www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.c...
Effective URL:
https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.c...
Submission: On December 15 via api (December 15th 2021, 11:17:57 am UTC) from US — Scanned from DE

Summary HTTP 64 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 13 domains to perform 64 HTTP transactions. The main IP is 2a04:4e42:4c::666, located in United States and belongs to FASTLY, US. The main domain is www.zdnet.com.
TLS certificate: Issued by R3 on October 26th 2021. Valid for: 3 months.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	2a04:4e42:4c:... 2a04:4e42:4c::666	54113 (FASTLY) (FASTLY)
5	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.2.154 151.101.2.154	54113 (FASTLY) (FASTLY)
1	34.120.203.121 34.120.203.121	15169 (GOOGLE) (GOOGLE)
2	151.101.129.194 151.101.129.194	54113 (FASTLY) (FASTLY)
3	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	65.9.64.58 65.9.64.58	16509 (AMAZON-02) (AMAZON-02)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
14	34.235.197.155 34.235.197.155	14618 (AMAZON-AES) (AMAZON-AES)
2	52.5.105.31 52.5.105.31	14618 (AMAZON-AES) (AMAZON-AES)
1	52.31.222.185 52.31.222.185	16509 (AMAZON-02) (AMAZON-02)
2	52.48.241.99 52.48.241.99	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:287::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
64	18

20 2a04:4e42:4c::666 (United States) 1 redirects

ASN54113 (FASTLY, US)

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.2.154 (United States)

ASN54113 (FASTLY, US)

at.adtech.redventures.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.203.121 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 121.203.120.34.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.64.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-64-58.fra56.r.cloudfront.net

cdn.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.235.197.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-197-155.compute-1.amazonaws.com

ingest.make.rvapps.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.5.105.31 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-105-31.compute-1.amazonaws.com

taggy.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.222.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-222-185.eu-west-1.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.241.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-241-99.eu-west-1.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:287::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

684dd32e.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	zdnet.com 1 redirects www.zdnet.com urs.zdnet.com	513 KB
14	rvapps.io ingest.make.rvapps.io	2 KB
5	cohesionapps.com cdn.cohesionapps.com taggy.cohesionapps.com	32 KB
5	cookielaw.org cdn.cookielaw.org	116 KB
4	moatads.com z.moatads.com mb.moatads.com geo.moatads.com	83 KB
3	doubleclick.net securepubads.g.doubleclick.net	144 KB
3	redventures.io at.adtech.redventures.io	179 KB
3	go-mpulse.net c.go-mpulse.net	52 KB
2	fastly.net confiant-integrations.global.ssl.fastly.net	94 KB
2	nr-data.net bam-cell.nr-data.net	1 KB
1	akstat.io 684dd32e.akstat.io	354 B
1	onetrust.com geolocation.onetrust.com	398 B
1	newrelic.com js-agent.newrelic.com	17 KB
64	13

	Domain	Requested by
20	www.zdnet.com	1 redirects www.zdnet.com
14	ingest.make.rvapps.io	www.zdnet.com
5	cdn.cookielaw.org	www.zdnet.com
3	cdn.cohesionapps.com	www.zdnet.com cdn.cohesionapps.com
3	securepubads.g.doubleclick.net	www.zdnet.com
3	at.adtech.redventures.io	www.zdnet.com
3	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net
2	geo.moatads.com	z.moatads.com
2	taggy.cohesionapps.com	www.zdnet.com
2	confiant-integrations.global.ssl.fastly.net	www.zdnet.com
2	bam-cell.nr-data.net	www.zdnet.com
1	684dd32e.akstat.io	c.go-mpulse.net
1	mb.moatads.com	z.moatads.com
1	z.moatads.com	www.zdnet.com
1	urs.zdnet.com	www.zdnet.com
1	geolocation.onetrust.com	www.zdnet.com
1	js-agent.newrelic.com	www.zdnet.com
64	17

This site contains links to these domains. Also see Links.

Domain
downloads.zdnet.com
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
redventures.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
narratives.zdnet.com
privacyportal.onetrust.com
support.zdnet.com
academy.zdnet.com

Subject Issuer	Validity	Valid
*.zdnet.com R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
at.adtech.redventures.io R3	`2021-12-04` - `2022-03-04`	3 months	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
cdn.cohesionapps.com Amazon	`2021-01-17` - `2022-02-14`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
ingest.make.rvapps.io Amazon	`2021-09-26` - `2022-10-24`	a year	crt.sh
*.taggy.cohesionapps.com Amazon	`2021-02-27` - `2022-03-28`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Frame ID: 26E878EBF9220315ECD505E629068F87
Requests: 54 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: 9246BD0B9B8364C8F74DA9814EA743A0
Requests: 2 HTTP requests in this frame

Frame: https://cdn.cohesionapps.com/cohesion/xs2.html
Frame ID: 68D82604E764B62EDC82072AC84517EC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page Not Found (404) | ZDNet

Page URL History Show full URLs

https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log... HTTP 301
https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log... Page URL

Page Statistics

64
Requests

100 %
HTTPS

29 %
IPv6

13
Domains

17
Subdomains

18
IPs

3
Countries

1233 kB
Transfer

3684 kB
Size

25
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://downloads.zdnet.com/
Title: Downloads

Search URL Search Domain Scan URL

URL: http://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: http://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: http://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: http://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://redventures.com/CMG-terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://redventures.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ZDNet/

Search URL Search Domain Scan URL

URL: https://twitter.com/zdnet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/79ba7c84-ebc2-4740-8d11-bf1cc4501e59/ae88e03f-2b16-4276-9980-27124ba4b2c1
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://support.zdnet.com/
Title: Site Assistance

