www.scmagazine.com Open in urlscan Pro
2606:4700:20::681a:3d7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-...
Submission Tags: falconsandbox
Submission: On October 30 via api (October 30th 2020, 3:44:33 pm UTC) from US

Summary HTTP 125 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 34 IPs in 5 countries across 24 domains to perform 125 HTTP transactions. The main IP is 2606:4700:20::681a:3d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.scmagazine.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 13th 2020. Valid for: a year.

This is the only time www.scmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	2606:4700:20:... 2606:4700:20::681a:3d7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	204.180.130.159 204.180.130.159	53866 (QTS-AS) (QTS-AS)
2	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20d... 2600:9000:20d7:b000:a:1779:3180:93a1	16509 (AMAZON-02) (AMAZON-02)
3	52.216.139.5 52.216.139.5	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:815::2003	15169 (GOOGLE) (GOOGLE)
15	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	65.9.19.119 65.9.19.119	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:eb:... 2a02:26f0:eb:39c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2600:1f14:e96... 2600:1f14:e96:5800:2079:9f67:f03e:d5a8	16509 (AMAZON-02) (AMAZON-02)
1 3	2600:1f14:e96... 2600:1f14:e96:5802:f22c:13d5:fce0:daa1	16509 (AMAZON-02) (AMAZON-02)
1	143.204.89.59 143.204.89.59	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:216	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3033::681c:60b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	54.144.112.83 54.144.112.83	14618 (AMAZON-AES) (AMAZON-AES)
1	13.225.73.5 13.225.73.5	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
2 3	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
3	3.229.100.58 3.229.100.58	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
2	204.180.130.165 204.180.130.165	53866 (QTS-AS) (QTS-AS)
1 1	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE)
1	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
2 2	34.246.127.166 34.246.127.166	16509 (AMAZON-02) (AMAZON-02)
1	54.218.89.177 54.218.89.177	16509 (AMAZON-02) (AMAZON-02)
1	52.17.148.237 52.17.148.237	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:814::2001	15169 (GOOGLE) (GOOGLE)
125	34

30 2606:4700:20::681a:3d7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.scmagazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 204.180.130.159 (Chicago, United States)

ASN53866 (QTS-AS, US)
PTR: my.omedastaging.com

olytics.omeda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20d7:b000:a:1779:3180:93a1 (United States)

ASN16509 (AMAZON-02, US)

content.maropost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.216.139.5 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.19.119 (Seattle, United States)

ASN16509 (AMAZON-02, US)

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:eb:39c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:e96:5800:2079:9f67:f03e:d5a8 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

api.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f14:e96:5802:f22c:13d5:fce0:daa1 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

api-54-218-89-177.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.59 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-59.fra50.r.cloudfront.net

s.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:216 (United States)

ASN13335 (CLOUDFLARENET, US)

c.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::681c:60b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6b18cd5ce9bca36c0ae1fb0ed3ac7560.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.144.112.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-112-83.compute-1.amazonaws.com

polo.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
polo-v1.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.73.5 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-5.fra2.r.cloudfront.net

marco.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.38 (Ascension Island) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.229.100.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-100-58.compute-1.amazonaws.com

a.dpmsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.180.130.165 (Chicago, United States)

ASN53866 (QTS-AS, US)

oqs.omeda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f66.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.207.148 (United States)

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.127.166 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-127-166.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.218.89.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)

api-54-218-89-177.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.148.237 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-148-237.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:814::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	scmagazine.com www.scmagazine.com	869 KB
20	googlesyndication.com 6b18cd5ce9bca36c0ae1fb0ed3ac7560.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	144 KB
17	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	141 KB
10	omeda.com olytics.omeda.com oqs.omeda.com	81 KB
7	feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co polo-v1.feathr.co	37 KB
7	googletagservices.com www.googletagservices.com	157 KB
5	b2c.com 2 redirects api.b2c.com api-54-218-89-177.b2c.com	7 KB
4	dpmsrv.com s.dpmsrv.com a.dpmsrv.com	40 KB
4	adsrvr.org 2 redirects js.adsrvr.org match.adsrvr.org insight.adsrvr.org	3 KB
4	google-analytics.com www.google-analytics.com	50 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	gstatic.com fonts.gstatic.com	42 KB
3	amazonaws.com s3.amazonaws.com	2 MB
2	google.com adservice.google.com www.google.com	352 B
2	google.de adservice.google.de www.google.de	938 B
2	licdn.com snap.licdn.com	3 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	rlcdn.com idsync.rlcdn.com	42 B
1	lytics.io c.lytics.io	669 B
1	crazyegg.com script.crazyegg.com
1	maropost.com content.maropost.com	3 KB
1	googletagmanager.com www.googletagmanager.com	49 KB
1	gravatar.com secure.gravatar.com	2 KB
125	24

	Domain	Requested by
30	www.scmagazine.com	www.scmagazine.com
15	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.scmagazine.com
14	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
8	olytics.omeda.com	www.scmagazine.com olytics.omeda.com
7	www.googletagservices.com	www.scmagazine.com olytics.omeda.com securepubads.g.doubleclick.net
5	pagead2.googlesyndication.com	olytics.omeda.com securepubads.g.doubleclick.net
4	polo.feathr.co	cdn.feathr.co www.scmagazine.com
4	api-54-218-89-177.b2c.com	1 redirects www.scmagazine.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	a.dpmsrv.com	www.scmagazine.com s.dpmsrv.com
3	ib.adnxs.com	2 redirects www.scmagazine.com
3	fonts.gstatic.com	fonts.googleapis.com
3	s3.amazonaws.com	www.scmagazine.com
2	match.adsrvr.org	2 redirects
2	oqs.omeda.com	olytics.omeda.com
2	px.ads.linkedin.com	1 redirects www.scmagazine.com
2	snap.licdn.com	www.scmagazine.com snap.licdn.com
2	fonts.googleapis.com	www.scmagazine.com
1	insight.adsrvr.org	js.adsrvr.org
1	polo-v1.feathr.co	www.scmagazine.com
1	idsync.rlcdn.com	www.scmagazine.com
1	cm.g.doubleclick.net	1 redirects
1	www.google.de	www.scmagazine.com
1	www.google.com	www.scmagazine.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	marco.feathr.co	www.scmagazine.com
1	www.linkedin.com	1 redirects
1	6b18cd5ce9bca36c0ae1fb0ed3ac7560.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	cdn.feathr.co	www.scmagazine.com
1	c.lytics.io	www.scmagazine.com
1	s.dpmsrv.com	www.scmagazine.com
1	api.b2c.com	1 redirects
1	js.adsrvr.org	www.googletagmanager.com
1	script.crazyegg.com	www.googletagmanager.com
1	content.maropost.com	www.scmagazine.com
1	www.googletagmanager.com	www.scmagazine.com
1	secure.gravatar.com	www.scmagazine.com
125	39

This site contains links to these domains. Also see Links.

Domain
www.parsintl.com
infosecworldusa.com
www.risksecconference.com
scawardsus.com
www.scmagazineuk.com
twitter.com
www.facebook.com
www.linkedin.com
reddit.com
www.youtube.com
cyberrisk.dragonforms.com
events.cyberriskalliance.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-13` - `2021-08-13`	a year	crt.sh
*.omeda.com SSL.com RSA SSL subCA	`2020-07-31` - `2021-08-18`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.maropost.com Go Daddy Secure Certificate Authority - G2	`2019-06-10` - `2021-08-09`	2 years	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2020-08-04` - `2021-08-09`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
b2c.com Let's Encrypt Authority X3	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.dpmsrv.com Amazon	`2020-06-15` - `2021-07-15`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
polo.feathr.co Let's Encrypt Authority X3	`2020-10-26` - `2021-01-24`	3 months	crt.sh
marco.feathr.co Amazon	`2020-08-22` - `2021-09-22`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Frame ID: 4C0B7DF49B8EE04D62975350A1056AA6
Requests: 93 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&upid=e4qkh98&upv=1.1.0
Frame ID: 4F840134D7E711B2C6FBD4180481EA1D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 4BF787225356F81CCBEAB4031DD1E818
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst8DPE4JMeNNmlTlGGY9k9FSDq39eQ8x_DszfJVSoP6i13QP2bWkWuDJGpzaR1xUx1606EKqHVeuEYDxWBV_bxMua6fVWzj1NMNOZhZKSm4WsNWaATt61eCG57FYVxTsIPi4PjgjmsafMhR_R6ubCUuZTSNKsBrVrOXGVBJO83ziUa34ahSTLFmg2gtu3Xa9Lg1IXijGBD4eG8LCC_NyIQ0OobdDFWngjz9LyHgxzfjvkSnnyi9K-SFuwngS0Hps7tLQ9395Mw&sig=Cg0ArKJSzMgeqq-3r6BDEAE&adurl=
Frame ID: 5B4D5658412E84D98B807B4D58B1A176
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuGKmpro8becFnuOCkvc9BKD4KpPLqudgpGQpUNeOXzLsTwhOObFF2690dFolaB-TpbfF8HQgkCTFZkEtB-zg5xIl142HmyEZ69-K5cn6DVO8lCqfP1sN79VQTvvmR9fNb_GgLULl3UVDp7gZ64xZPnptUJXdh29Ed2x29UkK3x53zMEywff4GtRs-_YUcJso4cwKdyPk6tes-kpb2hn1CkujnDufIWBYDDQBOB5TgHHij23_Twds_L78d9s75LWlLgqqPTETY&sig=Cg0ArKJSzAqvPw4CBWP2EAE&adurl=
Frame ID: 718B8B819E3E7EF44CBBA31E451D0B7C
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst89ZdBbph5pt9dATv1bLgJ5_W35qjKXQeGTrNgWGQ3PCCBk4CVp6nOUkvtEBdwuevVMjB2LjDF3nzAuWVUqCyRAhoA_NyZ77C7go6c04FNu2F1DJ7ICcugzy8-BGAYyIvSajUF6k2QiJs8lBiK-SYwZh8pcytrSXl82uBGEHeGwpV8W5oxDsXWe-EiQPj5S_a85OuC570AiropaQhaAAoN9sFE9SpcaPNQImjzuB-Mj0ohKaX9i3eFnUxKiVmCKAy8tQ&sig=Cg0ArKJSzJS3earhilwQEAE&adurl=
Frame ID: 8111C8A5293431D697074933FF3242A0
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBorBfOhFCIdn5ksTB-7nBXan1_1YlMCA0tqVoKML2L1f_yeJzjVXY4VVVoleTe69CzcZdGUg2_amkvO_V2Iy3uUc0IeIdEBtqyer6SzqS93fVAsdAiD4386Sf2wOblSn4OjsxQRmHxWTVu9aI8vipdtBqj_8NvvKHJOrKzxFmrvQ_bK9OJhVXL_-Qwj4ro5kcjOVj447rlSJgU-QBOicSr4I9N8Vabu3L9EStadinCYUiNV-79R4SgwaJFAyAW0Qwdg&sig=Cg0ArKJSzFI3ChN4s_WeEAE&adurl=
Frame ID: F3B6711BF63CBE6347BD9E2B8B561FA5
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Page Statistics

125
Requests

100 %
HTTPS

59 %
IPv6

24
Domains

39
Subdomains

34
IPs

5
Countries

3281 kB
Transfer

5143 kB
Size

11
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.parsintl.com/publication/sc/
Title: Licensing & Product Reviews

Search URL Search Domain Scan URL

URL: http://infosecworldusa.com/
Title: InfoSec World

Search URL Search Domain Scan URL

URL: https://www.risksecconference.com/
Title: RiskSec

Search URL Search Domain Scan URL

URL: https://scawardsus.com/
Title: SC Awards

Search URL Search Domain Scan URL

URL: https://www.scmagazineuk.com/
Title: SC UK

Search URL Search Domain Scan URL

URL: https://twitter.com/bbb1216bbb
Title: Follow @bbb1216bbb

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/&text=NCR%20confirms%20malware%20in%20lab%20environment,%20says%20clients%20not%20at%20risk
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/&title=NCR%20confirms%20malware%20in%20lab%20environment,%20says%20clients%20not%20at%20risk
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SCMag/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/scmagazine
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/scmediaus/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SCMagazineUS
Title:

