeda.com/oqs/rest/ 15 B
307 B 119ms
119ms XHR
application/json 204.180.130.165
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://oqs.omeda.com/oqs/rest/olytics

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.165 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

754c94388315799ee1eb0338fa7163a26d71dcb96c7767c14bcb7cd7d1901fc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 19 Sep 2020 04:05:16 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

GET
H2 200 script.js Show response
polo.feathr.co/v1/analytics/match/ 290 B
582 B 309ms
105ms Script
text/javascript 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/analytics/match/script.js?pk=feathr

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

1a8a2fe2fa45a422cbdcfccb42394b6d843f3d3b362cb18a67fdde3ea70d001f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
content-encoding: gzip
server: nginx/1.17.8
status: 200
etag: W/"5f65837c63267f00084b71b2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: no-cache, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H2 200 pixel.js Show response
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/ 32 B
397 B 310ms
107ms Script
text/javascript 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/pixel.js?pk=feathr

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=14400
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 32

HEAD
H3-Q050 200 gpt.js
www.googletagservices.com/tag/js/ 0
0 35ms
22ms Fetch
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "637 / 77 of 1000 / last-modified: 1600467265"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17772
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:16 GMT

GET
H2

200

match
polo-v1.feathr.co/v1/analytics/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f65837c63267f00084b71b2&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f65837c63267f00084b71b2&gdpr=0
https://polo-v1.feathr.co/v1/analytics/match?f_id=5f65837c63267f00084b71b2&ttd_id=0fef04a6-eeaa-4d08-89d1-45df5267785e

43 B
402 B

107ms
104ms

Image
image/gif

54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://polo-v1.feathr.co/v1/analytics/match?f_id=5f65837c63267f00084b71b2&ttd_id=0fef04a6-eeaa-4d08-89d1-45df5267785e

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0,no-cache,no-store
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 43

Redirect headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:16 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://polo-v1.feathr.co/v1/analytics/match?f_id=5f65837c63267f00084b71b2&ttd_id=0fef04a6-eeaa-4d08-89d1-45df5267785e
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H2 200 crumb
polo.feathr.co/v1/analytics/ 43 B
402 B 117ms
116ms Image
image/gif 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://polo.feathr.co/v1/analytics/crumb?cb=1600488316624&a_id=5c2d2a2366bba411c7d26e37&f_id=5f65837c63267f00084b71b2&ses_id=5f65837b6871e52b5bf52b09&flvr=page_view&loc_url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&s_w=1600&s_h=1200&b_w=1600&b_h=1200&cust_params=e30=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:16 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0,no-cache,no-store
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 43

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=2382416089407868531&pixelIndex=0&_=1600488316007
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2382416089407868531&pixelIndex=0&_=1600488316007&google_gid=CAESEE5VUlwapYPmW5RIuiY6scY&google_cver=1

0
598 B

112ms
111ms

Script
text/javascript

3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2382416089407868531&pixelIndex=0&_=1600488316007&google_gid=CAESEE5VUlwapYPmW5RIuiY6scY&google_cver=1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 0
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:16 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=2382416089407868531&pixelIndex=0&_=1600488316007&google_gid=CAESEE5VUlwapYPmW5RIuiY6scY&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 423396.gif
idsync.rlcdn.com/ 0
66 B 89ms
32ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/423396.gif?partner_uid=2382416089407868531
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Sat, 19 Sep 2020 04:05:16 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK ad.gif
api-54-191-53-245.b2c.com/api/ 43 B
233 B 166ms
166ms Image
image/gif 2600:1f14:e96:5802:5b52:db93:bb75:1bb4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-54-191-53-245.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:5b52:db93:bb75:1bb4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 19 Sep 2020 04:05:17 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK index.php Show response
a.dpmsrv.com/dpmpxl/ 5 B
1 KB 112ms
112ms Script
text/javascript 3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=xSeg&v=1.x&ep%5Bids%5D=20986004&cl=1122&pixelIndex=0&r=435869&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&id=2382416089407868531&_=1600488316008
Requested by: Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 31
Expires: 0

GET
H/1.1 200
OK seg
ib.adnxs.com/ 43 B
1 KB 17ms
17ms Image
image/gif 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/seg?member=827&add=20986004

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Sep 2020 04:05:17 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.7:80
AN-X-Request-Uuid: 8bb14f0c-c87e-41cf-b5c2-51af1e23e7cc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020091501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7be715869f43fa16cd8d00c994736f17dccfb2e2a823da1926762b01a366c069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6442
x-xss-protection: 0

GET
H2 200 up
insight.adsrvr.org/track/ Frame 4E86 0
0 104ms
34ms Document
text/html 52.48.230.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&upid=e4qkh98&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.230.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&upid=e4qkh98&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=0fef04a6-eeaa-4d08-89d1-45df5267785e; TDCPM=CAEYBSABKAIyCwjo2sSq_pbuOBAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
date: Sat, 19 Sep 2020 04:05:17 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
119 B 6ms
6ms Image
image/gif 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=1054336863&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&ul=en-us&de=UTF-8&dt=Exclusive%3A%20Trojan%20apparently%20infects%20NCR%2C%20posing%20possible%20supply-chain%20risk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&el=25%25&ev=25&_u=aCjAAAADQAAAAC~&jid=&gjid=&cid=1615188696.1600488316&tid=UA-1290429-10&_gid=1971871097.1600488316&gtm=2wg990MHZ6C39&z=404529524