Search URL Search Domain Scan URL

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/Qjd3AeV2ra/u003c/e/u003e. HTTP 301
https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request u003e. Show response
www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/
Redirect Chain

https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/Qjd3AeV2ra/u003c/e/u003e.
https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

192 KB
84 KB

386ms
386ms

Document
text/html

2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4b0642f11e7deb6916648de6b4f363e6a00ac39457570d9aea8299d0392239ff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com;
content-type: text/html; charset=UTF-8
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
last-modified: Wed, 15 Dec 2021 11:17:51 GMT
link: <https://www.zdnet.com/a/fly/css/core/main-974623586b-rev.css>; rel="preload"; as="style"; nopush
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: 8cd54b64-b6b9-48e8-9c30-3d50d7bc2662
x-xss-protection: 1; mode=block
date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
cache-control: max-age=5400, private
expires: Wed, 15 Dec 2021 12:47:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
content-length: 86200

Redirect headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com;
content-type: text/html; charset=UTF-8
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
last-modified: Wed, 15 Dec 2021 11:17:51 GMT
location: /article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: 5635ff13-6ac4-4a5b-9626-95c35dc968d4
x-xss-protection: 1; mode=block
date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
cache-control: max-age=5400, private
expires: Wed, 15 Dec 2021 12:47:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
content-length: 1

GET
H2 200 main-974623586b-rev.css
www.zdnet.com/a/fly/css/core/ 304 KB
52 KB 10ms
9ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/core/main-974623586b-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

be847a5e8bf2c6b967e15a38e09258e75228250529e4038d995fe07fab8e5f26

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 53406
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Dec 2021 20:22:42 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a781901d3b891cdaab963419597dfb25"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Dec 2021 20:24:30 GMT

GET
H2 200 default-4b50df5ff0-rev.css
www.zdnet.com/a/fly/css/feature/error/ 3 KB
926 B 7ms
7ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/feature/error/default-4b50df5ff0-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a7d723763ac826e5893561a1eda9f05cb22046d3ac681d72cb98c3a7a05cbb9c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 813
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Dec 2021 20:22:43 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "83e87331552923ce1e8c4844e38e02ab"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Dec 2021 20:24:35 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 48ms
21ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Dec 2021 11:17:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BXRr8anumVFsMvgN5QlueA==
age: 7509
vary: Accept-Encoding
content-length: 6508
x-ms-lease-status: unlocked
last-modified: Mon, 13 Dec 2021 20:19:26 GMT
server: cloudflare
etag: 0x8D9BE75DC2F7AD9
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 63169a6a-f01e-006a-1a66-f0844d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6bdf44978b7205e9-FRA

GET
H2 200 optanon-v1.1.0.js Show response
www.zdnet.com/a/privacy/optanon/ 36 KB
10 KB 11ms
11ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/privacy/optanon/optanon-v1.1.0.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 10444
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Mar 2021 19:22:21 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "46e2aa30cbebb708b5fc468d57d56d8b"
strict-transport-security: max-age=31536000
content-language: en
via: 1.1 varnish
cache-control: public, max-age=86400
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 18 Nov 2021 07:05:01 GMT

GET
H2 200 shutterstock-1122656969.jpg
www.zdnet.com/a/img/resize/90f23a63e1e05e5304ac5816b6348998fc8c197b/2021/12/15/b6821fa2-f1a5-4e6d-a839-63172b59646d/ 4 KB
4 KB 9ms
6ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/90f23a63e1e05e5304ac5816b6348998fc8c197b/2021/12/15/b6821fa2-f1a5-4e6d-a839-63172b59646d/shutterstock-1122656969.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

44e8a3a61d77ad93ff01f934b0cbcb171b460ac81a461d2dfe10d5f31fc6a6e3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=12192102 idim=5927x3952 ifmt=jpeg ofsz=3668 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 3668
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "Tj6vbqe99D/yrIj3qz4+jF8+LAvU4PHpFIqnPLKVVa4"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 15 Dec 2021 11:52:42 GMT

GET
H2 200 asus-proart-studiobook-16-oled-thumb.jpg
www.zdnet.com/a/img/resize/c761b5646d95087fc39efa9ac89b0062a9c843a7/2021/12/14/b6d540da-046c-46f5-93a0-2eb0aa98fb84/ 5 KB
5 KB 12ms
9ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/c761b5646d95087fc39efa9ac89b0062a9c843a7/2021/12/14/b6d540da-046c-46f5-93a0-2eb0aa98fb84/asus-proart-studiobook-16-oled-thumb.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

fcce63daaf013504ac15d5ba6a254ff1cc19bb273ba75bc6dab20c4a28a8eeba

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=338385 idim=770x578 ifmt=jpeg ofsz=4752 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 4752
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ARMbpkuO0q/gboIMpGRZ5Kk5icUXQRGsO1z3UKZz0oM"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 15 Dec 2021 09:50:07 GMT

GET
H2 200 binary-digital.jpg
www.zdnet.com/a/img/resize/afa19ef394c7e2e75db05d5a0381bc94ad41a624/2014/08/18/b3e455d5-26bb-11e4-8c7f-00505685119a/ 9 KB
9 KB 11ms
8ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/afa19ef394c7e2e75db05d5a0381bc94ad41a624/2014/08/18/b3e455d5-26bb-11e4-8c7f-00505685119a/binary-digital.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7f52910900561f52c4824ec38afaa356f985d1b284b0aeb38ce24d730c2bcdd0

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
fastly-io-info: ifsz=7091483 idim=6000x4000 ifmt=jpeg ofsz=9056 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1588631410900811
fastly-stats: io=1
content-length: 9056
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "8CJv8BLbKnRqzhy1U9hHetrjJk6YsHKH+KCFy7bMVYw"
vary: Accept-Encoding, Accept
strict-transport-security: max-age=31536000
content-language: en
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/webp
expires: Wed, 15 Dec 2021 09:24:27 GMT