Search URL Search Domain Scan URL

URL: https://cyberrisk.dragonforms.com/loading.do?omedasite=SCM_newsletter
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://events.cyberriskalliance.com/risksec-2020
Title: RiskSec Conference

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js HTTP 307
https://api-54-218-89-177.b2c.com/api/embed-uq7FkOu8ocIJW0dw.js

Request Chain 59

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1604072654696 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fmalware%252Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%252F%26time%3D1604072654696%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1604072654696&liSync=true

Request Chain 64

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D1122%26pixelIndex%3D0%26r%3D950579%26tzOffset%3D-60%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fmalware%252Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%252F&_=1604072654746 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D1122%2526pixelIndex%253D0%2526r%253D950579%2526tzOffset%253D-60%2526url%253Dhttps%25253A%25252F%25252Fwww.scmagazine.com%25252Fhome%25252Fsecurity-news%25252Fmalware%25252Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%25252F%26_%3D1604072654746 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?id=5451297540399467628&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=950579&tzOffset=-60&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&_=1604072654746

Request Chain 73

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=5451297540399467628&pixelIndex=0&_=1604072654747 HTTP 302
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=5451297540399467628&pixelIndex=0&_=1604072654747&google_gid=CAESEAEBTFnQwqsmxv07L3SqigY&google_cver=1

Request Chain 76

https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f9c34cef594370008479132&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f9c34cef594370008479132&gdpr=0 HTTP 302
https://polo-v1.feathr.co/v1/analytics/match?f_id=5f9c34cef594370008479132&ttd_id=6af606c4-478e-406e-bddd-25242979e065

Request Chain 86

https://api-54-218-89-177.b2c.com/api/x?uq7FkOu8ocIJW0dw$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL21hbHdhcmUvZXhjbHVzaXZlLXRyb2phbi1hcHBhcmVudGx5LWluZmVjdHMtbmNyLXBvc2luZy1wb3NzaWJsZS1zdXBwbHktY2hhaW4tcmlzay8iLCJyZWZlcnJlciQwJCIsImFuY2VzdG9yT3JpZ2lucyQwJCIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQwIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDEiLCJ3aW5kb3ckMCQxNjAweDEyMDAiLCJpbm5lciQwJDE2MDB4MTIwMCIsIm91dGVyJDAkMTYwMHgxMjAwIiwibG9jYWxTdG9yYWdlJDAkMSIsInNlc3Npb25TdG9yYWdlJDEkMSIsImFwcENvZGVOYW1lJDEkTW96aWxsYSIsImFwcE5hbWUkMSROZXRzY2FwZSIsImFwcFZlcnNpb24kMSQ1LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQxJHRydWUiLCJkb05vdFRyYWNrJDEkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQxJDE2IiwibGFuZ3VhZ2UkMSRlbi1VUyIsInBsYXRmb3JtJDEkTGludXggeDg2XzY0IiwicHJvZHVjdCQxJEdlY2tvIiwicHJvZHVjdFN1YiQxJDIwMDMwMTA3Iiwic2VuZEJlYWNvbiQxJDEiLCJ1c2VyQWdlbnQkMSRNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODMuMC40MTAzLjYxIFNhZmFyaS81MzcuMzYiLCJ2ZW5kb3IkMSRHb29nbGUgSW5jLiIsInZlbmRvclN1YiQxJCIsImZvbnRyZW5kZXIkNSQxIiwid2ViZ2wkNiRuL2EiLCJ0aW1lJDYkMTYwNDA3MjY1NTU0MyIsInRpbWV6b25lJDYkLTYwIiwicGx1Z2lucyQ3JE5vbmUiLCJtZW0tdG90YWxKU0hlYXBTaXplJDckMTIuOTg1MzcxIiwibWVtLXVzZWRKU0hlYXBTaXplJDckMTAuNjM5OTE5IiwibWVtLWpzSGVhcFNpemVMaW1pdCQ3JDQyOTQuNzA1MTUyIiwidGltZS1kb21haW5Mb29rdXBFbmQkNyQxMCIsInRpbWUtY29ubmVjdFN0YXJ0JDckMTAiLCJ0aW1lLWNvbm5lY3RFbmQkNyQyNyIsInRpbWUtc2VjdXJlQ29ubmVjdGlvblN0YXJ0JDckMTUiLCJ0aW1lLXJlcXVlc3RTdGFydCQ3JDI3IiwidGltZS1yZXNwb25zZVN0YXJ0JDckNDc0IiwidGltZS1yZXNwb25zZUVuZCQ3JDQ3NyIsInRpbWUtZG9tTG9hZGluZyQ3JDQ3NyIsInRpbWUtZG9tSW50ZXJhY3RpdmUkNyQxNzY3IiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDckMCIsIm5hdmlnYXRpb24tdHlwZSQ3JG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDE1JDIuMTE1IiwiZ2xvYmFscyQxNSQzZGIyMzA4NCIsImRvY3VtZW50LXRpbWUkMjEkMS4zNTUiLCJkb2N1bWVudCQyMSRiNDJlNjFlMyIsImNvbm5lY3Rpb24kMjEkIiwiZG93bmxpbmtNYXgkMjEkIiwiZ2V0VXNlck1lZGlhJDIxJDIiLCJjbG9jayQyNyQyMjUwIiwiZnJhbWVyYXRlJDE2MyQyMCIsInBlcm1pc3Npb24tZ2VvbG9jYXRpb24kMTY4JHByb21wdCIsImJhdHRlcnkkMTY4JDEgMSAwIEluZmluaXR5IiwiYXVkaW9jb250ZXh0JDE2OSRmN2U3MTJkOSIsImludGVyc2VjdGlvbi1zaXplJDE2OSQxNjAweDEyMDAiLCJpbnRlcnNlY3Rpb24kMTY5JDQ1Iiwic29ydCQyMjEkMjEuOTg1IiwicGVybWlzc2lvbi1ub3RpZmljYXRpb25zJDIyMSRwcm9tcHQiLCJwZXJtaXNzaW9uLWNhbWVyYSQyMjEkcHJvbXB0IiwicGVybWlzc2lvbi1taWNyb3Bob25lJDIyMSRwcm9tcHQiLCJwZXJtaXNzaW9uLXBlcnNpc3RlbnQtc3RvcmFnZSQyMjEkcHJvbXB0IiwiYWRibG9jayQyMjckMA HTTP 302
https://api-54-218-89-177.b2c.com:444/api/4?uq7FkOu8ocIJW0dw

125 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/ 84 KB
19 KB 474ms
447ms Document
text/html 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

f97198b77ce6aac255300df17268bb253b8b5827df2407d8a8743f0531ed1918

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

:method: GET
:authority: www.scmagazine.com
:scheme: https
:path: /home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 30 Oct 2020 15:44:13 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d4e3c10ce1b2c0d521e12976facbab7481604072652; expires=Sun, 29-Nov-20 15:44:12 GMT; path=/; domain=.scmagazine.com; HttpOnly; SameSite=Lax; Secure
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie,X-WPENGINE-SEGMENT
x-frame-options: SAMEORIGIN SAMEORIGIN
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/" <https://www.scmagazine.com/?p=106972>; rel=shortlink
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 1
x-cache-group: normal
cf-cache-status: DYNAMIC
cf-request-id: 061bc7582f00002b7dad3e0000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wlv1vfWkk5g9CFpuFaMrWF86Atx%2BoI2cwpEOtB3UqWKdtE0ysP%2FGCXLsF4xNFnU1eJgCxNatpF%2BNbFuaWnGBHVr5d0JVMtiAq4Ue96QvJkNIGjJcn39MfeDTbU3JzXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5ea641a049672b7d-FRA
content-encoding: br

GET
H2 200 style.min.css
www.scmagazine.com/wp-includes/css/dist/block-library/ 52 KB
7 KB 21ms
17ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4444285
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759eb00002b7da80ef000000001
last-modified: Fri, 24 Apr 2020 15:32:14 GMT
server: cloudflare
etag: W/"5ea3067e-d159"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kNQfj29VjnCZLPZ071F5AnSPSiR%2F9bkqT03fJzHJGu9ul93lBogUO9cuMWXV0SDWrAoQNbHTu1NszC4COZYKgd806XTI3HU5Qv23f80E%2FqBQKs65y5KI3tLsiw6kRk4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a309532b7d-FRA

GET
H2 200 shared-style.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 47 KB
6 KB 24ms
21ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/shared-style.min.css?ver=1596173836

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a716b26ff515ccfb6f33b4b06b82c9587674938c5994d81e261ef41907d57529

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6876814
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759ea00002b7d8a84c000000001
last-modified: Fri, 31 Jul 2020 05:37:16 GMT
server: cloudflare
etag: W/"5f23ae0c-bdba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P9Z9I6IysMkmL0lx75aQ1VJ9ANxNfvn3%2FBxdNzS2yYe3SDpNdudTNYsn2Pu%2BEikqbAQ%2FOxPu5YwAeuAN3dDqTQWvzWwEmtVg1mXdvqKK75sSW%2FnE%2F0c9wjN2NUjUmdo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a3095a2b7d-FRA

GET
H/1.1 200 olytics.css
olytics.omeda.com/olytics/css/v3/p/ 28 KB
3 KB 841ms
140ms Stylesheet
text/css 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/css/v3/p/olytics.css?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

c9729d6e62c9df65567bbcd5b1b8353617b67d36c4c3d6d7a97e0a092a2872e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Jul 2020 16:03:22 GMT
Server: Apache
ETag: W/"28537-1595606602000"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Transfer-Encoding: chunked
Accept-Ranges: bytes
vary: accept-encoding
X-XSS-Protection: 1; mode=block
Expires: Fri, 30 Oct 2020 21:44:14 GMT

GET
H2 200 style.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 273 KB
32 KB 22ms
19ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1603981760

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c20686f220dbdb4e1c33d0205efd662a266438dff9cf87e319604616c467121

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 89970
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759ea00002b7dd689d000000001
last-modified: Thu, 29 Oct 2020 14:29:20 GMT
server: cloudflare
etag: W/"5f9ad1c0-4451d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bqaJAh3NWaFC2Q4zWEczXR4wIYmF1Fr%2BtoxUucJRfiNrT5GsnWStj3NRs10dD5vOkL54hk002YRfU6fUKvKIk6K%2B0stXBPuUGkmB6ziljYM4vvBl%2Fb5DFilGmwVR3%2BE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a3095e2b7d-FRA

GET
H2 200 css
fonts.googleapis.com/ 3 KB
627 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c14a94a28817f61a07c64ad2431d29662763ae0237fb0317d4aeede78e5d24b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 30 Oct 2020 15:03:52 GMT
server: ESF
date: Fri, 30 Oct 2020 15:44:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Oct 2020 15:44:13 GMT

GET
H2 200 lytics.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 37 KB
3 KB 17ms
14ms Stylesheet
text/css 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/lytics.min.css?ver=1576575436

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4444285
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759ea00002b7dd3a17000000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-95f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vvukfo%2Bb9AykEklHYjz6jj6gFMab%2BvPgjvLiru7ng2OaCx7eELtzZyFpDYMPjwExqm4u9a3ecfUO2%2BOBF0Q8DbHQlCLdfPOErDU07K87paO4JlenQ4yxe%2F2HwspjBK0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a319632b7d-FRA

GET
H2 200 css
fonts.googleapis.com/ 827 B
468 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Bree+Serif&ver=0.1.1

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7385bc83ced10d8f10ccbc3c714a0e3e44fad6aca40c8c007b5f84af5f9120