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Sep 2020 16:33:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41530
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:17 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame CEAD 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Fri, 18 Sep 2020 22:28:06 GMT
expires: Sat, 18 Sep 2021 22:28:06 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 20231
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

4 Show response
api-54-191-53-245.b2c.com/api/
Redirect Chain

https://api-54-191-53-245.b2c.com/api/x?kgq1KJFlowMLlQfs$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL21hbHdhcmUvZXhjbHVzaXZlLXRyb2phbi1hcHBhcmVudGx5LWluZmVjdHMtbmNyLXBvc2lu...
https://api-54-191-53-245.b2c.com:444/api/4?kgq1KJFlowMLlQfs

43 B
441 B

726ms
183ms

XHR
image/gif

54.191.53.245
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-191-53-245.b2c.com:444/api/4?kgq1KJFlowMLlQfs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.191.53.245 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-191-53-245.us-west-2.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Sep 2020 04:05:18 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

Redirect headers

Date: Sat, 19 Sep 2020 04:05:17 GMT
Server: openresty
Location: https://api-54-191-53-245.b2c.com:444/api/4?kgq1KJFlowMLlQfs
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
223 B 18ms
17ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020091501&jk=499453746542066&bg=!19Sl1MxYRuyGRP_Mi3oCAAAAa1IAAAASCgHfAJ90mGiJh44F0KFOgVbDVee34hVqCMmVVG2j8WuoQz9LbumDiR8fntsOktVlRHlmJz8uW3wWBm6fmLBlUUzJ0Jbd8Y6tJEeaCiHLdt7Wm4g2xrHMPeJEe5A9hq9Se0wbH5TgasoZA0yIH5aF-Ux8GMpVguZ140M1ts7iLA-Bus1u7heHOhF5smFINyGjblSJiJK3LHK-JCYJDbOGyMJ8kjntUphXFM6o2FeWH3_-0ybvIyt9FNm-uOjbh_isBSOvSwFWHtYWbogv6nTked3txfuhZNcFA3ZdQ6HXXgIApnuVAlinOQ_aAfkcyYGPvqLxyh9qCwC0FnUJ7x5OQDH7oAKmE8WJ_DnPQJd49iCwuLzDUHELpr9uRuJ_aANfdPIdWQ-81ARzoTFPGltfzxVqfy7Cek6FlVK4-lWApHHVk8u7T8AP51nrDXKY15MBGXFsGREIVWEJvysPTECyx5JvdCdklV9ZYM9lIfsD5EyDqvSh3r9DXpQRvjS7DZjzS7hcvs-cdKe_IC6AWmHD-pXaYQzXPelqZ8jOQIUB_uiEoiMBy0fIuASNS9Quity5k8hWJ4TROaDyuQe_YJmlzw-nx8ovXE2r3UdsmkOhqC38l8dLWagkgzrlplIzgMqVFG6ZAauGSpAGi4GkcpcfhjJ8FKDFi9MO4FbDM-t9jqntKxoySVHX9MJcZohSkkM9rZHQ-mDrSWDHbep0dQzGAZUbsAEmiJJwso72YxBeRIu-WxIPZN-B-p_RjrgmVBzqIvci8L8CBjdMuBG_6htv6JrhErXnlgs7AhHaL4p_x8eL2QOU6o-ArV1rGjQ410RYKD7YyJ0pDG7VhegzVlvqFxQSYblTU4_U20GwRimj-9QBspeJA12QXIu1oIjTOxC8VI9Ir47mfIJL7cHtoPZr1jybgmBUmYMSvaEE8ikCMmscSJVNspABq1baW66-y0cyA4J3IsHqlgkLjC1pQi6KRYHIgOrzL7uI_74hyJt-8qqRCEUAwUuu1zas6Eedu_V-bOzhof5vi9XCyGsLSwvmfmiv5k5Z8EtRVr1tPo7KQJz7RbjpEWrUDYXbCn4YlNIWMvDo8I5_Ugc9kj6CS_AF1OFvTregX5Kf640XTPNat2pBQwcbUpKK8_9cMTR30s_SSUQ-pBCSOLvdulOKEF6zhqqhtDKkBOncgmTfoCOvdgC4otQoRq511Xmf2JyGm8Qp

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200 p
olytics.omeda.com/olytics/segments/ Frame 0
0 689ms
112ms Other 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/p
Protocol: HTTP/1.1
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Origin: *
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0
Date: Sat, 19 Sep 2020 04:05:16 GMT
Server: Apache

OPTIONS
H/1.1 200 /
olytics.omeda.com/olytics/segments/form/check/ Frame 0
0 691ms
112ms Other 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/form/check/
Protocol: HTTP/1.1
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Origin: *
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0
Date: Sat, 19 Sep 2020 04:05:17 GMT
Server: Apache

OPTIONS
H/1.1 200 cswitch
olytics.omeda.com/olytics/segments/ Frame 0
0 713ms
117ms Other 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/cswitch
Protocol: HTTP/1.1
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Origin: *
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0
Date: Sat, 19 Sep 2020 04:05:17 GMT
Server: Apache

POST
H/1.1 200 p Show response
olytics.omeda.com/olytics/segments/ 20 B
313 B 126ms
125ms XHR
application/json 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/p

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 19 Sep 2020 04:05:18 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

POST
H/1.1 200 / Show response
olytics.omeda.com/olytics/segments/form/check/ 20 B
313 B 113ms
113ms XHR
application/json 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/form/check/

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 19 Sep 2020 04:05:17 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