GET
H2 200 parliament-house-canberra.jpg
www.zdnet.com/a/img/resize/a6f3e1631ddbaaf1454bb16406875d97412d3d7c/2021/04/20/f5369e78-0429-451c-8a8c-6d55c1cd21eb/ 5 KB
5 KB 10ms
8ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/a6f3e1631ddbaaf1454bb16406875d97412d3d7c/2021/04/20/f5369e78-0429-451c-8a8c-6d55c1cd21eb/parliament-house-canberra.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

fa8042ebc9fa6eebff5421113524cd497e31482929d07cbd90045d5244468b03

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1211298 idim=5616x3744 ifmt=jpeg ofsz=4834 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1618888426642014
fastly-stats: io=1
content-length: 4834
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "QBcP6iKdQmaUisU3r2iGMuJoRtdYw6NAhtA05Keg3Kw"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 02 Dec 2021 07:22:41 GMT

GET
H2 200 bushfire-gettyimages-1192659783.jpg
www.zdnet.com/a/img/resize/5d43b93c11cacbdf8f470bbc3134c14e7a7e6fa6/2021/04/26/0a7f0845-ee12-49f6-9e98-1dda25b54423/ 4 KB
4 KB 12ms
9ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/5d43b93c11cacbdf8f470bbc3134c14e7a7e6fa6/2021/04/26/0a7f0845-ee12-49f6-9e98-1dda25b54423/bushfire-gettyimages-1192659783.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

970fe54771a4b817c52804472a8a52ad5ede1fc437b537b3c82ab167a1ea19a6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=56504 idim=724x483 ifmt=jpeg ofsz=4206 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1619404506059803
fastly-stats: io=1
content-length: 4206
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "xEWD/8KH653iHJQ8j4pwlj51ZcrkXYXLsWzRW5hvxTw"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 02 Dec 2021 18:10:15 GMT

GET
H2 200 require-2.1.2.js Show response
www.zdnet.com/a/fly/js/libs/ 16 KB
6 KB 11ms
8ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/require-2.1.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 6169
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Dec 2021 16:01:53 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ef4ea9601b2a10c6fa6a76408a1d97b4"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Dec 2021 18:20:59 GMT

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame 9246 205 KB
50 KB 34ms
17ms Script
application/javascript 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 11:17:51 GMT
Content-Encoding: br
Last-Modified: Thu, 14 Oct 2021 03:09:47 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50393

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 heading-background.jpg
www.zdnet.com/a/fly/1639513189-asset/bundles/zdnetcss/images/features/error/ 140 KB
140 KB 10ms
10ms Image
image/jpeg 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1639513189-asset/bundles/zdnetcss/images/features/error/heading-background.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/feature/error/default-4b50df5ff0-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b1f579e670be15d02e597a6e56446cfa817823f405c53c1dff7687778db77365

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/feature/error/default-4b50df5ff0-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://*.zdnet.com:*
via: 1.1 varnish
last-modified: Tue, 14 Dec 2021 20:22:45 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
date: Wed, 15 Dec 2021 11:17:51 GMT
vary: Accept-Encoding, Accept
content-type: image/jpeg
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 142971
x-xss-protection: 1; mode=block
expires: Tue, 21 Dec 2021 20:24:36 GMT

GET
H2 200 mag-white-thin.png
www.zdnet.com/a/fly/1639513189-asset/bundles/zdnetcss/images/core/ 313 B
424 B 7ms
7ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1639513189-asset/bundles/zdnetcss/images/core/mag-white-thin.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/feature/error/default-4b50df5ff0-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

043334a3b53a20272803ebd25d336a9fce14549c76660a3c70bc2aff99108c76

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/feature/error/default-4b50df5ff0-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://*.zdnet.com:*
via: 1.1 varnish
last-modified: Tue, 14 Dec 2021 16:01:59 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
date: Wed, 15 Dec 2021 11:17:51 GMT
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 313
x-xss-protection: 1; mode=block
expires: Tue, 21 Dec 2021 19:47:14 GMT

GET
H2 200 logo.png
www.zdnet.com/a/fly/1639513189-asset/bundles/zdnetcss/images/core/ 4 KB
4 KB 21ms
21ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1639513189-asset/bundles/zdnetcss/images/core/logo.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-974623586b-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-974623586b-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://*.zdnet.com:*
via: 1.1 varnish
last-modified: Tue, 14 Dec 2021 16:01:59 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
date: Wed, 15 Dec 2021 11:17:51 GMT
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 4105
x-xss-protection: 1; mode=block
expires: Tue, 21 Dec 2021 20:12:07 GMT

GET
H2 200 Semibold.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 22ms
20ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20344
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Nov 2021 15:35:29 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 18:20:56 GMT

GET
H2 200 Regular.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 23ms
22ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20256
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Nov 2021 15:35:30 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2d636d9395b2da27ce67040250333ca4"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 18:20:56 GMT

GET
H2 200 e70f246a-fd9b-4805-9fd4-fcd89020aca5.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/ 3 KB
2 KB 33ms
15ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/e70f246a-fd9b-4805-9fd4-fcd89020aca5.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: xkIaWO5Hr0+rNu9IdoYHdw==
age: 7128
vary: Accept-Encoding
content-length: 1425
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:53 GMT
server: cloudflare
etag: 0x8D94223473B0939
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6b7a330a-601e-004d-2d15-b61e04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6bdf4497f8744ea4-FRA
expires: Wed, 15 Dec 2021 15:17:52 GMT