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 30 Oct 2020 15:30:26 GMT
server: ESF
date: Fri, 30 Oct 2020 15:44:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Oct 2020 15:44:13 GMT

GET
H2 200 jquery.js Show response
www.scmagazine.com/wp-includes/js/jquery/ 95 KB
32 KB 24ms
22ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 13624697
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759eb00002b7dcaaab000000001
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GJxbQSNPon6AgvdzSvSNIhe3a5unIN%2FeLzRD50mj5q2UfL0mnoU6mBjwoXrAUG4ncogGt6FA%2BQd42d2emXLSJ3zCeqE5APVSGajgrfVhf4L8D5EojaF6xzrjZNl3OHA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a319662b7d-FRA

GET
H2 200 jquery-migrate.min.js Show response
www.scmagazine.com/wp-includes/js/jquery/ 10 KB
4 KB 19ms
17ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17560121
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759eb00002b7d8c39c000000001
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: cloudflare
etag: W/"573eaa90-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Cc4yPgKX83Wn976rpVTgwIGZGCr5Ix4gfcgF%2BxLd0q5THbijb%2FJ9ntDh7j%2Ba2iuAqbE5eL83V6PmcAiZ72S1b3sfzmAhQPAcI1g7q%2Fcwby%2B1o1a%2B6ZIeAg7kPgvaM4w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a319692b7d-FRA

GET
H2 200 cookie.min.js Show response
www.scmagazine.com/wp-content/mu-plugins/cookie-controller/js/ 2 KB
1 KB 27ms
25ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/mu-plugins/cookie-controller/js/cookie.min.js?ver=1.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17560121
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759eb00002b7dad00b000000001
last-modified: Tue, 17 Dec 2019 09:37:13 GMT
server: cloudflare
etag: W/"5df8a1c9-834"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tTCQ8JOw3NYYrWE7tT28oR9A5ai76dFMESMx5%2FTYIirq7RgoVbqPl21%2FtG2WAmYFfqfmV0iIi2kmtZ9AzOnd1e5AwrRm14JLWToseDpnmzENN5swelmxGU2LEXL%2FWxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a3196a2b7d-FRA

GET
H2 200 hm-olytics-beacon.js Show response
www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/ 1 KB
783 B 18ms
16ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17560121
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759eb00002b7de238c000000001
last-modified: Tue, 17 Dec 2019 09:37:14 GMT
server: cloudflare
etag: W/"5df8a1ca-421"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SRYbD3Z%2B8K4RG2bE%2Bs9XTzeSxrgMgC%2B9ZIOnNp5QeArpL1aMOO4y8s9dqY1gWr461aGD5qDABQwIX7uINTLn091SJUtiloXxIjlB%2FkSK618z2CAnDsC8UvI6QC0CKYA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a3196b2b7d-FRA

GET
H2 200 UtilityMove-custom.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/ 2 KB
1 KB 18ms
16ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1576744511

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17560121
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759eb00002b7d8c9c3000000001
last-modified: Thu, 19 Dec 2019 08:35:11 GMT
server: cloudflare
etag: W/"5dfb363f-751"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=je%2FpC5qB1l88BMRUKUDnVrJOiyG0%2BBSyvag2AFBb8Fkj60Ne3pHhLbdy6kD4fwdElKBXz4b5SpV8ExFC5HtpUJlzMalVs%2BhV%2Bor5%2F6V3ZgKqbwiCGQ%2F6cuFHtWUeGEg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a3196f2b7d-FRA

GET
H2 200 polyfill.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/assets/js/frontend/ 102 KB
33 KB 29ms
28ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/js/frontend/polyfill.min.js?ver=1576575436

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17560121
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759ec00002b7d9bbb8000000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-19873"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=r35GkdhzsqJDAmZaIVHhOxeDq9uF3GXCQPwomG9ImTk0jooLydNs8jGjNLUzMuKv%2FD9Geaq9HcnTDldrvjojjp3jNgsEUDMk6CfIZ9ZO9rVZcdBWuEoiLsALY6anoU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a319712b7d-FRA

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 53 KB
18 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a352a536fca60ea189e87e14fedf938b32e79d2b677ef4ec24762829d3c105fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "678 / 701 of 1000 / last-modified: 1604056334"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17895
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:13 GMT

GET
H2 200 head.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 43 KB
12 KB 22ms
21ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/head.min.js?ver=1602013507

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a9bcb1cc2cb1d0cf031ef290b4df3594eb3e4486db13dfcf1f74c3e2a3e7460

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2058864
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc759ec00002b7dd0832000000001
last-modified: Tue, 06 Oct 2020 19:45:07 GMT
server: cloudflare
etag: W/"5f7cc943-ac71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gOgH%2Fixqtj5C1PzJ3tQSVD%2BLg%2BEeHq7tz1fjfZnDMO5hprf4Hcr21j%2F%2B7pvOs8wBd5YQ1OnSkC3CFPFJMjiiY6ampMLcQvCjCNqJIfhGAThyyMVgA%2BQ5JX4swJhC2jY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a319732b7d-FRA

GET
H2 200 SC-MEDIACYBERSOURCEnotag.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/01/ 138 KB
138 KB 19ms
19ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/01/SC-MEDIACYBERSOURCEnotag.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad6110f575081c4de945f980ccf2e045737f164ad2a3d294daffd192f7a5c914

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 16370747
status: 200
vary: Accept-Encoding
content-length: 141243
cf-request-id: 061bc75bba00002b7dbf0db000000001
last-modified: Tue, 21 Jan 2020 20:09:10 GMT
server: cloudflare
etag: "5e275a66-227bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WeyxiTAXXOg00AiqLD6seu2lvfyp3mfeq%2BvdbxaLUyI3PGP91rpKyZV6e8XHb%2FR0CSOoNZsb6wLYmMAOJbJuPqjBGCr6mvgnfi9d%2BEb6KxtoDRwNgGXx9Q%2FgT%2FXzUS0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a5fa0f2b7d-FRA
cf-bgj: h2pri

GET
H2 200 /
secure.gravatar.com/avatar/ 1 KB
2 KB 22ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/?s=96&d=mm&r=g
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 148b35f5e5d3dd37d6fc44caa577d6b478b0a62bb1200439d1f77e21f9c88c64

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT fra 1
date: Fri, 30 Oct 2020 15:44:13 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="none.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/?s=96&d=mm&r=g>; rel="canonical"
content-length: 1528
expires: Fri, 30 Oct 2020 15:49:13 GMT

GET
H2 200 GettyImages-630047974-1024x683.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/08/ 106 KB
106 KB 16ms
16ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/08/GettyImages-630047974-1024x683.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcc6f3e870333d7408f543f7085b40b8aa8a1ea7ef0aa36f39724bcd8bdaf390

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 72142
status: 200
vary: Accept-Encoding
content-length: 108268
cf-request-id: 061bc75be100002b7dff2ac000000001
last-modified: Thu, 27 Aug 2020 17:45:18 GMT
server: cloudflare
etag: "5f47f12e-1a6ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0uTgsNMmbHoIIeL9gkhdEyGk6v6KxwV%2BnDtpTQ6LtsYw3GbgxtFFNgc1mLXXgsuzNx8wLB%2BAQCmC1rBaPHtrxjE5kvQpWJrTdbL1qiFECo7jIHn%2FLuyvmEptD%2FR39%2Fw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a63a9e2b7d-FRA
cf-bgj: h2pri

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 150 KB
49 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

68982ee6196eb7359c0e994cf756b10ea98c02867ee595b560d11c1e48a39bde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49801
x-xss-protection: 0
last-modified: Fri, 30 Oct 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 30 Oct 2020 15:44:13 GMT

GET
H2 200 WIS_Category_NEW2.png
www.scmagazine.com/wp-content/uploads/sites/2/2020/10/ 137 KB
138 KB 13ms
13ms Image
image/png 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/10/WIS_Category_NEW2.png

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f04f44a1c1a74008ad1664376e41f8db356fb030ad0d757ad2141d36989d32f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 352765
status: 200
vary: Accept-Encoding
content-length: 140304
cf-request-id: 061bc75c0f00002b7dff2af000000001
last-modified: Fri, 23 Oct 2020 21:20:24 GMT
server: cloudflare
etag: "5f934918-22410"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XfCT9OmuYS9FAvyCMycaTEYXYU7H%2FkCi5UFBdPsvUlwPSskUTX2EHBbVD7I2ALRR0T%2Bldfz9TLGWrvqhZXsMnQeLX2lproWHKAGNGYwBejo0eEIo808zeRlhJjRDtJE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a67b3f2b7d-FRA

GET
H2 200 WIS_Category_NEW3.png
www.scmagazine.com/wp-content/uploads/sites/2/2020/10/ 135 KB
136 KB 67ms
67ms Image
image/png 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/10/WIS_Category_NEW3.png

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dd35cc2be90cf39853f9f8268016be1cac7f7c69d0aa73352febe5a95b14edd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 352765
status: 200
vary: Accept-Encoding
content-length: 138407
cf-request-id: 061bc75c2a00002b7da812f000000001
last-modified: Fri, 23 Oct 2020 21:20:21 GMT
server: cloudflare
etag: "5f934915-21ca7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Nq9bq3OtiaT2aHKmUK7mVJno5kyQS0lxYPol70Bc%2B6lu6skK62iv2DAOe4UvAr7yDfI52ElOMyrzT4y2xEQ0B4hVHy5GjfpQ1AhmzusNZPpHiEJ0I1cnit2VQvQPPLU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a6ab9b2b7d-FRA

GET
H2 200 WIS_Category_NEW4.png
www.scmagazine.com/wp-content/uploads/sites/2/2020/10/ 103 KB
103 KB 21ms
21ms Image
image/png 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/10/WIS_Category_NEW4.png

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

317f4c187a4fdc4dfc565ce4e2b61e8b4ad207e8ea7b2554d548d86a0c593ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 352765
status: 200
vary: Accept-Encoding
content-length: 105335
cf-request-id: 061bc75c6c00002b7db08b7000000001
last-modified: Fri, 23 Oct 2020 21:20:19 GMT
server: cloudflare
etag: "5f934913-19b77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PWByKUxfewKfYxP9dqszOg2DqRA2Pj7YCJCaB0qkYRifSPK5VYjRych0ZTaXK5GYZLci37Q8ePmmAwVyB%2BBAn8gPiBU%2FTzYbQjWrCIX2ZzrUvg9%2F%2FyWs6KvcjLW6j1I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a71c842b7d-FRA

GET
H2 200 WIS_Category.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/10/ 31 KB
32 KB 21ms
21ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/10/WIS_Category.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64beb09ad8948686bfee71d88ea70da6a78d9c29eadf0253f8c9756ddcfb2539

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 343161
status: 200
vary: Accept-Encoding
content-length: 32071
cf-request-id: 061bc75c8500002b7db08ba000000001
last-modified: Fri, 23 Oct 2020 19:45:05 GMT
server: cloudflare
etag: "5f9332c1-7d47"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S17tLBYfcYslFzvKwsGfFjn%2FalH%2FJrCr7p0E%2F%2BoI573DvhRIwyTKTE8086ATskDmX5ouSDeeVFejfNupKFtdfni1IrA5s%2BAOUDci5BgE9UHvE%2Bi7EWoEuJ8yXI6QTgU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a73cf02b7d-FRA
cf-bgj: h2pri

GET
H2 200 spinner.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/ 694 B
758 B 18ms
18ms Image
image/svg+xml 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/spinner.svg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17562987
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75c9c00002b7df2a7f000000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-2b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jt3ehrYp7bcDSvR3RMu%2BqPq3wwvV9h0dPJ5cdPw8YwWEXqN%2FDxy4IxmX%2FZzJhwuZfC%2FUa39ZREqM7hNMJsI5kX5rFTv%2FN35PEwUU4iweNREn3y0OlKFkXD9nTdq4%2BNw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a75d482b7d-FRA
cf-bgj: h2pri