POST
H/1.1 200 cswitch Show response
olytics.omeda.com/olytics/segments/ 20 B
313 B 120ms
120ms XHR
application/json 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/cswitch

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 19 Sep 2020 04:05:18 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
10 KB 76ms
76ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=499453746542066&correlator=604999071912159&output=ldjh&impl=fif&adsid=NT&eid=21067443%2C21067482%2C21067038&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200919&iu_parts=21883553441%2CLeaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dleaderboard1&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3D21122b8f207ad457-22a5a0d4deb80019%3AT%3D1600488315%3AS%3DALNI_MaF-TX-3P4Ind7igW5DZQCiDV6yHw&bc=31&abxe=1&lmt=1600488317&dt=1600488317962&dlt=1600488314825&idt=1056&frm=20&biw=1600&bih=1200&oid=3&adxs=216&adys=170&adks=490734277&ucis=3&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=61&icsg=4502365365273588&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x106&msz=1168x90&psts=AGkb-H_guGtTVLwXmDFNVTsRjxoKxLljdw0Sa3Ti6w33SlMYh12TlQPX1eaIg-uRsjMiZ3N329c0b7ZaXbk5Dls%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1615188696.1600488316&ga_sid=1600488316&ga_hid=1054336863&fws=4&ohw=1168&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

9a524abfb198d252bf08ad9743622b0e1593177ce3259104603e81735aceddc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10013
x-xss-protection: 0
google-lineitem-id: 5445846166
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322222545
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1AE2 0
0 90ms
34ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_6TMqny6QiU4STSXQcoETfvoFAqw4cRuE8tAivFdmE2NWnXT0-i77aIhrMVxuYqX5D7buhM6kQmPFxQojj6a6kAJiiujd_oxI8drJ7NPhjuYW4dITCsNqY-mC9qnMLfgzY3hmNunZa0gTmga0UA87iDiRsw3Cv8eDMGFwPI9OQD56aUwVBdqzQm8Mqtx9oSU58bvZEYa1IY3j9Pxka1DfngxPpfswC0ESkJ33ESX4Azr9gBSGz-iwKoJ60qJjxwyffquH3e7CTjhcmg5Rpki2ZmTCEobSCe5o-weRd3VXSpfaajPQ02oU8NPre0if0m-K0EpPS9uHGSK_78fB1XOxSA&sig=Cg0ArKJSzLKrZvQVpqRfEAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:18 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1AE2 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38476
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Sep 2021 17:24:02 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1AE2 75 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb587a9c53114e1ecfc17acc254790164730dc1fd1b3d647876c6dc6fcffa35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600429198305210"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28901
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:18 GMT

GET
H2 200 Enduring_ReadReport_Display_B2B_v1_728x90.jpg
s0.2mdn.net/9812475/ Frame 1AE2 25 KB
25 KB 36ms
15ms Image
image/jpeg 2a00:1450:4001:81d::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9812475/Enduring_ReadReport_Display_B2B_v1_728x90.jpg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e7ab6f7c4da32a4ff7c8d1ec877df2cc76b9485c1b12ab4f3ae71094fd46d39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Sep 2020 21:41:22 GMT
server: sffe
age: 0
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25293
x-xss-protection: 0
expires: Sun, 20 Sep 2020 04:05:18 GMT

GET
H3-Q050 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame E6BB 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Sep 2020 17:23:33 GMT
expires: Sat, 18 Sep 2021 17:23:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 38505
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1AE2 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9c6a7521fbb7f6af1a2cf39395e780da2e9168c52bea51c55d0f7d8382e7aa9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1AE2 0
29 B 34ms
33ms Image
image/gif 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuaGJT8IjnlgxpQEB62kPlOpBV9Yzjnt4N1UNmA-uPJDMiWdweEmZ2kAFj0_1ChMweG_mROCuSUqOVazV-JMjhqwKRcr9Wjez4Guj7C1MQRf5x-r08JLGDvmpeMTEmn0C2zUFk5PVKdvdXSS75D_tzBliN9Gvhvdz9G4UxKqEDqnv3pHSSlWHkCCLXWpDEAxM6sYchkZNqU3RRnclZLVTOmvYf8cpBrH9ce3WnusuozmkostbLNvd10xKArWdn6AtW2OoN30ivzL0FpLSMp&sig=Cg0ArKJSzMLS9wllZNj-EAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:18 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
10 KB 77ms
76ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=499453746542066&correlator=604999071912159&output=ldjh&impl=fif&adsid=NT&eid=21067443%2C21067482%2C21067038&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200919&iu_parts=21883553441%2CLeaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dleaderboard2%26lid%3D5445846166&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3D21122b8f207ad457%3AT%3D1600488315%3AS%3DALNI_MZA1AO_JhXZoE5l7RkxvWiPs1GxkQ&bc=31&abxe=1&lmt=1600488319&dt=1600488319057&dlt=1600488314825&idt=1056&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=3753&adks=2588316086&ucis=4&ifi=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=60&icsg=4502365365273588&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3567&msz=1600x90&psts=AGkb-H-4pWD_nYmrHmBDLVD7Wzp-22kx50jJiQmQi-oh3T010f2BhRRkACr3CUrMz_MqYAVcWHmK2aUARZGfGNk%2CAGkb-H_guGtTVLwXmDFNVTsRjxoKxLljdw0Sa3Ti6w33SlMYh12TlQPX1eaIg-uRsjMiZ3N329c0b7ZaXbk5Dls%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1615188696.1600488316&ga_sid=1600488316&ga_hid=1054336863&fws=4&ohw=1600&btvi=2&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