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 24ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: ANVX8WPYJ9NM99FD
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: //pISD16Bm7/1PDlW0ghswvgTyyOyXNw/emHSr2czJPEUE1eLcqp61M3L9P610qmdidTDtCabTk=
x-served-by: cache-hhn4029-HHN
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1639567072.001697,VS0,VE0
date: Wed, 15 Dec 2021 11:17:52 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5149

GET
H2 200 main.default.js Show response
www.zdnet.com/a/fly/65214c-fly/js/ 223 KB
70 KB 8ms
8ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/65214c-fly/js/main.default.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

56e69679f1bb212e6a9c1940392932c8d44e08a4cc9e4b3eacd29a561fbd2615

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:51 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 71762
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Dec 2021 20:22:32 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "843a0d625c2fa08f823d8fd463ec7635"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Dec 2021 20:24:32 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 193 B
398 B 59ms
32ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6bdf44984edd692e-FRA

GET
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/1/ 49 B
715 B 167ms
148ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSjhUV1AVJQYDRkxEVycXXl1ZBFknB1RYQ14RWFVLRw4RJQdTTUNAADJRXlA%3D&rst=721&ck=1&ref=https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.&ap=152&be=590&fe=674&dc=643&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1639567071306,%22n%22:0,%22r%22:0,%22re%22:180,%22f%22:180,%22dn%22:180,%22dne%22:180,%22c%22:180,%22ce%22:180,%22rq%22:181,%22rp%22:567,%22rpe%22:577,%22dl%22:570,%22di%22:643,%22ds%22:643,%22de%22:643,%22dc%22:674,%22l%22:674,%22le%22:675%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=663&fcp=663&at=GkEWQAhCSx5HAxIDThwe&jsonp=NREUM.setToken
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 11:17:52 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6bdf449848acd6bd-FRA

GET
H2 200 bidbarrel-zdnet-rv.min.js Show response
at.adtech.redventures.io/lib/dist/prod/ 607 KB
177 KB 24ms
7ms Script
application/javascript 151.101.2.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://at.adtech.redventures.io/lib/dist/prod/bidbarrel-zdnet-rv.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b845.cloudfront.net (CloudFront), 1.1 varnish
age: 236
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 180330
x-served-by: cache-hhn4073-HHN
last-modified: Thu, 28 Oct 2021 17:15:17 GMT
server: AmazonS3
x-timer: S1639567072.048901,VS0,VE1
etag: "873be44731952ce6844f825d0be702dd"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=900, public, must-revalidate
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: VGH47jj9fjjwylFArcjvMsNzTAq38EztRwkp5ZRsemFUnWuRMR1s8Q==
x-cache-hits: 1

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 9246 2 KB
1 KB 227ms
212ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5465224&v=1.720.0&if=&sl=0&si=216dd021-63c4-4b43-b519-2407ed268dce-r45m1r&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4f198a764d73626fde33169ece55329b12eafc4207c6f61f7b8c619410d58472

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 11:17:52 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 801

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 168ms
115ms Script
application/javascript 34.120.203.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://urs.zdnet.com/sdk/urs.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.203.121 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

121.203.120.34.bc.googleusercontent.com

Software

Resource Hash

fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
via: 1.1 google
last-modified: Tue, 12 Jan 2021 17:00:48 GMT
etag: "5ffdd5c0-c803"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
alt-svc: clear
content-length: 51203

GET
H2 200 mpulse-1.0.2.js Show response
www.zdnet.com/a/fly/js/libs/ 61 KB
12 KB 10ms
9ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/mpulse-1.0.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 12449
x-xss-protection: 1; mode=block
last-modified: Mon, 13 Dec 2021 22:34:51 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "148d7e6acc80b32c08a3cbf8e3164307"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Dec 2021 05:39:11 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 217ms
200ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1639567072061&s=4d4ad02cc6834b65c0acf24f0b9957d22a885a9d02529929f9b871483957faa1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b345dc2890ebdf12eb38642f7c71805e32b797c1974ce83e7b2572b4b1f6014b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 11:17:52 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 878

OPTIONS
H2 200 diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ Frame 0
0 136ms
122ms Preflight
text/html 151.101.2.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cat,content-type,variant,version
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: *
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-cloud-trace-context: 02ade026748141f8cf290d94d5f30df8
server: Google Frontend
accept-ranges: bytes
date: Wed, 15 Dec 2021 11:17:52 GMT
via: 1.1 varnish
x-served-by: cache-hhn4027-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1639567072.143149,VS0,VE116
vary: Accept-Encoding, Origin
content-length: 8

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 168 KB
33 KB 29ms
6ms Script
text/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82527e4b52260341c34f496151fa24bedc8aafec48906007f7a354ca1235b024

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 11:17:52 GMT
Content-Encoding: gzip
Age: 1172
X-Cache: HIT
Connection: keep-alive
Content-Length: 33325
x-amz-id-2: +6QVPsjQyYLOFasQFMEdSOuejSDPXiftIL9uFvRS4246Dx6jINmtVSfBzhKHD8AFpu0+X/FtfGE=
X-Served-By: cache-hhn4061-HHN
Last-Modified: Wed, 15 Dec 2021 10:40:35 GMT
Server: AmazonS3
X-Timer: S1639567072.123392,VS0,VE0
ETag: "1f0ac2121498b729930f96095342fb28"
x-amz-request-id: 75SB5BF0K9C286HC
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 54

GET
H2 200 diff Show response
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ 26 KB
3 KB 9ms
9ms Fetch
application/json 151.101.2.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

b8a17ddcc1b2d843e901f25a8f03437d056fd9524567808fcd9bb2cd2fda6a9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

cat: 5zTciER5s
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
variant: core
version: rv2.25.6