GET
H2 200 email-decode.min.js Show response
www.scmagazine.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
vary: Accept-Encoding
cf-request-id: 061bc75a1200002b7de839a000000001
last-modified: Tue, 27 Oct 2020 17:31:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f985973-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hoY%2BLf3hV1%2F73gscLgW4x4vAoJ5d8JaISLyTt6TaEBduKqrgPtjhf%2BCoQnnl3ww5FN3YnkI8kOkuIqRgPP9bJ3B72iNdcAEflZAUGVCM78HnhmcioRzc8jLO3AwVQyM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 5ea641a34a1c2b7d-FRA
expires: Sun, 01 Nov 2020 15:44:13 GMT

GET
H2 200 Kaspersky_getty-scaled-e1598303018659-150x150.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2020/08/ 10 KB
10 KB 312ms
312ms Image
image/jpeg 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/uploads/sites/2/2020/08/Kaspersky_getty-scaled-e1598303018659-150x150.jpg

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7977b4e4f640b8099f1f05d09b568d190977386a69173baef976892ea52eadd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
vary: Accept-Encoding
content-length: 9890
cf-request-id: 061bc75caf00002b7dc4227000000001
last-modified: Mon, 24 Aug 2020 21:03:38 GMT
server: cloudflare
etag: "5f442b2a-26a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BstGB0zJzuHzV%2BRpFDmpK%2B0wjjd8x0ZC3rx71qvpfVuK5g%2FZUnQefEGp2Oj7%2BOoIQ8m8n7NWcj8IXsiZYheh4Cz8EsqqY%2FTSnomyXHb6xm%2BHWRVFLkqeTQRMgJ0w8wg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641a77d852b7d-FRA

GET
H2 200 2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js Show response
content.maropost.com/uploads/1325/websites/1/ 3 KB
3 KB 97ms
28ms Script
text/plain 2600:9000:20d7:b000:a:1779:3180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.maropost.com/uploads/1325/websites/1/2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js?ver=1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:b000:a:1779:3180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 13:55:20 GMT
via: 1.1 2285d262a6b5edcf46f904cd07877cdd.cloudfront.net (CloudFront)
last-modified: Thu, 13 Dec 2018 20:46:06 GMT
server: AmazonS3
age: 6535
etag: "33bca5680760348835deea8e5dcbdb62"
x-cache: Hit from cloudfront
status: 200
x-amz-cf-pop: ZAG50-C1
accept-ranges: bytes
content-length: 2565
x-amz-cf-id: BONs15HGD1emLb0Ssg7EatG8FQoUYcNwaA69D7GmhRL2Zoidvfnw3Q==

GET
H2 200 blocks.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 7 KB
3 KB 12ms
12ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/blocks.min.js?ver=1602013507

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b421ab18e7ddb3cce7b3aab8d1e0eee05e60d080aef800c2cfd3b8e1d0a32971

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2058864
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75a1b00002b7da50b9000000001
last-modified: Tue, 06 Oct 2020 19:45:07 GMT
server: cloudflare
etag: W/"5f7cc943-1b54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oI3fMTcAKrX0taCO8M2ftrgIn9vuoiGQ0PEAO3j6ulgZucGV2O9Fiz%2ByRJKjhcElXMaXADjSSmLe%2FVpQKWiYxTYgJTbsehJyEmoiisK45eVMxfu7TrefUanppURfem8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a35a432b7d-FRA

GET
H2 200 feather-tool.js Show response
www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/ 548 B
628 B 23ms
20ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579a9beff0c400b8b0e87f99d32c3ec8b2b3232232d6ac63438434a0a0d7a8b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17560122
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75e1900002b7dac925000000001
last-modified: Tue, 17 Dec 2019 09:37:14 GMT
server: cloudflare
etag: W/"5df8a1ca-224"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fZvPFvzBHm2yU%2BJ1IfOUXRUXkrIcU2uTtUL%2FQvjGamffWdOhK7nrmvKEiw55%2F%2FhmVzUhLwrmkixHM0F7Jwv%2FylAg8K7b5NfDZc7xpfFSPmYmSoq7NFgoBy3C8XG8POc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a9cb4c2b7d-FRA

GET
H2 200 hm-olytics-page-tag.js Show response
www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/ 103 B
452 B 22ms
19ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-page-tag.js?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4444285
status: 200
vary: Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75e1900002b7db6a42000000001
last-modified: Tue, 17 Dec 2019 09:37:14 GMT
server: cloudflare
etag: W/"5df8a1ca-67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TgLymkPFWGuv2hUA7AXEN4sFhBL7QpBO2tHzUnPDfHkVElbrPJkuQaoYQtP5vKYKJ16%2BQso8oDYTJg6bhkQ5%2FpbGIW52a%2B0xGWaySZ8VlTgjZqE9JqEXcCIaZODad9Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a9cb512b7d-FRA

GET
H/1.1 200
OK hmi-registration-ui.manifest.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 870 B
1 KB 552ms
150ms Script
application/javascript 52.216.139.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.manifest.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.139.5 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 5e8095cad5b71456e02e88835892814dba44009f6403b5a84416db008e5d357f

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
Last-Modified: Tue, 11 Aug 2020 02:56:01 GMT
Server: AmazonS3
x-amz-request-id: 9C825206F08F3E7B
ETag: "da9d29c4843b0bac5dd6ef34da93b22e"
Content-Type: application/javascript
x-amz-version-id: lBVwAglHDmp6fLxZy4fz12pXZDZUxHyZ
Accept-Ranges: bytes
Content-Length: 870
x-amz-id-2: Y9OYmDQX7a4VyHip7N9SPihfTCByjhWOH0KcBu6cFN07jUexuSVRPjvLkAV8iOiG11EMlD4EO6g=

GET
H/1.1 200
OK hmi-registration-ui.vendor.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 357 KB
357 KB 552ms
151ms Script
application/javascript 52.216.139.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.vendor.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.139.5 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 8e1c678764d16a66f783dfd8bee93916cf2b055635cef0362bc0640b610df5b5

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
Last-Modified: Tue, 11 Aug 2020 02:56:01 GMT
Server: AmazonS3
x-amz-request-id: 8830103EC817D419
ETag: "3d50e45eac853d7ff5898c6e8355f1cb"
Content-Type: application/javascript
x-amz-version-id: wulLLPFCPRcEdDRYL1_1QW.A2D.Je67N
Accept-Ranges: bytes
Content-Length: 365126
x-amz-id-2: JFHfDIaPFVkY8ENYkcIukJmy7wLydZFqcWFs3tihZ0vasITiVwIQhwHglaA7kZgF+9UHVZJ84zo=

GET
H/1.1 200
OK hmi-registration-ui.bundle.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 1 MB
1 MB 558ms
156ms Script
application/javascript 52.216.139.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.bundle.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.139.5 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f8c3bc6b4612e018296f32dec014b0e8d4c8ef0c7ff449f26a28b641d3497da1

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
Last-Modified: Tue, 11 Aug 2020 02:56:01 GMT
Server: AmazonS3
x-amz-request-id: 486EC66B96741345
ETag: "7f48d5418252c54a9baf9ce1a74980be"
Content-Type: application/javascript
x-amz-version-id: P5VRJucwn2qmvNWevdaMGPbAlXCLHFuw
Accept-Ranges: bytes
Content-Length: 1322506
x-amz-id-2: JLuPNlDGLArYL1IWWnKzvGITZPQZ21wAZBtO4GVkGWrnUTVaZ4cL79kUL+W7hI3vGp+DhPh4rbg=

GET
H2 200 frontend.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 139 KB
34 KB 36ms
36ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1602013507

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d92ccaf2a33b612e982428c2367bbb80f08656fe342b004583b39a6dc74191fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2058863
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75a2900002b7dc6a32000000001
last-modified: Tue, 06 Oct 2020 19:45:07 GMT
server: cloudflare
etag: W/"5f7cc943-22b01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gBYAlp94BbcUEsqyfEUVpozSVWirybFspfs1rhifUMc%2BjOgQcr2H0dhA8A8%2B8v8O3tz9l6rDRCipQOT9yCNCGMTHSIVM0EyixBFlXr86JO9SNWEWxq62fQgijfQlfrg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a37a8a2b7d-FRA

GET
H2 200 iab.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 8 KB
2 KB 14ms
14ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1602013507

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d0b1a9de0c9552e3fa4072ae4007a3a98a1855fc2736dd46dacaf121441eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2058863
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75b7c00002b7df5b0d000000001
last-modified: Tue, 06 Oct 2020 19:45:07 GMT
server: cloudflare
etag: W/"5f7cc943-1ecd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uUx8wrAwX3fcgtiEG2YftEU%2BigIed69KYf0HKJwUQxWz5LeGuJdYTLRfVehWk68ENG1L5pOE9vUnGhhEzXeg4GAoM8zij5bZFKerp562v5vsCEmQPpRuEoQ0v5s3gWM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a5990d2b7d-FRA

GET
H2 200 wp-embed.min.js Show response
www.scmagazine.com/wp-includes/js/ 1 KB
1007 B 19ms
18ms Script
application/javascript 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-includes/js/wp-embed.min.js?ver=5.4.2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11786880
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75b9000002b7df883e000000001
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: cloudflare
etag: W/"5db39083-59a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JZKszHfZZ1LsRePK9Bg4qJzjw2xQSioBBNXez56dETcLVGOGc9Je092JuaDA774cScAI461q4dnNAjoKeM9crKK%2Fbhre%2F%2FSHrFNSXdvZfxjdcSFBSTjFzOCeDl%2BdL5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a5a9572b7d-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 6889
date: Fri, 30 Oct 2020 13:49:25 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 30 Oct 2020 15:49:25 GMT

GET
H2 410 7341.js
script.crazyegg.com/pages/scripts/0034/ 0
0 48ms
31ms Script
application/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0034/7341.js?445576
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
cf-cache-status: HIT
last-modified: Fri, 30 Oct 2020 12:41:14 GMT
server: cloudflare
age: 10980
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 410
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 5ea641a9db313248-FRA
content-length: 0
cf-request-id: 061bc75e2a000032484282f000000001

GET
H/1.1 200 olytics.min.js Show response
olytics.omeda.com/olytics/js/v3/p/ 278 KB
76 KB 147ms
145ms Script
application/javascript 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

fefbf917f09dacfc59fdcd21a8c4599e89349a705afebcd83e677e1faf1498d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Oct 2020 16:18:56 GMT
Server: Apache
ETag: W/"284287-1602173936000"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=21600
Transfer-Encoding: chunked
Accept-Ranges: bytes
vary: accept-encoding
X-XSS-Protection: 1; mode=block
Expires: Fri, 30 Oct 2020 21:44:14 GMT

GET
H2 200 src.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/ 33 KB
9 KB 22ms
20ms Other
image/svg+xml 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4444285
status: 200
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
cf-request-id: 061bc75e1900002b7dc22e2000000001
last-modified: Tue, 17 Dec 2019 09:37:16 GMT
server: cloudflare
etag: W/"5df8a1cc-8317"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RimjMaDF%2Bh%2FbojU4C05MItACRPe7MhY%2BjmjM67k7Knx%2BKHd1TXKGy%2BrFvuOFXXDMrR%2BhAiIdrQJ%2Bnuemz7uoYAMrcAP4ng8WkcXOVV1S2TfRwzFRgJFvM7uXofmqBB0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 5ea641a9cb532b7d-FRA

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.scmagazine.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 11:20:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:59 GMT
server: sffe
age: 15817
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
expires: Sat, 30 Oct 2021 11:20:37 GMT

GET
H2 200 pubads_impl_2020102901.js Show response
securepubads.g.doubleclick.net/gpt/ 273 KB
96 KB 75ms
74ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

2f61e74f8dfd64debe6c2f8272986e4bc0c1d83f115d2a44c3f601d0e2f39ca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 29 Oct 2020 08:43:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98487
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:14 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v17/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.scmagazine.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 29 Oct 2020 04:50:44 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:25 GMT
server: sffe
age: 125610
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14176
x-xss-protection: 0
expires: Fri, 29 Oct 2021 04:50:44 GMT