ee0cfdffdce23c9f049fc892ab83fdc1730714160a4a1b13833db207a765c978

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9932
x-xss-protection: 0
google-lineitem-id: 5445846166
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322222476
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2ADC 0
0 18ms
17ms Fetch
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsugm7jalilPcA8xCRCJfNigoJjx4XwFEAZbr7hHV2J3bAehSi5uxIAyOKM_3H1ZrkIiESs9vdKYUQwp_p_ghtc-BZyvpiqS_z-XwHqgmHVOkA7pOSetpykXP0hYyoDXE5kUUAVsl8vxKiXRvCzItnG2UVmRm51rIxRm99Qlgg4z_T7PZtz4eqPFAyjep3MumHjU64wKOfDjur5VfGeJj_MoXDwnlDF3PGTPN0fGoINYmLUw5RrDj5cOelHZ6lJ4Rvn4TrOwNnd8HFuujRUkN0XjvVV1jvSCONrt2cewvU5pw6Rmw5j1GZorq0BoXoXTaaKlQhsUJjMAlQ1ti5OdeTnbrQ&sig=Cg0ArKJSzEKIxwiEsZZxEAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2ADC 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38477
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Sep 2021 17:24:02 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2ADC 75 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb587a9c53114e1ecfc17acc254790164730dc1fd1b3d647876c6dc6fcffa35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600429198305210"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28901
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:19 GMT

GET
H3-Q050 200 Enduring_ReadReport_Display_B2B_v1_970x250.jpg
s0.2mdn.net/9812475/ Frame 2ADC 59 KB
59 KB 27ms
14ms Image
image/jpeg 2a00:1450:4001:81d::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9812475/Enduring_ReadReport_Display_B2B_v1_970x250.jpg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89700aaf609a6008e9dd62b26dab0b96c0bf72ba3208d29dedadc0dea41ddbdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:24:10 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Sep 2020 21:41:29 GMT
server: sffe
age: 63669
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60034
x-xss-protection: 0
expires: Sat, 19 Sep 2020 10:24:10 GMT

GET
H3-Q050 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5805 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Sep 2020 17:23:33 GMT
expires: Sat, 18 Sep 2021 17:23:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 38506
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2ADC 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fab75e2290b229ddf6053fc029341b3d6c156e944472c95f00c7df27393c785d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2ADC 0
21 B 34ms
33ms Image
image/gif 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuQNtyD_7v6sTfqtubDyLiS8LI0gMUYtgUcahBknO63llsFNPiyEurbFjtUgO3tCXAnTBkE3SIzIgDLXabAVVQWimGBTwNveJS1YgR4VAeMWMwnrPAaSHPqSrnvOYffVMx9sdw7z5l6oxERiuq85NwOTbJ0FskZYLl2GlUT0Lvk8J5W4mfolbLPrShRlaAy0qS_qRey2zXO0PkitybypLQz5urY0yKkOF_G9IIesDfl2ArpUKUZBZg-OtGY4PURkUym2xPhbg_r4ORTX00U&sig=Cg0ArKJSzHjf2wTIPlNUEAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1AE2 42 B
68 B 18ms
17ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuIWQJzUzsMaETtZkgC6-W4aUjNMzaUv-HFJK6H1buN-lDlcHVZusE15-BOZKlk3lgsW2V5UHMTtQWu4QXeXx9WUGnFttNdYKOZgZ831pr0L8nlIkdgVo_vTXNNMAufUijHRpfTndP2RA1kArb8FlsfJXqEc_3x653sI4hvl9Zu&sig=Cg0ArKJSzH7BE74h1MelEAE&adk=490734277&tt=-1&bs=1600%2C1200&mtos=0,1008,1008,1008,1008&tos=0,1008,0,0,0&p=170,436,260,1164&rxlist=1&mcvt=1008&rs=3&ht=0&tfs=124&tls=1132&mc=0.99&lte=-1&bas=0&bac=0&met=ie&avms=nio&niot_obs=19&niot_cbk=26&md=2&btr=0&cpmav=0&lm=2&rst=1600488318053&dlt&rpt=31&isd=0&msd=0&xdi=0&ps=1600%2C4560&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-6-11-11-0-0-0&tvt=1127&is=728%2C90&iframe_loc=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&r=v&id=osdim&vs=4&uc=12&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200918

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
11 KB 78ms
77ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=499453746542066&correlator=604999071912159&output=ldjh&impl=fif&adsid=NT&eid=21067443%2C21067482%2C21067038&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200919&iu_parts=21883553441%2CBox&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600%7C300x1050&prev_scp=pos%3Dbox1%26lid%3D5445846166&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3D21122b8f207ad457%3AT%3D1600488315%3AS%3DALNI_MZA1AO_JhXZoE5l7RkxvWiPs1GxkQ&bc=31&abxe=1&lmt=1600488320&dt=1600488320157&dlt=1600488314825&idt=1056&frm=20&biw=1600&bih=1200&oid=3&adxs=1084&adys=783&adks=607498164&ucis=5&ifi=5&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=59&icsg=4502365365273588&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&psts=AGkb-H-4pWD_nYmrHmBDLVD7Wzp-22kx50jJiQmQi-oh3T010f2BhRRkACr3CUrMz_MqYAVcWHmK2aUARZGfGNk%2CAGkb-H_aU-JCqWoT71-hwFZHK1H1iIoV1yzrRa8N05IeEUV1eR0oAdCC0ciIIgR590PzbSbss54udKfdzAJCj18%2CAGkb-H_guGtTVLwXmDFNVTsRjxoKxLljdw0Sa3Ti6w33SlMYh12TlQPX1eaIg-uRsjMiZ3N329c0b7ZaXbk5Dls%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1615188696.1600488316&ga_sid=1600488316&ga_hid=1054336863&fws=4&ohw=1600&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