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
age: 356
x-dns-prefetch-control: off
x-cache: HIT
ttl: 900s
content-length: 2716
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4027-HHN
access-control-allow-origin: *
server: Google Frontend
x-timer: S1639567072.266741,VS0,VE0
x-frame-options: SAMEORIGIN
date: Wed, 15 Dec 2021 11:17:52 GMT
x-download-options: noopen
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: 1553d2ae860b31986b9fdceaee0ad603
cache-control: max-age=900
etag: W/35afc89a94a709fa54db8726ad4ad8e0bdc593b4
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 2

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 151ms
57ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1071 / 482 of 1000 / last-modified: 1639397097"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26912
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Dec 2021 11:17:52 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.20.0/ 376 KB
84 KB 14ms
13ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/otBannerSdk.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jOOTzA5W9ewbfwCUPpt/mw==
age: 4965021
vary: Accept-Encoding
content-length: 86053
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:48 GMT
server: cloudflare
etag: 0x8D941124BEC2620
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b5562596-701e-0174-096c-c418f5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6bdf4498ee1f05e9-FRA

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/ 189 KB
61 KB 12ms
12ms Script
application/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202112021159/wrap.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 11:17:52 GMT
Content-Encoding: gzip
Age: 188
X-Cache: HIT
Connection: keep-alive
Content-Length: 61460
x-amz-id-2: hpYox85e7/4ad/4wlDOkS+ogK/m8HSS/4IafkrsRHC7wJpj+wo2LpsCNGWRCRA4vdS16ZhvwANw=
X-Served-By: cache-hhn4061-HHN
Last-Modified: Thu, 02 Dec 2021 17:00:39 GMT
Server: AmazonS3
X-Timer: S1639567072.150423,VS0,VE0
ETag: "0bad6e8b774e2623401e436c2a44f48e"
x-amz-request-id: QCMJG79JK0JR3CJW
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 279

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/ 93 KB
20 KB 15ms
15ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/en.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AlmWtxV11YCExQkuyz0PJA==
age: 7038
vary: Accept-Encoding
content-length: 20136
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:59 GMT
server: cloudflare
etag: 0x8D942234AE979B3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 04e26c27-701e-00bc-7615-b6cf97000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6bdf44992aaf4ea4-FRA
expires: Wed, 15 Dec 2021 15:17:52 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.20.0/assets/ 13 KB
3 KB 13ms
13ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/assets/otFlat.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /OL7qnwFOarng5AW29V9Pw==
age: 4964996
vary: Accept-Encoding
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:42 GMT
server: cloudflare
etag: 0x8D94112485FC2D3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 84c52ef2-f01e-0048-626c-c4ea7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6bdf44996b2e4ea4-FRA

GET
H2 200 cohesion-latest.min.js Show response
cdn.cohesionapps.com/cohesion/ 77 KB
22 KB 55ms
20ms Script
text/javascript 65.9.64.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.64.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-64-58.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d5246d5f81b078b8d850b3fbe4ac7c44d05c0755ea14786c6fee453e6805fff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 14 Dec 2021 17:07:19 GMT
content-encoding: gzip
last-modified: Tue, 14 Dec 2021 17:07:13 GMT
server: AmazonS3
age: 65434
etag: W/"9f7be06169d1d8c9558378c9b8f53586"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: null
via: 1.1 910fc18161f0602555cc5b6397ca26f3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-type: text/javascript
x-amz-cf-id: -a82hYJ-QG615Xpz5mOYH6l_ScMByVpHb8eBa6MSG9U0L7z6hzfyKw==

GET
H2 200 default-504d1f2f22-rev.js Show response
www.zdnet.com/a/fly/js/pages/ 49 KB
12 KB 21ms
21ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/pages/default-504d1f2f22-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

25e671b11444e612f50637e92f34577d52dd36b0cc29c13094b5d81c2fdc60a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 12671
x-xss-protection: 1; mode=block
last-modified: Tue, 14 Dec 2021 15:00:39 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "38d59aa21c50cb5d5a935e0e2b6affd9"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Dec 2021 15:23:56 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/redventuresgamheader644747280705/ 240 KB
82 KB 279ms
11ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ba5c9b5823ef1377da70e73357b85ef2dca7ade9afe70c93d0aa163c61c9bf03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
last-modified: Thu, 02 Dec 2021 16:10:34 GMT
server: AmazonS3
x-amz-request-id: DG2H92XYZRQZ4RSV
etag: "33d2b31f29685690d6e2e3d016555f04"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=12362
accept-ranges: bytes
content-length: 83699
x-amz-id-2: TnGeV4HtYB4NVPsPbHr+b5g34xbNmb7VjpQ7zI9/ywXjEabCjusxmRc+mMFbdi/bypbtdhI7jN0=

GET
H2 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 56ms
55ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Dec 2021 11:17:52 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 217 B
153 B 102ms
51ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128
x-xss-protection: 0
expires: Wed, 15 Dec 2021 11:17:52 GMT

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 317ms
101ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 314ms
100ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 310ms
99ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 311ms
101ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 310ms
101ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 112ms
111ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: 123d648a0774e7af292a025ce64b8e55d90df571f8fa4b0709804b9cb5f7b99e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 111ms
109ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: 8d490b6df62228c1dc90e2707215dc9935990d9d1bae1d8b5e2ba8e251e83290

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 117ms
115ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: 2e998f6df979b0e1676473323323c3a790babcb000849a5b29c3d83a00f54442

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 113ms
111ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: b27f17f35945a0d8be2ead8af8aa4f806970574b4b1c3fd8cc3da0d2f3b375d2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 116ms
114ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: 59257bfe0fbedeffe53f42e0e90fcb4bbdfdc86fcd4a3e796f845a75ef3cebfa