GET
H3-Q050 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v17/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.scmagazine.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 28 Oct 2020 14:56:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:59 GMT
server: sffe
age: 175657
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14864
x-xss-protection: 0
expires: Thu, 28 Oct 2021 14:56:37 GMT

GET
H2 200 list-red-circle.png
www.scmagazine.com/wp-content/themes/haymarket/assets/images/src/ 172 B
516 B 16ms
15ms Image
image/png 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.scmagazine.com/wp-content/themes/haymarket/assets/images/src/list-red-circle.png

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1603981760

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0be7154007bc03ccee72d7901b8591d4fd26ba6a7ec0c3db435b0089506cc867

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1603981760
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2058476
status: 200
vary: Accept-Encoding
content-length: 172
cf-request-id: 061bc75e6e00002b7d9422f000000001
last-modified: Tue, 06 Oct 2020 19:45:07 GMT
server: cloudflare
etag: "5f7cc943-ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0LvZC%2FG66mHh174WV7ibmuvAWgcBBeq7NYc%2BDSlzTgQ%2FRWbU%2FQHroziBZXy9ttf4sTfCZu3HsIXrrN9UeUplMVFEsvh49NtLKsaKpnb7ANUaRWfJVUPYUO4fG7xnCl8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ea641aa4ccc2b7d-FRA

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 202ms
66ms Script
application/x-javascript 65.9.19.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.19.119 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 29 Oct 2020 18:07:54 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 77781
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 98e6142a124268fae259e9413f391903.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: ZAG50-C1
X-Amz-Cf-Id: 6FHU_-fuL1yYrEbgtbXYC9ImyG4VK44WVzegHkJyzWwsEe9SguZKog==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 15ms
14ms Script
application/x-javascript 2a02:26f0:eb:39c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:39c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:14 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=28986
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H/1.1

200
OK

embed-uq7FkOu8ocIJW0dw.js Show response
api-54-218-89-177.b2c.com/api/
Redirect Chain

https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js
https://api-54-218-89-177.b2c.com/api/embed-uq7FkOu8ocIJW0dw.js

12 KB
5 KB

510ms
170ms

Script
text/javascript

2600:1f14:e96:5802:f22c:13d5:fce0:daa1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-218-89-177.b2c.com/api/embed-uq7FkOu8ocIJW0dw.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:f22c:13d5:fce0:daa1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 3e716b9965d602a7f29c08ad5c3f022a684ec00aa4b2818f12eb488c855d6dc9

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Oct 2020 15:44:15 GMT
Content-Encoding: gzip
Server: openresty
Transfer-Encoding: chunked
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: -1

Redirect headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:14 GMT
server: openresty
status: 307
content-type: text/html; charset=utf-8
location: //api-54-218-89-177.b2c.com/api/embed-uq7FkOu8ocIJW0dw.js
cache-control: no-cache, no-store, must-revalidate
content-length: 168
expires: -1

GET
H/1.1 200
OK dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js Show response
s.dpmsrv.com/ 108 KB
38 KB 219ms
109ms Script
application/x-javascript 143.204.89.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dpmsrv.com/dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.89.59 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-89-59.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0e1496a92d5756e5d4da2993d5bf9af1d22fdf9afef1a830b044f9bee4bbc0e

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 05:15:42 GMT
Content-Encoding: gzip
Last-Modified: Tue, 20 Oct 2020 14:40:15 GMT
Server: AmazonS3
Age: 37713
ETag: "f646e62f3bcaac64b7fc46d6b66c0ed9"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 38263
X-Amz-Cf-Id: TSN-ecI9pf6JsIUXvVfDyNk8Qc_-eRVKzhCzHhspx8-YZjWKuppbtQ==

GET
H2 200 lio.js Show response
c.lytics.io/api/tag// 40 B
669 B 54ms
24ms Script
application/javascript 2606:4700:20::681a:216
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/tag//lio.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1602013507
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 33
status: 200
content-encoding: br
cf-request-id: 061bc75f01000063b9542bd000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=34iQ5Xe910A1k%2Fzb4v4qGXkXvJr8TWOZLHxu2KodlJ58aszkIlonCqbJqk2GI9Icw%2FHK%2FZ8Eaul%2FE%2Fn91kgHe117bkHgFb1A%2FLpZTDqRyAVvmXnPuKxISg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7200
cf-ray: 5ea641ab3ac063b9-FRA

GET
H2 200 most-widget Show response
www.scmagazine.com/wp-json/haymarket/v1/ 5 KB
2 KB 312ms
310ms XHR
application/json 2606:4700:20::681a:3d7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-json/haymarket/v1/most-widget?id=most-5

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1602013507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:3d7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

a9acec177f962e74fbcc456f7a35383c3d2f46471ded3410366f96effb6d56d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: SHORT
x-powered-by: WP Engine
x-cache: HIT: 108
status: 200
strict-transport-security: max-age=15552000
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
cf-request-id: 061bc75ee800002b7d8ba1e000000001
x-cache-group: normal
access-control-allow-headers: Authorization, Content-Type
allow: GET
x-robots-tag: noindex
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=so5%2Fa6qvfKr6MK%2Fizon9GWn5%2BZoJgZ1e553sHBdHVMXDk7O8DOU42epqUmuOeRHt73W0%2FXe5z4cgN0sCdD25hIURwyhzPGpl%2FWi3n5muD0ceqxljngqylI1Uwqp2lX8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
cache-control: max-age=600, must-revalidate
cf-ray: 5ea641ab0e992b7d-FRA
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 boomerang.min.js Show response
cdn.feathr.co/js/ 114 KB
35 KB 73ms
45ms Script
application/javascript 2606:4700:3033::681c:60b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.feathr.co/js/boomerang.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681c:60b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 806c9975656fb05571e902f1154303c7b1553ae12444ca54da5b1a150007146c

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5670
status: 200
x-amz-request-id: CB7C53CB3D25A612
x-amz-id-2: mZmoaZSmgoWEDE7rw2TnzKHiOwqZWlCMBB5w0bGe2gcbVYKxaTjRJBI/ZBW84RruGzH4VNKC3ZA=
last-modified: Wed, 06 May 2020 17:47:20 GMT
server: cloudflare
etag: W/"360b036656090b581ae5d1ecb2572847"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=epvH%2FNQsvQPaOI1VcF8C2qIf%2F%2FOTaaR65obnZn6ZMDh%2Bmzh4yvY5li6Wc4hyo7gpG1jDyXrmAHFu5Me9ci1j6%2B4EYy3Yd8WVgT2XJcqXXA4gBg6uHYvRCiDn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-request-id: 061bc75f11000064553389e000000001
cf-ray: 5ea641ab4e256455-FRA

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:eb:39c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:39c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:14 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=63696
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 80 KB
32 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TCMLVLP&t=gtm2&cid=843163259.1604072655

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

66b1ed6ba37361b3980201fb5497295a800ac23ed60bc199e7007b9b6217244a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32294
x-xss-protection: 0
last-modified: Fri, 30 Oct 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 30 Oct 2020 15:44:14 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
832 B 39ms
19ms Script
application/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
246 B 16ms
16ms Script
application/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 417 B
254 B 155ms
100ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3408663934069352&correlator=222885729392702&output=ldjh&impl=fif&eid=21068404&vrg=2020102901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201030&iu_parts=21883553441%2CSkin&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1604072654&dt=1604072654631&dlt=1604072653281&idt=1316&frm=20&biw=1600&bih=1200&oid=3&adxs=200&adys=0&adks=1385187290&ucis=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=58&icsg=1125822769655871&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x2684&msz=1200x-1&ga_vid=843163259.1604072655&ga_sid=1604072655&ga_hid=1507223732&fws=516&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

6baddfd48fe0348bba0ee409eb7a73e697a1621849f81f33a97958a737d236fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
6b18cd5ce9bca36c0ae1fb0ed3ac7560.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 79ms
39ms Other
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://6b18cd5ce9bca36c0ae1fb0ed3ac7560.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 423 B
929 B 147ms
93ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3408663934069352&correlator=222885729392702&output=ldjh&impl=fif&eid=21068404&vrg=2020102901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201030&iu_parts=21883553441%2CPrestitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1604072654&dt=1604072654645&dlt=1604072653281&idt=1316&frm=20&biw=1600&bih=1200&oid=3&adxs=0&adys=2683&adks=1753008912&ucis=2&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=58&icsg=1125822769655871&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x2684&msz=1600x1&ga_vid=843163259.1604072655&ga_sid=1604072655&ga_hid=1507223732&fws=4&ohw=1600&btvi=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

d355938847d0ab535862a8040e6f4b200ef04a76ea6c72b3e10bd1442c2fd0db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain...

0
38 B

113ms
113ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1604072654696&liSync=true
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: ai01t5TPQhbgnpxutSoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: L6rOspTPQhaATDmzRCsAAA==
pragma: no-cache
x-li-pop: afd-prod-edc2
x-msedge-ref: Ref A: 4D21D8F2B256431C9EFBA52072140864 Ref B: FRAEDGE1415 Ref C: 2020-10-30T15:44:14Z
x-frame-options: sameorigin
date: Fri, 30 Oct 2020 15:44:14 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&time=1604072654696&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
45 B 13ms
13ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1507223732&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&ul=en-us&de=UTF-8&dt=Exclusive%3A%20Trojan%20apparently%20infects%20NCR%2C%20posing%20possible%20supply-chain%20risk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAAADQAAAAC~&jid=1894909502&gjid=1439374211&cid=843163259.1604072655&tid=UA-1290429-10&_gid=833616022.1604072655&_r=1&gtm=2wgal2MHZ6C39&cd1=106972%3A0&cd2=cybercrime%2Cmalware&cd3=Bradley%20Barth&cd4=75&cd5=post&cd6=News&cd7=&cd9=2020-08-27&cd10=1052&cd12=&cd14=&cd15=&z=1823337477

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrations Show response
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/ 31 B
363 B 425ms
135ms XHR
application/json 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/integrations

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

559382b44a7cb0b397c474fe76532f50b622824e15440784425d1f4a42a991de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:15 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 31

GET
H2 200 refresh
marco.feathr.co/v1/ 43 B
584 B 284ms
169ms Image
image/gif 13.225.73.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marco.feathr.co/v1/refresh
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-5.fra2.r.cloudfront.net
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amzn-requestid: 02ccee61-7e58-4863-9151-63d2f51e68de
status: 200
access-control-allow-methods: *
content-type: image/gif
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5f9c34ce-62c53ff11df7b9fc79bb6515;Sampled=0
x-cache: Miss from cloudfront
x-amz-apigw-id: VO0wWEwZoAMFXIQ=
content-length: 43
x-amz-cf-id: sh4o6l6WzNj5zk6aoEc5SJQcy7ME74fhCaknUwVGKwqWHDe7U6Mxjg==
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1290429-10&cid=843163259.1604072655&jid=1894909502&gjid=1439374211&_gid=833616022.1604072655&_u=aGDAAAACQAAAAC~&z=1433149408

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 30 Oct 2020 15:44:14 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D1122%26pixelIndex%3D0%26r%3D950579%26tzOffset%3D-60%26url%3Dhttps%253A%252F%252Fwww.scmagazine.co...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D1122%2526pixelIndex%253D0%2526r%253D950579%2526tzOffset%2...
https://a.dpmsrv.com/dpmpxl/index.php?id=5451297540399467628&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=950579&tzOffset=-60&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusiv...