f7701fd3870a575fb83baa20adab5aa58d87c70fb5a3cbef66fca8b63b7a55a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10850
x-xss-protection: 0
google-lineitem-id: 5445846166
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322279767
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6BC6 0
0 24ms
23ms Fetch
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssl7jNM7EgnXgHxekFdfN9c34OIAOeVE26sA35AXFbKk3OR5bxdyZBoNwikV56-8WPF-08N-XFt4I4JPteC6icvgdt2OiWi__CBFG6C3XSiUgD5XIDndVEBMIGX0Jpyivo4EEzaMrmmPFEO_P2cgen0uiVKlq8QgPanEwxC_O5Sm7HCWT2mIWPpnWtVMwbnLGOBno7zXscQkm1VjGCqXw0lpHcNSAz4sEE8l7QuFTIOz0oVsCrv2j4FSBY8iCxgF1aqjEsiT_sRsxnusIS8rtjAkOmw-2XEJFQzr9JrTgopZk0B4oFxuixfgAh6a5gBLhzjcdL1SUWS0wh8xS0&sig=Cg0ArKJSzA7APKWu8nBBEAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:20 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6BC6 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38478
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Sep 2021 17:24:02 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6BC6 75 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb587a9c53114e1ecfc17acc254790164730dc1fd1b3d647876c6dc6fcffa35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600429198305210"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28901
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:20 GMT

GET
H3-Q050 200 Enduring_ReadReport_Display_B2B_v1_300x250.jpg
s0.2mdn.net/9812475/ Frame 6BC6 30 KB
30 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:81d::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9812475/Enduring_ReadReport_Display_B2B_v1_300x250.jpg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b325dad78fe98febd8a8febb508c07e5b6a4cf42e78343d53ca82632904568e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:24:12 GMT
x-content-type-options: nosniff
last-modified: Fri, 04 Sep 2020 18:19:27 GMT
server: sffe
age: 63668
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30714
x-xss-protection: 0
expires: Sat, 19 Sep 2020 10:24:12 GMT

GET
H3-Q050 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 7062 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Sep 2020 17:23:33 GMT
expires: Sat, 18 Sep 2021 17:23:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 38507
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6BC6 0
21 B 36ms
36ms Image
image/gif 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuv8FXa-tZGKs-U7HH3nJnk1iA-7JnjADrvjkoFwPip23MZZdJJOjkoDkPbVNMjmfF8teQ_PpypO9z7dQxl8DNc5lWksT_m9IavD8xyeSMYs7MiL9f1FvLYDtOmnySau7LbKpo7mXQ7h8Bu-yA1JP3AcvF7fOB2l5slGfXrcb9Vm2nWf3xJCr_ROr-k60vQ112ABlTO7JWqRvl3NStwmNmA3PBzXzBsuDjIUYkKRb3LhL_SnXpYBJoPQNLBrBj5pYZMq-dNVJSaKg&sig=Cg0ArKJSzKr-CSRO0F-9EAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:20 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6BC6 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fbf7bafd35088a010c7fe78df7cab3b5219fe5b11b251e587980f0b36f159669

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 6BC6 52 KB
20 KB 23ms
23ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

c8dbeaf8294be05010bbfbf833b812f03f7cff452a3fc36760a4f2d1ed083672

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 03:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1566
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20613
x-xss-protection: 0
server: cafe
etag: 2481805988026141240
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 19 Sep 2020 04:39:14 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 6BC6 0
339 B 65ms
26ms Other
image/gif 2a00:1450:400a:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kf95f7n1&chm=1&ctx=2&qqid=CIj1q86r9OsCFdMf4AodTckIlw&met.4=fb.6~lb.y~ol.1z~idt.qd~dt.-2z&met.3=374.n~197.w~298.x~123.v_3~118.12~118.13~118.13~118.16~117.1z~118.20~113.2u_3~112.2t_4&met.1=1.kf95f7k8~14.0~15.0~16.0~17.0~18.0~19.1~20.1z~21.1z~22.11~23.11&met.7=CCIQBBgBIAcoBzAHaAhwH3gVsAEBuAED~CCcQChgBIAkoCTAROAhoCnAQeIV3gAHndogBisUCsAEBuAED~CCoQChgBIAkoCTAaOBE~CCkQBhgBIAooCjASOAg~CCcQBRgBIBYoFjAdOAhoF3AdeOlBgAHLQYgB6rIBsAEBuAED~CCIQBhgBICIoIjBGOCVoInBGeBWwAQG4AQM~CCgQChgBIEkoSTBiOBpoSXBgeLKiAYABhaEBiAGsoQOwAQG4AQM
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400a:800::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:20 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
status: 204
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
10 KB 77ms
77ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=499453746542066&correlator=604999071912159&output=ldjh&impl=fif&adsid=NT&eid=21067443%2C21067482%2C21067038&vrg=2020091501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200919&iu_parts=21883553441%2CBox&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dbox2%26lid%3D5445846166&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3D21122b8f207ad457%3AT%3D1600488315%3AS%3DALNI_MZA1AO_JhXZoE5l7RkxvWiPs1GxkQ&bc=31&abxe=1&lmt=1600488321&dt=1600488321280&dlt=1600488314825&idt=1056&frm=20&biw=1600&bih=1200&oid=3&adxs=1084&adys=1712&adks=1048971383&ucis=6&ifi=6&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=59&icsg=4502365365273588&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&psts=AGkb-H-4pWD_nYmrHmBDLVD7Wzp-22kx50jJiQmQi-oh3T010f2BhRRkACr3CUrMz_MqYAVcWHmK2aUARZGfGNk%2CAGkb-H_aU-JCqWoT71-hwFZHK1H1iIoV1yzrRa8N05IeEUV1eR0oAdCC0ciIIgR590PzbSbss54udKfdzAJCj18%2CAGkb-H_guGtTVLwXmDFNVTsRjxoKxLljdw0Sa3Ti6w33SlMYh12TlQPX1eaIg-uRsjMiZ3N329c0b7ZaXbk5Dls%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9kssizZxSimXGEadPZ1iX1h30u6Atw_CBPJ21KtPt-9DRw4bIA4NwgsbbMp0SJoRzSA-bUjbw9OjfCkCY&ga_vid=1615188696.1600488316&ga_sid=1600488316&ga_hid=1054336863&fws=4&ohw=1600&btvi=3&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