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

GET
H2 200 xs1.html Show response
cdn.cohesionapps.com/cohesion/ Frame 68D8 2 KB
1 KB 7ms
7ms Document
text/html 65.9.64.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.64.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-64-58.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Response headers

content-type: text/html
date: Tue, 14 Dec 2021 17:07:28 GMT
last-modified: Tue, 14 Dec 2021 17:07:14 GMT
etag: W/"10b2c1751c2247b1aeccc91060f971cf"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 910fc18161f0602555cc5b6397ca26f3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: b-0pQGcccN07wW1SGEq7Oy0gMlZTm50zROplEkojQCZ7fSoupZCgIQ==
age: 65425

GET
H2 200 public Show response
taggy.cohesionapps.com/implementations/ 8 KB
8 KB 101ms
101ms XHR
application/json 52.5.105.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://taggy.cohesionapps.com/implementations/public
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.5.105.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-105-31.compute-1.amazonaws.com
Software: / Express
Resource Hash: 1057d5fd733028374c07f587279e61230771eddfd056ce12fb75492fd1224ffd

Request headers

Source-Key: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Page-URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
x-powered-by: Express
etag: W/"202f-WDoQOp1rO0z7TI9x4+12ERK4udk"
content-length: 8239
content-type: application/json; charset=utf-8

OPTIONS
H2 204 public
taggy.cohesionapps.com/implementations/ Frame 0
0 302ms
98ms Preflight 52.5.105.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://taggy.cohesionapps.com/implementations/public
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.5.105.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-105-31.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,page-url,source-key
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,page-url,source-key

POST
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/events/1/ 24 B
501 B 136ms
136ms XHR
image/gif 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSjhUV1AVJQYDRkxEVycXXl1ZBFknB1RYQ14RWFVLRw4RJQdTTUNAADJRXlA%3D&rst=1135&ck=1&ref=https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 15 Dec 2021 11:17:52 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6bdf449acba0d6bd-FRA
Content-Length: 24

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
2 KB 164ms
164ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e689758fc075c944411817cdf6436d4e637ee7ea0265c18a5dd544591721dd8c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-11067226c77b2265----1639567072470
traceparent: 00-bbc922f02fdcacd5550e410869b22550-11067226c77b2265-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiMTEwNjcyMjZjNzdiMjI2NSIsInRyIjoiYmJjOTIyZjAyZmRjYWNkNTU1MGU0MTA4NjliMjI1NTAiLCJ0aSI6MTYzOTU2NzA3MjQ3MCwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IAAdVUU4aABtEVlRSAAEHAQcFVVxSClxRBBFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Wed, 15 Dec 2021 11:17:52 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 6b098f2b-cbdc-4ed2-9c38-39b6ad52eb08
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Wed, 15 Dec 2021 11:17:52 GMT

GET
H2 200 xs2.html Show response
cdn.cohesionapps.com/cohesion/ Frame 68D8 473 B
836 B 8ms
7ms Document
text/html 65.9.64.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs2.html
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.64.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-64-58.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cohesionapps.com/cohesion/xs1.html

Response headers

content-type: text/html
content-length: 473
date: Tue, 14 Dec 2021 17:07:19 GMT
last-modified: Tue, 14 Dec 2021 17:07:14 GMT
etag: "ffa03bed298484a7755ca23c5431cb28"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 910fc18161f0602555cc5b6397ca26f3.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: Td_ygjijCWzlObZoMv2D7CLUP-ngIu9s-GwyPbDSgJv-uIOw-wWFXg==
age: 65434

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 243ms
100ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 112ms
110ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: 9e032a4463e1b7a7b4f2fe216d4a580803877a8f7817ff0251ec5d0742d9e1f4

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 123ms
121ms XHR
application/json 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash: bf57d5f8f13692cd125dd879790e992857a1d113bda90ffe144717cede5cbfa7

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 15 Dec 2021 11:17:52 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 241ms
100ms Preflight 34.235.197.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.197.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-197-155.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 222 B
397 B 138ms
53ms Script
text/html 52.31.222.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24GTK%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-zKeP6LDFBj3g4YpW6R34RpvnDsHp3lN2bOJbBer2APsOGgL%2F6PC5WmU2F3MRrrFWS1qZ&rs=1-meJ9Ql14YhN2gA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fkhonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j%2F%2Fu003ehttps%3A%2F%2Ft.co%2Fqjd3aev2ra%2Fu003c%2Fe%2Fu003e.&pcode=redventuresgamheader644747280705&rx=910361435142&callback=MoatNadoAllJsonpRequest_87285684
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.222.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-222-185.eu-west-1.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 56799753355d109b8e1cb362622da7b954e675e1f944e40d8026c38f57a8988c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "13904e7af009359c0b290ddcc5360139acb104d8"
content-length: 222
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 84 B
257 B 121ms
37ms Script
text/html 52.48.241.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24GTK%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-zKeP6LDFBj3g4YpW6R34RpvnDsHp3lN2bOJbBer2APsOGgL%2F6PC5WmU2F3MRrrFWS1qZ&rs=1-meJ9Ql14YhN2gA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fkhonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j%2F%2Fu003ehttps%3A%2F%2Ft.co%2Fqjd3aev2ra%2Fu003c%2Fe%2Fu003e.&pcode=redventuresgamheader644747280705&rx=910361435142&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1639567072677&de=505767365951&m=0&ar=8ab009d7785-clean&iw=04a0275&q=1&cb=0&cu=1639567072677&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fkhonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j%2F%2Fu003ehttps%3A%2F%2Ft.co%2Fqjd3aev2ra%2Fu003c%2Fe%2Fu003e.&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A663%3A663%3A675%3A643&jk=-1&jm=-1&fs=195979&na=339343766&cs=0&ord=1639567072677&jv=1220654887&callback=DOMlessLLDcallback_87285684
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.241.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-241-99.eu-west-1.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: fa8299e13ac48ad4fd40d95454a492988fa0bc63e67553024d98bcfef855250b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "744cc2e25b309f66d56e79f5eb36e307d28ae8d6"
content-length: 84
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 86 B
260 B 119ms
35ms Script
text/html 52.48.241.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24GTK%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-zKeP6LDFBj3g4YpW6R34RpvnDsHp3lN2bOJbBer2APsOGgL%2F6PC5WmU2F3MRrrFWS1qZ&rs=1-meJ9Ql14YhN2gA%3D%3D&sc=1&os=1-gw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fkhonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j%2F%2Fu003ehttps%3A%2F%2Ft.co%2Fqjd3aev2ra%2Fu003c%2Fe%2Fu003e.&pcode=redventuresgamheader644747280705&rx=910361435142&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1639567072677&de=505767365951&m=0&ar=8ab009d7785-clean&iw=04a0275&q=2&cb=0&cu=1639567072677&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fkhonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j%2F%2Fu003ehttps%3A%2F%2Ft.co%2Fqjd3aev2ra%2Fu003c%2Fe%2Fu003e.&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A663%3A663%3A675%3A643&jk=-1&jm=-1&fs=195979&na=1331253771&cs=0&callback=MoatDataJsonpRequest_87285684
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.241.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-241-99.eu-west-1.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 7975ffc63eed6f9f808b91c63de0e49ff3ff414b9ee6e103fea100a062972458