242 B
994 B

555ms
134ms

Script
text/javascript

3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?id=5451297540399467628&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=950579&tzOffset=-60&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&_=1604072654746
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: 1f3d0b143e77c67dca2473e79a556806b0a456ad19355e22f57381b274e1480e

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 215
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 30 Oct 2020 15:44:14 GMT
X-Proxy-Origin: 194.99.105.99; 194.99.105.99; 690.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.136:80
AN-X-Request-Uuid: 15cb5144-6112-418a-a822-96ff564c0521
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://a.dpmsrv.com/dpmpxl/index.php?id=5451297540399467628&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=950579&tzOffset=-60&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&_=1604072654746
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 18ms
18ms Image
image/gif 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1290429-10&cid=843163259.1604072655&jid=1894909502&_u=aGDAAAACQAAAAC~&z=1535053751

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 17ms
17ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1290429-10&cid=843163259.1604072655&jid=1894909502&_u=aGDAAAACQAAAAC~&z=1535053751

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 39ms
21ms Fetch
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 13901147755974132599
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:14 GMT

OPTIONS
H/1.1 200 olytics
oqs.omeda.com/oqs/rest/ Frame 0
0 698ms
141ms Other
text/plain 204.180.130.165
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://oqs.omeda.com/oqs/rest/olytics

Protocol

HTTP/1.1

Server

204.180.130.165 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Max-Age: 600
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Access-Control-Request-Headers, Content-Type, Origin, Accept, Accept-Encoding, Accept-Language, HOST, User-Agent, Access-Control-Request-Method, Access-Control-Max-Age
Content-Type: text/plain
Content-Length: 0
Date: Fri, 30 Oct 2020 15:44:14 GMT
Server: Apache

POST
H/1.1 200 olytics Show response
oqs.omeda.com/oqs/rest/ 15 B
307 B 145ms
144ms XHR
application/json 204.180.130.165
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://oqs.omeda.com/oqs/rest/olytics

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.165 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

68330f6767efe4ea90f23cb4bb722810d19758395bc24f59c7c893c0d4ae69ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

HEAD
H3-Q050 200 gpt.js
www.googletagservices.com/tag/js/ 0
0 41ms
27ms Fetch
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "678 / 609 of 1000 / last-modified: 1604056334"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17895
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:14 GMT

GET
H2 200 script.js Show response
polo.feathr.co/v1/analytics/match/ 290 B
566 B 400ms
136ms Script
text/javascript 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/analytics/match/script.js?pk=feathr

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

377246b6dd158e127d1ab5bcc3a5837b31f493ed027e5719529ddf149fbbcaec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:15 GMT
content-encoding: gzip
server: nginx/1.17.8
status: 200
etag: W/"5f9c34cef594370008479132"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: no-cache, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

GET
H2 200 pixel.js Show response
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/ 32 B
398 B 399ms
135ms Script
text/javascript 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/pixel.js?pk=feathr

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:15 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=14400
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 32

GET
H/1.1

200
OK

index.php Show response
a.dpmsrv.com/dpmpxl/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=5451297540399467628&pixelIndex=0&_=1604072654747
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=5451297540399467628&pixelIndex=0&_=1604072654747&google_gid=CAESEAEBTFnQwqsmxv07L3SqigY&google_cver=1

0
598 B

133ms
132ms

Script
text/javascript

3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=5451297540399467628&pixelIndex=0&_=1604072654747&google_gid=CAESEAEBTFnQwqsmxv07L3SqigY&google_cver=1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 0
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:15 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=5451297540399467628&pixelIndex=0&_=1604072654747&google_gid=CAESEAEBTFnQwqsmxv07L3SqigY&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 423396.gif
idsync.rlcdn.com/ 0
42 B 54ms
53ms Image
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/423396.gif?partner_uid=5451297540399467628
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.207.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Fri, 30 Oct 2020 15:44:15 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK ad.gif
api-54-218-89-177.b2c.com/api/ 43 B
233 B 169ms
169ms Image
image/gif 2600:1f14:e96:5802:f22c:13d5:fce0:daa1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-54-218-89-177.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:f22c:13d5:fce0:daa1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

match
polo-v1.feathr.co/v1/analytics/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f9c34cef594370008479132&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5f9c34cef594370008479132&gdpr=0
https://polo-v1.feathr.co/v1/analytics/match?f_id=5f9c34cef594370008479132&ttd_id=6af606c4-478e-406e-bddd-25242979e065

43 B
402 B

154ms
134ms

Image
image/gif

54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://polo-v1.feathr.co/v1/analytics/match?f_id=5f9c34cef594370008479132&ttd_id=6af606c4-478e-406e-bddd-25242979e065

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:16 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0,no-cache,no-store
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 43

Redirect headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:16 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://polo-v1.feathr.co/v1/analytics/match?f_id=5f9c34cef594370008479132&ttd_id=6af606c4-478e-406e-bddd-25242979e065
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H2 200 crumb
polo.feathr.co/v1/analytics/ 43 B
402 B 146ms
146ms Image
image/gif 54.144.112.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://polo.feathr.co/v1/analytics/crumb?cb=1604072655762&a_id=5c2d2a2366bba411c7d26e37&f_id=5f9c34cef594370008479132&ses_id=5f9c34ce512a12d82738f8ba&flvr=page_view&loc_url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&s_w=1600&s_h=1200&b_w=1600&b_h=1200&cust_params=e30=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.144.112.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-144-112-83.compute-1.amazonaws.com

Software

nginx/1.17.8 /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:15 GMT
server: nginx/1.17.8
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0,no-cache,no-store
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 43

GET
H/1.1 200
OK index.php Show response
a.dpmsrv.com/dpmpxl/ 5 B
1 KB 133ms
133ms Script
text/javascript 3.229.100.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.dpmsrv.com/dpmpxl/index.php?q=xSeg&v=1.x&ep%5Bids%5D=20986004&cl=1122&pixelIndex=0&r=983714&tzOffset=-60&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&id=5451297540399467628&_=1604072654748
Requested by: Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.229.100.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-229-100-58.compute-1.amazonaws.com
Software: /
Resource Hash: fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
content-encoding: gzip
Access-Control-Max-Age: 10
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Access-Control-Allow-Headers: content-type, accept
Content-Length: 31
Expires: 0

GET
H/1.1 200
OK seg
ib.adnxs.com/ 43 B
1 KB 47ms
47ms Image
image/gif 37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/seg?member=%env(APPNEXUS_ID)&add=20986004

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Oct 2020 15:44:15 GMT
X-Proxy-Origin: 194.99.105.99; 194.99.105.99; 690.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.142:80
AN-X-Request-Uuid: 0f189cbf-6829-40fa-9c3f-692bda0df4c0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H/1.1 200 p
olytics.omeda.com/olytics/segments/ Frame 0
0 840ms
140ms Other 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/p
Protocol: HTTP/1.1
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Origin: *
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0
Date: Fri, 30 Oct 2020 15:44:15 GMT
Server: Apache

POST
H/1.1 200 p Show response
olytics.omeda.com/olytics/segments/ 20 B
313 B 161ms
160ms XHR
application/json 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/p

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

POST
H/1.1 200 / Show response
olytics.omeda.com/olytics/segments/form/check/ 20 B
313 B 146ms
146ms XHR
application/json 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/form/check/

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

POST
H/1.1 200 cswitch Show response
olytics.omeda.com/olytics/segments/ 20 B
313 B 151ms
150ms XHR
application/json 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/cswitch

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 30 Oct 2020 15:44:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

OPTIONS
H/1.1 200 /
olytics.omeda.com/olytics/segments/form/check/ Frame 0
0 848ms
144ms Other 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/form/check/
Protocol: HTTP/1.1
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Origin: *
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0
Date: Fri, 30 Oct 2020 15:44:15 GMT
Server: Apache

OPTIONS
H/1.1 200 cswitch
olytics.omeda.com/olytics/segments/ Frame 0
0 854ms
145ms Other 204.180.130.159
QTS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/cswitch
Protocol: HTTP/1.1
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Origin: *
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0
Date: Fri, 30 Oct 2020 15:44:15 GMT
Server: Apache

GET
H/1.1

200
OK

4 Show response
api-54-218-89-177.b2c.com/api/
Redirect Chain

https://api-54-218-89-177.b2c.com/api/x?uq7FkOu8ocIJW0dw$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL21hbHdhcmUvZXhjbHVzaXZlLXRyb2phbi1hcHBhcmVudGx5LWluZmVjdHMtbmNyLXBvc2lu...
https://api-54-218-89-177.b2c.com:444/api/4?uq7FkOu8ocIJW0dw

43 B
441 B

809ms
213ms

XHR
image/gif

54.218.89.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-218-89-177.b2c.com:444/api/4?uq7FkOu8ocIJW0dw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.89.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Oct 2020 15:44:17 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

Redirect headers

Date: Fri, 30 Oct 2020 15:44:16 GMT
Server: openresty
Location: https://api-54-218-89-177.b2c.com:444/api/4?uq7FkOu8ocIJW0dw
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 25ms
24ms XHR
application/json 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020102901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40c7f1e3bcc7ce1386869af80a42998c18361cfc3f9b48b662581af111c0cd5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6436
x-xss-protection: 0

GET
H2 200 up
insight.adsrvr.org/track/ Frame 4F84 0
0 209ms
75ms Document
text/html 52.17.148.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&upid=e4qkh98&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.148.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-148-237.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&upid=e4qkh98&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TDID=6af606c4-478e-406e-bddd-25242979e065; TDCPM=CAEYBSABKAIyCwjOxIK1rL3-OBAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
date: Fri, 30 Oct 2020 15:44:16 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
119 B 6ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1507223732&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&ul=en-us&de=UTF-8&dt=Exclusive%3A%20Trojan%20apparently%20infects%20NCR%2C%20posing%20possible%20supply-chain%20risk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&el=25%25&ev=25&_u=aGDAAAADQAAAAC~&jid=&gjid=&cid=843163259.1604072655&tid=UA-1290429-10&_gid=833616022.1604072655&gtm=2wgal2MHZ6C39&z=104775463

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 14:17:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5212
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 62ms
40ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:16 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 4BF7 0
0 40ms
24ms Document
text/html 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4867
date: Fri, 30 Oct 2020 15:19:57 GMT
expires: Sat, 30 Oct 2021 15:19:57 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1459
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
203 B 15ms
15ms Image
image/gif 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020102901&jk=3408663934069352&bg=!SkmlSWnNAAVp0lmVaVihcdUMBqbN8wIAAAB3UgAAABAKAZgM1et5dtpMUaDulzqsrb7XZWccn1SmBxC5km3sYMJpX9VJ1-owiVloumRwHfDYaXCBNhlLp-RI39rn-WPn8MPQIGwEUaBvcC1OYV_EwFPl5MUDzoWY4U6Tz_gsCs4q5Hm1RI-bP-JRBRr9KuzjpGIDFsxb4253S8Lz0o9urzrDMxYe0yDqCVITgQzNdkPyue_3OAU32Ytegqk3VN7ImtJa62rSDxtuDIC6gLVmMTaeGrQq0ZxwmDFSChq0NUPC_op1b1_SCtkK3Bnx0E-3QMQBSKlJZmFk0LiyYMtmkSxePZSTUPWylWHaaB5t1XAu0z5cRQA1rmJw8z_Zma4J8X2z5RMCv1nCZamPwNpni5fjQJD4v9gF7Bwap1727ySdFpLtUlAO3cSQwE51APa5NJXHgDlAVF0gHkkvYl6j2tDSc0-yWXd1BOhI_p-rukf3ZS1Gss71Q5XmVMzhYpr85tKxOGKbcI-utH-b_h7vok8SrfpwTKkMWdfbt8utl8pqaPYBoMrMmsizsA_JfC_A_tTtcSZ542wPe5yZAaspZKdOGdGf7cIFQDiguMkXvYctU7hEcf4fFvG0OnLt13HXY2s7nQ52KPArpu_9yT47qIT6RVnCV7YOZoEy8TPVxIAyxWupiHnv_4QOPqAk1wUabIBoEdd7f2O-0eMZ5pHMIWmUw6FeFj7UY-Uoam9oSoqlqzJJctU_7DyjKFpj7uPWD7PoMKlaK5dE2ZIAKEwtDYllM6jxzjtMmE51_7pCcwqhNc1fOrmYZ7LiirZ7Bx1IZHkn0BGzyqSy3CV9JvfZrh2D8Y8W45z3bgDAmEVBqjOrlNZoJQbayhpH92fsIJBa524v42V961DtFitH8zecZb0KRLZyw4NpAjSo-opNfmj1Ow2GSpxUaFrqdltiWSb6P9cVNy8B9rAcy-XMSlvTzgloFfAnAUvG_XmbJU82iLkIUU72UStvPz5dmsFPVNX_unvJDWh1CyCh_IyECPVr5wkPUJxjbFUlvr8pCjRwHwHoSAzXe8kIN7B4kQ0sxT9Cw7O2Ok7ttp3aMlBtC16L7WfU4th79nzIVG-37Imc1-FV8RLmrq8e1ZTRT-KNK8vPSitkXvsp2SxL