d553421bbc161ef0a3b021473c8b3173ccdc4cc8a56a91d16b4bcf4527292d4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9885
x-xss-protection: 0
google-lineitem-id: 5445846166
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138322281219
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
45 B 15ms
15ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=499453746542066&r=300x250%7C300x600&w=300&h=250&a=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame A6D8 0
0 21ms
19ms Fetch
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssSDZM5zB3SqI91wAFSXNTC9doXonRKHL3KNsVCA1OiQre5xcq0OpxVFKvKERV89_xZQS4VO3I9vCnK5UmXMqvSceYJDmFlMJC5vYzLzFxgYJo9-8wvFzdDwUOEGrPfKqDz2H3O4WmH8GenXOeTj6l81HWVkdw-Ek3TaxmApRMJPiYcvfX0JUGz7wMooPypTd7f3QsJT7RGvdaKKHWKhkFe2e7FrpsGPwUY-zm60vAV2LWidA1al8ruhKY589-gj-DpeOtLKMcz9gwpvq1kJXWPe0Xf7T-NCBpU3ft5Rwa2vEMtTVu91MpvM01IgnSC8f-RZojMUZuUmNdPTxw&sig=Cg0ArKJSzHIAW-UtOsfnEAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:21 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 Enduring_ReadReport_Display_B2B_v1_300x250.jpg
s0.2mdn.net/9812475/ Frame A6D8 30 KB
30 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:81d::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9812475/Enduring_ReadReport_Display_B2B_v1_300x250.jpg

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b325dad78fe98febd8a8febb508c07e5b6a4cf42e78343d53ca82632904568e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:24:12 GMT
x-content-type-options: nosniff
last-modified: Fri, 04 Sep 2020 18:19:27 GMT
server: sffe
age: 63669
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30714
x-xss-protection: 0
expires: Sat, 19 Sep 2020 10:24:12 GMT

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A6D8 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38479
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Sep 2021 17:24:02 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame A6D8 75 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091501.js?21067482

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb587a9c53114e1ecfc17acc254790164730dc1fd1b3d647876c6dc6fcffa35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 04:05:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600429198305210"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28901
x-xss-protection: 0
expires: Sat, 19 Sep 2020 04:05:21 GMT

GET
H3-Q050 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8B52 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 8395
date: Fri, 18 Sep 2020 17:23:33 GMT
expires: Sat, 18 Sep 2021 17:23:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 38508
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame A6D8 0
21 B 34ms
34ms Image
image/gif 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssdJd0thNfBlkNT9do0cchN43Lq-1OQ2pWMIg7C7KYx3aNafHhrcbfcAkWIq4apb3008q22dUyGCme66Qgux3bslNIolcLXqwhATX2H4BLPt4jQ008d4bz0jBQJzfixHGzLh1IkOw8KY1I5nlkslzf9kXpXnDhsDgl6X8tgM4_maZpdTBXpGebOqyUs9xl010u2BCDa0PtIdJtFZCBfQrg-pvLxWCEpjOJ9dlnUaCLK9cBfrCuh1EaRNtO444BnG4kvwAnaDCmMDw&sig=Cg0ArKJSzMPQGvwSS596EAE&urlfix=1&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 19 Sep 2020 04:05:21 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A6D8 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a81d6b2c74b35b95432fdbb65fb26739b5586ddab8ae6deaf2c4bc4e50b5ad4b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6BC6 42 B
65 B 14ms
14ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu8Bc4_uawiAjDe160bBquzkUxHg6h1921bwMMQsgZBsQXSD8FGknUDteMzWvuJ41WZkJxBsrN-c71Q2G4BSokCB70wFTkDsP42CqSqHNTRQAbRLCXZrb5pNnh7LXO-D3Cn2FXFAxV0jrnxV7dW84YOlzwYi_bINhCZuIBiAgAS&sig=Cg0ArKJSzAe8r0TtkBH3EAE&adk=607498164&tt=-1&bs=1600%2C1200&mtos=1015,1015,1015,1015,1015&tos=1015,0,0,0,0&p=783,1084,1033,1384&rxlist=1&mcvt=1015&rs=0&ht=0&tfs=104&tls=1119&mc=1&lte=-1&bas=0&bac=0&met=ie&avms=nio&niot_obs=2&niot_cbk=8&md=2&btr=0&cpmav=0&lm=2&rst=1600488320275&dlt&rpt=25&isd=0&msd=0&xdi=0&ps=1600%2C4560&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-3-11-11-0-0-0&tvt=1118&is=300%2C250&iframe_loc=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&r=v&id=osdim&vs=4&uc=12&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200918