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:17:52 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "5c5c1f79475417c5b194e3f7098430a31b7923b2"
content-length: 86
content-type: text/html; charset=UTF-8

POST
H/1.1 204
No Content /
684dd32e.akstat.io/ 0
354 B 202ms
168ms Ping
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32e.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 11:17:54 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Wed, 15 Dec 2021 11:17:54 GMT

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e	1970-01-19 23:27:10	Name: pv Value: 1
www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e	1969-12-31 23:59:59	Name: zdnet_ad Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22aw%22%2C%22subses%22%3A%223%22%2C%22session%22%3A%22d%22%7D
.zdnet.com/	1970-01-19 23:36:11	Name: fly_geo Value: {"countryCode": "de"}
.zdnet.com/	1970-01-19 23:36:11	Name: fly_device Value: desktop
.zdnet.com/	1969-12-31 23:59:59	Name: fly_preferred_edition Value: eu
.zdnet.com/	1969-12-31 23:59:59	Name: fly_default_edition Value: eu
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 982daca093f2a65e
.zdnet.com/	1970-01-20 08:11:43	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Dec+15+2021+11%3A17%3A52+GMT%2B0000+(GMT)&version=6.20.0&hosts=&consentId=7bd02e00-8f4b-4bab-9ea7-f34a459b79dd&interactionCount=0&landingPath=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fkhonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j%2F%2Fu003ehttps%3A%2F%2Ft.co%2Fqjd3aev2ra%2Fu003c%2Fe%2Fu003e.&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.zdnet.com/	1970-01-20 00:09:19	Name: arrowImp Value: true
.zdnet.com/	1970-01-20 00:09:19	Name: arrowImpCnt Value: 1
.zdnet.com/	1969-12-31 23:59:59	Name: zdnetSessionStarted Value: true
.zdnet.com/	1970-01-20 00:09:19	Name: zdnetSessionCount Value: 1
.www.zdnet.com/	1970-01-20 16:57:19	Name: chsn_cnsnt Value: tglr_ref%2Ctglr_req%2Ctglr_sess_id%2Ctglr_sess_count%2Ctglr_anon_id%2Ctglr_tenant_id%2Ctglr_virtual_ref%2Ctglr_transit_id%2Cchsn_dcsn_cache%2Cpmpdid%2Cpmpredirected%2Cpmpredir%2Cfuseid%2Ccohsn_xs_id%2Cchsn_auth_id%2ChashID%2CetagID%2CreinforcedID%2ChttpOnlyID%2CfpID%2CflID%2Ctglr_smpl%2Ctglr_reinforce%2Ctglr_gpc_sess_id%2Ctglr_hash_id
.www.zdnet.com/	1970-01-20 16:57:19	Name: tglr_tenant_id Value: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
.www.zdnet.com/	1970-01-19 23:26:08	Name: tglr_transit_id Value: 1d91f20e-5411-44ab-a0b1-88db70a3ef5a
.www.zdnet.com/	1970-01-19 23:26:08	Name: tglr_sess_id Value: cdab0b7e-14f3-4fc5-b9b3-aad618dc4a6a
.www.zdnet.com/	1970-01-20 16:57:19	Name: tglr_sess_count Value: 1
.www.zdnet.com/	1970-01-19 23:26:08	Name: tglr_req Value: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e.
.www.zdnet.com/	1970-01-19 23:26:08	Name: tglr_ref Value:
.www.zdnet.com/	1970-01-20 16:57:19	Name: tglr_anon_id Value: e2e3e84e-cebf-4fd9-9a56-827d29d79e75
www.zdnet.com/	1969-12-31 23:59:59	Name: viewGuid Value: 3d0248dc-9b09-42ae-98ec-2114120145f1
.cohesionapps.com/	1970-01-20 16:57:19	Name: cohsn_xs_id Value: 518d3c3f-1db3-4ddc-92ef-84174dbf2f00
.www.zdnet.com/	1970-01-20 16:57:19	Name: cohsn_xs_id Value: 518d3c3f-1db3-4ddc-92ef-84174dbf2f00
.zdnet.com/	1969-12-31 23:59:59	Name: fly_session Value: 48bafc5be2be897bf6f3e7279d5c6b82
.zdnet.com/	1970-01-19 23:36:11	Name: RT Value: "z=1&dm=zdnet.com&si=adea45d9-2176-421c-b8f6-deee2acd7c86&ss=kx7fwgui&sl=1&tt=ir&bcn=%2F%2F684dd32e.akstat.io%2F&ld=1qq"