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
11 KB 93ms
93ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3408663934069352&correlator=222885729392702&output=ldjh&impl=fif&adsid=NT&eid=21068404&vrg=2020102901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201030&iu_parts=21883553441%2CLeaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dleaderboard1&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3D146f31512ea6235f-226f78c81ab900ae%3AT%3D1604072654%3AS%3DALNI_MaO3NTj1sP2alhkH8xjZVgZyyy0sA&bc=31&abxe=1&lmt=1604072656&dt=1604072656938&dlt=1604072653281&idt=1316&frm=20&biw=1600&bih=1200&oid=3&adxs=216&adys=170&adks=490734277&ucis=3&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=61&icsg=4502365365596223&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x106&msz=1168x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=843163259.1604072655&ga_sid=1604072655&ga_hid=1507223732&fws=4&ohw=1168&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e65869de87ae36bcf57bc3d7983c67fb9abfd8c9c4847a80f264eb657eb5ae75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11064
x-xss-protection: 0
google-lineitem-id: 5248479770
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138328613754
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5B4D 0
0 64ms
64ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst8DPE4JMeNNmlTlGGY9k9FSDq39eQ8x_DszfJVSoP6i13QP2bWkWuDJGpzaR1xUx1606EKqHVeuEYDxWBV_bxMua6fVWzj1NMNOZhZKSm4WsNWaATt61eCG57FYVxTsIPi4PjgjmsafMhR_R6ubCUuZTSNKsBrVrOXGVBJO83ziUa34ahSTLFmg2gtu3Xa9Lg1IXijGBD4eG8LCC_NyIQ0OobdDFWngjz9LyHgxzfjvkSnnyi9K-SFuwngS0Hps7tLQ9395Mw&sig=Cg0ArKJSzMgeqq-3r6BDEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:17 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/ Frame 5B4D 17 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b80b713d82dafe9d86ff2b83dd557f60cbf887ac76483df35a75e6479b59c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 07:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30314
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7216
x-xss-protection: 0
server: cafe
etag: 18075241702106780385
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 07:19:03 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/ Frame 5B4D 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c8c5ae8437903bcd9d8737d4c119c14492373d06e719215ba9ef065bc5e1186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 08:19:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26683
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1336
x-xss-protection: 0
server: cafe
etag: 4033927919502905291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 08:19:34 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B4D 74 KB
28 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfcd5cce51aa77a183d418b0848ed62e532f99e5c4943934298593eb7acd284b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603885550448160"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28759
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:17 GMT

GET
H3-Q050 200 14200569704753996450
tpc.googlesyndication.com/simgad/ Frame 5B4D 25 KB
25 KB 61ms
59ms Image
image/png 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14200569704753996450

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c5debc99c500c94a12bdf33c736b285e422bf5468194a6da373d51642334aff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:17 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Oct 2020 15:32:01 GMT
server: sffe
status: 200
x-dns-prefetch-control: off
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25529
x-xss-protection: 0
expires: Sat, 30 Oct 2021 15:44:17 GMT

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34d9891a81b9b276febf3b6f763ededd97fc364bd399e9446f71159be6cb1d0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603885550448160"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27554
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:17 GMT

GET
DATA 200
OK truncated
/ Frame 5B4D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d909307b4b483f291c181ac2cafde6b469589997542860023fe898004f30efd1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5B4D 0
21 B 57ms
56ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7mE-aemkcU_DCw7T90t6SAxVQOpGf1THnyUBEvx6Ny8vuwBzAkm5K1Ogk4cyhXF4BV0uQgvG9jT6IR0F9i6EyKoDk-l29E7xoudPbC8eCqUub1Ohe7BEhSvWurtOghP4v332tFbEyN9Dt0vUkwk40JhWzsD7NVoNE-17AK5d59wJaAB0peXs4uhoPpEhENvU_LfPQ6OcxRs0sNMX_ke5YPkUm6C2gxR4aQO9XALPKqj-jLhurkLGBh55QIRW5LpOmeIchWEym2Q&sig=Cg0ArKJSzPHbe9y32rGjEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:17 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
11 KB 94ms
94ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3408663934069352&correlator=222885729392702&output=ldjh&impl=fif&adsid=NT&eid=21068404&vrg=2020102901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201030&iu_parts=21883553441%2CLeaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dleaderboard2%26lid%3D5248479770&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3D146f31512ea6235f%3AT%3D1604072654%3AS%3DALNI_Mbr1rxKiys-ShOjYE52cXG5VVs8eA&bc=31&abxe=1&lmt=1604072658&dt=1604072658087&dlt=1604072653281&idt=1316&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=2250&adks=2588316086&ucis=4&ifi=4&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=61&icsg=4502365365596223&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x2064&msz=1600x90&psts=AGkb-H8zkyHOR9Dv6No2Fjz9Zuxot_ToM3FhPT392L4Wa0XqkUt-ZRThIW59CB50w2E1yGKq7wIRUzBXfu9qjbU%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=843163259.1604072655&ga_sid=1604072655&ga_hid=1507223732&fws=4&ohw=1600&btvi=2&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

50ea1827f393020bc5082b1a5661a343ffd22003b87ce7f32617e94d76d23086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:18 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10827
x-xss-protection: 0
google-lineitem-id: 5248479770
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138328554619
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 718B 0
0 56ms
56ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuGKmpro8becFnuOCkvc9BKD4KpPLqudgpGQpUNeOXzLsTwhOObFF2690dFolaB-TpbfF8HQgkCTFZkEtB-zg5xIl142HmyEZ69-K5cn6DVO8lCqfP1sN79VQTvvmR9fNb_GgLULl3UVDp7gZ64xZPnptUJXdh29Ed2x29UkK3x53zMEywff4GtRs-_YUcJso4cwKdyPk6tes-kpb2hn1CkujnDufIWBYDDQBOB5TgHHij23_Twds_L78d9s75LWlLgqqPTETY&sig=Cg0ArKJSzAqvPw4CBWP2EAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:18 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:18 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/ Frame 718B 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b80b713d82dafe9d86ff2b83dd557f60cbf887ac76483df35a75e6479b59c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 07:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30315
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7216
x-xss-protection: 0
server: cafe
etag: 18075241702106780385
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 07:19:03 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/ Frame 718B 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c8c5ae8437903bcd9d8737d4c119c14492373d06e719215ba9ef065bc5e1186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 08:19:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26684
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1336
x-xss-protection: 0
server: cafe
etag: 4033927919502905291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 08:19:34 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 718B 74 KB
28 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfcd5cce51aa77a183d418b0848ed62e532f99e5c4943934298593eb7acd284b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603885550448160"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28759
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:18 GMT

GET
H3-Q050 200 16781385292252014538
tpc.googlesyndication.com/simgad/ Frame 718B 26 KB
26 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16781385292252014538

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0a69e76b88e387f2b7d7aaba68d984f417c9da3b92352fe000735511abbf6fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 18:26:40 GMT
x-content-type-options: nosniff
age: 249458
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26893
x-xss-protection: 0
last-modified: Tue, 27 Oct 2020 18:04:27 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Oct 2021 18:26:40 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 718B 0
115 B 56ms
55ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvT-N5I3Vd13MCKIRRFocHWso-yLW6WJI7Ni0cZkbvc4z6KZ4mqLTfsFTp8358EYHq3DmWMHvV3ztpaofSVm_mjU4tF-JBq3LYykuDm3aXUP0WTR3vc3JIWEgJ_YXb8qzUXgDgvFxZkjxj-Lf5Sb9821lxU4ExpJ5YIOTXh1rYm3gPyl5K54D0hV3Y6woNVie0gC3Dq7e8ThxNwjLfsFXp4RHCHc9eNa_Yj61ran4d_DuTp2utJQ2An4XDRV994tfWBxv-JQYFVMA&sig=Cg0ArKJSzJqRCjjdLfWGEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:18 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:18 GMT

GET
DATA 200
OK truncated
/ Frame 718B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10d91fa50ab194aecde8ec9c8359cacf927342517fa930c3d1d159c530d79197

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5B4D 42 B
120 B 19ms
19ms Image
image/gif 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0SdpSN3CHd4B0sWXWype7xJvDYccuGq-VAuWsAo63ePxXdJ_xL-cyjQ8nmUsvmQE5gYA5GMR3jSS6N6pU0MRC6rcW_6WL_L_pGS64HzA&sig=Cg0ArKJSzNFWc9dULrJrEAE&adk=490734277&tt=-1&bs=1600%2C1200&mtos=0,1060,1060,1060,1060&tos=0,1060,0,0,0&p=170,436,260,1164&mcvt=1060&rs=0&ht=0&tfs=173&tls=1233&mc=0.99&lte=-1&bas=0&bac=0&met=mue&avms=nio&niot_obs=67&niot_cbk=75&md=2&btr=0&cpmav=0&lm=2&rst=1604072657058&dlt&rpt=154&isd=0&msd=0&xdi=0&postrxl=1&ps=1600%2C2896&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-11-11-11-0-0-0&tvt=1223&is=728%2C90&iframe_loc=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&r=v&id=osdim&vs=4&uc=12&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=728x90&itpl=3&v=20201028

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
11 KB 97ms
97ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3408663934069352&correlator=222885729392702&output=ldjh&impl=fif&adsid=NT&eid=21068404&vrg=2020102901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201030&iu_parts=21883553441%2CBox&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600%7C300x1050&prev_scp=pos%3Dbox1%26lid%3D5248479770&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1604072659&dt=1604072659210&dlt=1604072653281&idt=1316&frm=20&biw=1600&bih=1200&oid=3&adxs=1084&adys=403&adks=607498164&ucis=5&ifi=5&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=60&icsg=4502365365596223&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H8zkyHOR9Dv6No2Fjz9Zuxot_ToM3FhPT392L4Wa0XqkUt-ZRThIW59CB50w2E1yGKq7wIRUzBXfu9qjbU%2CAGkb-H_B2LUXNSsf874LxHFaaY7DC_MfoXYsaSNEuZ7aFbQ05UJsbv2QxFJ34SZGabNvddJqcZTko1qjaAXwe64%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=843163259.1604072655&ga_sid=1604072655&ga_hid=1507223732&fws=4&ohw=1600&btvi=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ab288dfb32dc77935fd075b2c8e92750317accd6ed5252af6bdc42636a10e701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11076
x-xss-protection: 0
google-lineitem-id: 5248479770
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138328613757
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8111 0
0 56ms
55ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst89ZdBbph5pt9dATv1bLgJ5_W35qjKXQeGTrNgWGQ3PCCBk4CVp6nOUkvtEBdwuevVMjB2LjDF3nzAuWVUqCyRAhoA_NyZ77C7go6c04FNu2F1DJ7ICcugzy8-BGAYyIvSajUF6k2QiJs8lBiK-SYwZh8pcytrSXl82uBGEHeGwpV8W5oxDsXWe-EiQPj5S_a85OuC570AiropaQhaAAoN9sFE9SpcaPNQImjzuB-Mj0ohKaX9i3eFnUxKiVmCKAy8tQ&sig=Cg0ArKJSzJS3earhilwQEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/ Frame 8111 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b80b713d82dafe9d86ff2b83dd557f60cbf887ac76483df35a75e6479b59c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 07:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7216
x-xss-protection: 0
server: cafe
etag: 18075241702106780385
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 07:19:03 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/ Frame 8111 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c8c5ae8437903bcd9d8737d4c119c14492373d06e719215ba9ef065bc5e1186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 08:19:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26685
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1336
x-xss-protection: 0
server: cafe
etag: 4033927919502905291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 08:19:34 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8111 74 KB
28 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfcd5cce51aa77a183d418b0848ed62e532f99e5c4943934298593eb7acd284b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603885550448160"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28759
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:19 GMT