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Sep 2020 04:05:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.scmagazine.com/	1970-01-19 12:36:14	Name: _gid Value: GA1.2.1971871097.1600488316
.scmagazine.com/	1970-01-19 21:20:24	Name: oly_anon_id Value: %2220684f6d-1498-4fd2-aa29-3f8f38046c36%22
.scmagazine.com/	1970-01-19 21:20:24	Name: oly_enc_id Value: null
.scmagazine.com/	1970-01-20 06:06:00	Name: __gads Value: ID=21122b8f207ad457-22a5a0d4deb80019:T=1600488315:S=ALNI_MaF-TX-3P4Ind7igW5DZQCiDV6yHw
www.scmagazine.com/	1969-12-31 23:59:59	Name: dpm_url_count Value: 1
.www.scmagazine.com/	1970-01-19 12:34:51	Name: feathr_session_id Value: 5f65837b6871e52b5bf52b09
www.scmagazine.com/	1970-01-19 12:34:51	Name: hmSsoCheck Value: true
.scmagazine.com/	1970-01-19 12:34:48	Name: _gat_UA-1290429-10 Value: 1
www.scmagazine.com/	1969-12-31 23:59:59	Name: dpm_time_site Value: 1.007
.scmagazine.com/	1970-01-20 06:06:00	Name: _ga Value: GA1.2.1615188696.1600488316
.scmagazine.com/	1970-01-19 13:18:00	Name: __cfduid Value: dbe083a3346ade8be2466d391e50dfd611600488314
www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk	1969-12-31 23:59:59	Name: hasLiveRampMatch Value: true

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.scmagazine.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://c.lytics.io/api/tag//lio.js(Line 1) Message: Missing required params.
console-api	log	URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js(Line 46) Message: olytics fire called
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1596173836(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1596173836(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1596173836(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1596173836(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1596173836(Line 1) Message: [ABD] exiting test loop - value: false