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.zdnet.com/article/khonsari-ransomware-iranian-group-nemesis-kitten-seen-exploiting-log4j//u003ehttps://t.co/qjd3aev2ra/u003c/e/u003e. Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd32e.akstat.io
at.adtech.redventures.io
bam-cell.nr-data.net
c.go-mpulse.net
cdn.cohesionapps.com
cdn.cookielaw.org
confiant-integrations.global.ssl.fastly.net
geo.moatads.com
geolocation.onetrust.com
ingest.make.rvapps.io
js-agent.newrelic.com
mb.moatads.com
securepubads.g.doubleclick.net
taggy.cohesionapps.com
urs.zdnet.com
www.zdnet.com
z.moatads.com
142.250.185.98
151.101.129.194
151.101.2.137
151.101.2.154
162.247.243.146
2.18.235.40
2606:4700:10::6814:b844
2606:4700::6810:9540
2a02:26f0:6c00:1bb::11a6
2a02:26f0:6c00:287::11a6
2a04:4e42:4c::666
34.120.203.121
34.235.197.155
52.31.222.185
52.48.241.99
52.5.105.31
65.9.64.58
043334a3b53a20272803ebd25d336a9fce14549c76660a3c70bc2aff99108c76
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
1057d5fd733028374c07f587279e61230771eddfd056ce12fb75492fd1224ffd
123d648a0774e7af292a025ce64b8e55d90df571f8fa4b0709804b9cb5f7b99e
12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb
1907478e8fa62801a1db26be87cab0755288131c9c8e80320582e560825df3cc
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
25e671b11444e612f50637e92f34577d52dd36b0cc29c13094b5d81c2fdc60a0
295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2e998f6df979b0e1676473323323c3a790babcb000849a5b29c3d83a00f54442
44e8a3a61d77ad93ff01f934b0cbcb171b460ac81a461d2dfe10d5f31fc6a6e3
4b0642f11e7deb6916648de6b4f363e6a00ac39457570d9aea8299d0392239ff
4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c
4f198a764d73626fde33169ece55329b12eafc4207c6f61f7b8c619410d58472
56799753355d109b8e1cb362622da7b954e675e1f944e40d8026c38f57a8988c
56e69679f1bb212e6a9c1940392932c8d44e08a4cc9e4b3eacd29a561fbd2615
59257bfe0fbedeffe53f42e0e90fcb4bbdfdc86fcd4a3e796f845a75ef3cebfa
6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03
6d5246d5f81b078b8d850b3fbe4ac7c44d05c0755ea14786c6fee453e6805fff
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
7975ffc63eed6f9f808b91c63de0e49ff3ff414b9ee6e103fea100a062972458
7f52910900561f52c4824ec38afaa356f985d1b284b0aeb38ce24d730c2bcdd0
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
80da370ad41bee2716b42d1583e139eac39f5c7c243c5fe6439b9754013116c6
82527e4b52260341c34f496151fa24bedc8aafec48906007f7a354ca1235b024
88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9
8d490b6df62228c1dc90e2707215dc9935990d9d1bae1d8b5e2ba8e251e83290
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
970fe54771a4b817c52804472a8a52ad5ede1fc437b537b3c82ab167a1ea19a6
9e032a4463e1b7a7b4f2fe216d4a580803877a8f7817ff0251ec5d0742d9e1f4
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a7d723763ac826e5893561a1eda9f05cb22046d3ac681d72cb98c3a7a05cbb9c
afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9
b1f579e670be15d02e597a6e56446cfa817823f405c53c1dff7687778db77365
b27f17f35945a0d8be2ead8af8aa4f806970574b4b1c3fd8cc3da0d2f3b375d2
b345dc2890ebdf12eb38642f7c71805e32b797c1974ce83e7b2572b4b1f6014b
b8a17ddcc1b2d843e901f25a8f03437d056fd9524567808fcd9bb2cd2fda6a9b
ba5c9b5823ef1377da70e73357b85ef2dca7ade9afe70c93d0aa163c61c9bf03
be847a5e8bf2c6b967e15a38e09258e75228250529e4038d995fe07fab8e5f26
bf57d5f8f13692cd125dd879790e992857a1d113bda90ffe144717cede5cbfa7
c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e689758fc075c944411817cdf6436d4e637ee7ea0265c18a5dd544591721dd8c
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
fa8042ebc9fa6eebff5421113524cd497e31482929d07cbd90045d5244468b03
fa8299e13ac48ad4fd40d95454a492988fa0bc63e67553024d98bcfef855250b
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
fcce63daaf013504ac15d5ba6a254ff1cc19bb273ba75bc6dab20c4a28a8eeba
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

www.zdnet.com Open in urlscan Pro 2a04:4e42:4c::666 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

64 Requests

100 %HTTPS

29 %IPv6

13 Domains

17 Subdomains

18 IPs

3 Countries

1233 kBTransfer

3684 kBSize

25 Cookies

15 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

100 %
HTTPS

29 %
IPv6

13
Domains

17
Subdomains

18
IPs

3
Countries

1233 kB
Transfer

3684 kB
Size

25
Cookies

64 HTTP transactions
3 data transactions