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9ec194b2b8116cd9c68bf6788230cd54.safeframe.googlesyndication.com
a.dpmsrv.com
accounts.haymarketmedia.com
adservice.google.com
adservice.google.de
api-54-191-53-245.b2c.com
api.b2c.com
c.lytics.io
cdn.feathr.co
cm.g.doubleclick.net
content.maropost.com
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads4.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
marco.feathr.co
match.adsrvr.org
olytics.omeda.com
oqs.omeda.com
pagead2.googlesyndication.com
polo-v1.feathr.co
polo.feathr.co
px.ads.linkedin.com
s.dpmsrv.com
s0.2mdn.net
s3.amazonaws.com
script.crazyegg.com
secure.gravatar.com
securepubads.g.doubleclick.net
snap.licdn.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.scmagazine.com
13.35.254.76
143.204.201.121
172.217.22.2
172.217.22.98
185.33.220.145
204.180.130.159
204.180.130.165
216.58.212.130
2600:1f14:e96:5802:57bd:275a:39e5:ed69
2600:1f14:e96:5802:5b52:db93:bb75:1bb4
2600:9000:2057:5a00:a:1779:3180:93a1
2606:4700:20::681a:216
2606:4700:20::681a:3d7
2606:4700:3033::681c:60b
2606:4700::6813:9308
2620:1ec:21::14
2a00:1450:4001:802::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2003
2a00:1450:4001:809::2008
2a00:1450:4001:817::2001
2a00:1450:4001:818::200a
2a00:1450:4001:81c::2003
2a00:1450:4001:81d::2006
2a00:1450:4001:820::200e
2a00:1450:4001:821::2002
2a00:1450:4001:824::2004
2a00:1450:4001:825::2003
2a00:1450:400a:800::2003
2a00:1450:400c:c09::9d
2a02:26f0:6c00:28c::25ea
2a04:fa87:fffe::c000:4902
2a05:f500:10:101::b93f:9105
3.229.100.58
34.255.148.227
35.244.174.68
52.216.184.5
52.48.230.192
54.144.112.83
54.191.53.245
54.88.207.174
99.84.157.54
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a
109c7d8a51ec08e938cb287c7c49d3b95fde451a35cf2850ded7345213abdbaf
148b35f5e5d3dd37d6fc44caa577d6b478b0a62bb1200439d1f77e21f9c88c64
180f18539a9ea0afd9b7392542690b6b0b6affcf1103b3fb3952a4aa6f5d51b5
1a8a2fe2fa45a422cbdcfccb42394b6d843f3d3b362cb18a67fdde3ea70d001f
1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300
1bc0803af1c71fdc1d1e21502a3ad2bfad197707fbfb0b471b9d4f3af6ac3786
1d82c064c90575f6855cea37780e5c8370390cd4f60ad4ae7870c41a0b585149
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d5921a1db0ca67cb1626c00c164a1af68c3895936e4b0e89b8c84c1581f0d91
309b626337a8814c28f9975d6a7d6d62b9c1b20254d6285b4cd534d4c5e5b869
3aab305617162a2abd2300d0b9364f62cd3687d6fa5a8f8b854b76903d006b25
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
559382b44a7cb0b397c474fe76532f50b622824e15440784425d1f4a42a991de
579a9beff0c400b8b0e87f99d32c3ec8b2b3232232d6ac63438434a0a0d7a8b7
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a
5c14a94a28817f61a07c64ad2431d29662763ae0237fb0317d4aeede78e5d24b
5dfb849a3b8bcf3e07184092c4cc99a9f08f27f01e5de41a871d3ee8750303bd
5e7ab6f7c4da32a4ff7c8d1ec877df2cc76b9485c1b12ab4f3ae71094fd46d39
5e8095cad5b71456e02e88835892814dba44009f6403b5a84416db008e5d357f
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9
6b07d33346e965fe1252367b608b4d9616cb5e66587a3b069c429521affc93d1
6db161bccbb1bde8e3d66fd3c41004a69473632c5d3504931c02e09b5a837902
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
73fea71b75dc30b2bf54d008b3727ed732c3c77a3c0682b3e8d48c76313492d2
754c94388315799ee1eb0338fa7163a26d71dcb96c7767c14bcb7cd7d1901fc9
794224b5f30fd821d59b61813e974c82ef6879801b42dff5785cfa30c972b1c3
7977b4e4f640b8099f1f05d09b568d190977386a69173baef976892ea52eadd9
7be715869f43fa16cd8d00c994736f17dccfb2e2a823da1926762b01a366c069
806c9975656fb05571e902f1154303c7b1553ae12444ca54da5b1a150007146c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83af74f9ae1d1e4be00a7e271ab233c20ecc5769bdbd1c72e0524dc86bdf12e4
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811
89700aaf609a6008e9dd62b26dab0b96c0bf72ba3208d29dedadc0dea41ddbdc
8b325dad78fe98febd8a8febb508c07e5b6a4cf42e78343d53ca82632904568e
8e1c678764d16a66f783dfd8bee93916cf2b055635cef0362bc0640b610df5b5
90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13
916b46685de3064525220ba828d946e60ab332f5e65c62d7df5fe9877f9c54b2
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a524abfb198d252bf08ad9743622b0e1593177ce3259104603e81735aceddc4
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9e6b5871100843d13e97696d3dbe3cd9a405736a7d3c8c4deca4324b61fee85f
a716b26ff515ccfb6f33b4b06b82c9587674938c5994d81e261ef41907d57529
a81d6b2c74b35b95432fdbb65fb26739b5586ddab8ae6deaf2c4bc4e50b5ad4b
a8afaefe255b45755c5041cbbd717295b2ba949b7ab6fa43d4e7300e7adff9a2
a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264
ab7385bc83ced10d8f10ccbc3c714a0e3e44fad6aca40c8c007b5f84af5f9120
abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7
ad6110f575081c4de945f980ccf2e045737f164ad2a3d294daffd192f7a5c914
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
c4a7ac1bd20cb98c8e8fba8aaf9f0b7f645c0df85e97ecc2aafa8605426bdad6
c64f79d1ed7c8294b66215d68a6074637ed28ec9cce330a2e6801ebdf5ca4f18
c8dbeaf8294be05010bbfbf833b812f03f7cff452a3fc36760a4f2d1ed083672
c9729d6e62c9df65567bbcd5b1b8353617b67d36c4c3d6d7a97e0a092a2872e5
caf25dc098703f2fcea24b5e306913111132a325e92f923f8be310f35adf3982
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfb587a9c53114e1ecfc17acc254790164730dc1fd1b3d647876c6dc6fcffa35
cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1
d553421bbc161ef0a3b021473c8b3173ccdc4cc8a56a91d16b4bcf4527292d4a
dc007a4560cc3671f0eb8a9eab0501d8a442e473656e2774238bf41a4a8b7c2c
dcc6f3e870333d7408f543f7085b40b8aa8a1ea7ef0aa36f39724bcd8bdaf390
dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d
ddf938119baaea8aab1fea95405f5a270d92869f8a9fe6f96b2c4e8861a9cf67
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5
e9c6a7521fbb7f6af1a2cf39395e780da2e9168c52bea51c55d0f7d8382e7aa9
ea6fe4d66d6584558c1e8a7c90e2617f6681225b138b597a40b05dc55685382c
eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848
ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9
ee0cfdffdce23c9f049fc892ab83fdc1730714160a4a1b13833db207a765c978
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7701fd3870a575fb83baa20adab5aa58d87c70fb5a3cbef66fca8b63b7a55a7
f8c3bc6b4612e018296f32dec014b0e8d4c8ef0c7ff449f26a28b641d3497da1
faa2c6996e45203de0e9e5414466d191f62e5d1a485607e948e7471827360cbf
fab75e2290b229ddf6053fc029341b3d6c156e944472c95f00c7df27393c785d
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b
fbf7bafd35088a010c7fe78df7cab3b5219fe5b11b251e587980f0b36f159669
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

www.scmagazine.com Open in urlscan Pro 2606:4700:20::681a:3d7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

127 Requests

100 %HTTPS

60 %IPv6

26 Domains

43 Subdomains

39 IPs

6 Countries

3060 kBTransfer

4933 kBSize

12 Cookies

18 Outgoing links

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.scmagazine.com Open in urlscan Pro
2606:4700:20::681a:3d7 Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

100 %
HTTPS

60 %
IPv6

26
Domains

43
Subdomains

39
IPs

6
Countries

3060 kB
Transfer

4933 kB
Size

12
Cookies

127 HTTP transactions
5 data transactions