GET
H3-Q050 200 13409551261881179104
tpc.googlesyndication.com/simgad/ Frame 8111 16 KB
16 KB 43ms
42ms Image
image/png 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13409551261881179104

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4eabdbeb0b950e188a78e054943766d401cf02b1bd4d62308898c451cce535ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:19 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Oct 2020 15:32:01 GMT
server: sffe
status: 200
x-dns-prefetch-control: off
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16668
x-xss-protection: 0
expires: Sat, 30 Oct 2021 15:44:19 GMT

GET
DATA 200
OK truncated
/ Frame 8111 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 955cc70dba690bea15272a86dc5dd6f74871a8340a3ab1a690c9aba6e4e06652

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8111 0
21 B 56ms
56ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEZDJHVbSzMgxk-ZKhOzzELAOJTc2caIUePYNfoiU5hTTJWCCw7stEJ3P9vVwu5TJ9ctfeoBr9XIR2eOMXcjhd_mqq4bRsxov4yzyo6aNhPzqC3Q-K51hHGwyk_HojobJD6aW9r6CYjCXp5HKL3e1Ht_5IN3REGthe38B0B6dtFtgyS0giNp5bAtW2djrt8mDvMJj_IaHkiev1iqCkYyRJaTDw5NLcg9XUKt43sRIIfGj1hKOTBw3FVrByM0r1b74m64-f&sig=Cg0ArKJSzK3MpEIzogvrEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
11 KB 96ms
95ms XHR
text/plain 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3408663934069352&correlator=222885729392702&output=ldjh&impl=fif&adsid=NT&eid=21068404&vrg=2020102901&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201030&iu_parts=21883553441%2CBox&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dbox2%26lid%3D5248479770&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D106972%26env%3Dlive%26sid%3DCybercrime%252CFeatured%252CMalware%252CSecurity_News%26cat%3DCybercrime%252CMalware%26isnht%3Dfalse&cookie=ID%3Da2bad109fb039d6a%3AT%3D1604072659%3AS%3DALNI_MaxtL76BUoqYVxZt3mEp651A63SoQ&bc=31&abxe=1&lmt=1604072660&dt=1604072660326&dlt=1604072653281&idt=1316&frm=20&biw=1600&bih=1200&oid=3&adxs=1084&adys=2450&adks=1048971383&ucis=6&ifi=6&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&dssz=60&icsg=4502365365596223&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&psts=AGkb-H8zkyHOR9Dv6No2Fjz9Zuxot_ToM3FhPT392L4Wa0XqkUt-ZRThIW59CB50w2E1yGKq7wIRUzBXfu9qjbU%2CAGkb-H_B2LUXNSsf874LxHFaaY7DC_MfoXYsaSNEuZ7aFbQ05UJsbv2QxFJ34SZGabNvddJqcZTko1qjaAXwe64%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H8LMZfywFaGkEU1GqDKsngkxLLFyfosTQvVqSHyOXB9KJS3tASZPmDiR6V8NqaKRGXPGtKooRrHLzLgd8c&ga_vid=843163259.1604072655&ga_sid=1604072655&ga_hid=1507223732&fws=4&ohw=1600&btvi=3&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

ab9036fc470c374cbf74e39cb36f5e21531964651ab9e3d6913d04d32e5b3a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10798
x-xss-protection: 0
google-lineitem-id: 5248479770
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138328094093
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame F3B6 0
0 56ms
56ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBorBfOhFCIdn5ksTB-7nBXan1_1YlMCA0tqVoKML2L1f_yeJzjVXY4VVVoleTe69CzcZdGUg2_amkvO_V2Iy3uUc0IeIdEBtqyer6SzqS93fVAsdAiD4386Sf2wOblSn4OjsxQRmHxWTVu9aI8vipdtBqj_8NvvKHJOrKzxFmrvQ_bK9OJhVXL_-Qwj4ro5kcjOVj447rlSJgU-QBOicSr4I9N8Vabu3L9EStadinCYUiNV-79R4SgwaJFAyAW0Qwdg&sig=Cg0ArKJSzFI3ChN4s_WeEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:20 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/ Frame F3B6 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51b80b713d82dafe9d86ff2b83dd557f60cbf887ac76483df35a75e6479b59c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 07:19:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7216
x-xss-protection: 0
server: cafe
etag: 18075241702106780385
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 07:19:03 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/ Frame F3B6 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20201027/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c8c5ae8437903bcd9d8737d4c119c14492373d06e719215ba9ef065bc5e1186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 08:19:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26686
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1336
x-xss-protection: 0
server: cafe
etag: 4033927919502905291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Nov 2020 08:19:34 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame F3B6 74 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfcd5cce51aa77a183d418b0848ed62e532f99e5c4943934298593eb7acd284b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 15:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603885550448160"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28759
x-xss-protection: 0
expires: Fri, 30 Oct 2020 15:44:20 GMT

GET
H3-Q050 200 16278482615296912279
tpc.googlesyndication.com/simgad/ Frame F3B6 28 KB
28 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:814::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16278482615296912279

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020102901.js?21068404

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2160b5f1973667f258e1369f8b60dde910746cf024d9ecc930f948fa4c5756a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 27 Oct 2020 18:26:42 GMT
x-content-type-options: nosniff
age: 249458
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28975
x-xss-protection: 0
last-modified: Tue, 27 Oct 2020 18:04:26 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Oct 2021 18:26:42 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame F3B6 0
21 B 56ms
55ms Image
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYZBl0eqLwtQZDxnsEsNL173pL6rTjjbEJdTCtxcEgQuHHGch3NX9RXDtpuww6InTSNxOt3cVQE3fH1GM0wumhNjkQ8pF7S8BlBOBl0V7ruWV2TUem7-Csh9ZBh2ARLsI8MqV9ydA7pJmQsrs6Qf2ecPgj7cV1uzDnl31f2H-uFITde761iMgk9kX9NWocN5D7hQQkskWRKbhXybhSST9BALuoMuY-UrVAQSNuAV67f04NboJ1dp-Zf4ee-ra6tovk4ucW&sig=Cg0ArKJSzK4i8IilwylXEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 30 Oct 2020 15:44:20 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F3B6 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c2003aaedb1eb14d28891352b047007e1c07f0ab6bae5195147d955beb2a808

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 8111 42 B
70 B 15ms
14ms Image
image/gif 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuQwWCanMo_AEKIG_Gl0biRPcyJ3lfFeZOcp1hnrbIhQ9oXlBVWX7hm7xjKUJLazyZRScFKEjL7bXjzYqzb3_vI0a8Zc0KD1kFhk47XpTc&sig=Cg0ArKJSzLLMtM6ksJnVEAE&adk=607498164&tt=-1&bs=1600%2C1200&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&p=403,1084,653,1384&mcvt=1009&rs=3&ht=0&tfs=124&tls=1133&mc=1&lte=-1&bas=0&bac=0&met=mue&avms=nio&niot_obs=22&niot_cbk=26&md=2&btr=0&cpmav=0&lm=2&rst=1604072659321&dlt&rpt=25&isd=0&msd=0&xdi=0&postrxl=1&ps=1600%2C3396&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-2-11-11-0-0-0&tvt=1132&is=300%2C250&iframe_loc=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fmalware%2Fexclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk%2F&r=v&id=osdim&vs=4&uc=12&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=300x250&itpl=3&v=20201028

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Oct 2020 15:44:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.scmagazine.com/	1970-01-19 22:56:08	Name: __gads Value: ID=146f31512ea6235f-226f78c81ab900ae:T=1604072654:S=ALNI_MaO3NTj1sP2alhkH8xjZVgZyyy0sA
.scmagazine.com/	1970-01-19 22:20:08	Name: oly_anon_id Value: %220fb1c043-c508-44dd-bea6-402dea413e87%22
.scmagazine.com/	1970-01-19 22:20:08	Name: oly_enc_id Value: null
www.scmagazine.com/	1969-12-31 23:59:59	Name: dpm_url_count Value: 1
www.scmagazine.com/	1969-12-31 23:59:59	Name: dpm_time_site Value: 1.011
.www.scmagazine.com/	1970-01-19 13:34:36	Name: feathr_session_id Value: 5f9c34ce512a12d82738f8ba
.scmagazine.com/	1970-01-20 07:05:44	Name: _ga Value: GA1.2.843163259.1604072655
.scmagazine.com/	1970-01-19 13:34:32	Name: _gat_UA-1290429-10 Value: 1
.scmagazine.com/	1970-01-19 13:35:59	Name: _gid Value: GA1.2.833616022.1604072655
.scmagazine.com/	1970-01-19 14:17:44	Name: __cfduid Value: d4e3c10ce1b2c0d521e12976facbab7481604072652
www.scmagazine.com/home/security-news/malware/exclusive-trojan-apparently-infects-ncr-posing-possible-supply-chain-risk	1969-12-31 23:59:59	Name: hasLiveRampMatch Value: true

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.scmagazine.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://c.lytics.io/api/tag//lio.js(Line 1) Message: Missing required params.
console-api	log	URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js(Line 46) Message: olytics fire called
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1602013507(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1602013507(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1602013507(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1602013507(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1602013507(Line 1) Message: [ABD] exiting test loop - value: false

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6b18cd5ce9bca36c0ae1fb0ed3ac7560.safeframe.googlesyndication.com
a.dpmsrv.com
adservice.google.com
adservice.google.de
api-54-218-89-177.b2c.com
api.b2c.com
c.lytics.io
cdn.feathr.co
cm.g.doubleclick.net
content.maropost.com
fonts.googleapis.com
fonts.gstatic.com
ib.adnxs.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
marco.feathr.co
match.adsrvr.org
olytics.omeda.com
oqs.omeda.com
pagead2.googlesyndication.com
polo-v1.feathr.co
polo.feathr.co
px.ads.linkedin.com
s.dpmsrv.com
s3.amazonaws.com
script.crazyegg.com
secure.gravatar.com
securepubads.g.doubleclick.net
snap.licdn.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.scmagazine.com
13.225.73.5
143.204.89.59
172.217.22.66
204.180.130.159
204.180.130.165
216.58.212.162
2600:1f14:e96:5800:2079:9f67:f03e:d5a8
2600:1f14:e96:5802:f22c:13d5:fce0:daa1
2600:9000:20d7:b000:a:1779:3180:93a1
2606:4700:20::681a:216
2606:4700:20::681a:3d7
2606:4700:3033::681c:60b
2606:4700::6813:9308
2620:1ec:21::14
2a00:1450:4001:801::2003
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2001
2a00:1450:4001:80b::2008
2a00:1450:4001:814::2001
2a00:1450:4001:815::2003
2a00:1450:4001:819::2002
2a00:1450:4001:81a::2004
2a00:1450:4001:81f::200a
2a00:1450:4001:825::2002
2a00:1450:400c:c07::9b
2a02:26f0:eb:39c::25ea
2a04:fa87:fffe::c000:4902
2a05:f500:10:101::b93f:9105
3.229.100.58
34.120.207.148
34.246.127.166
37.252.172.38
52.17.148.237
52.216.139.5
54.144.112.83
54.218.89.177
65.9.19.119
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0be7154007bc03ccee72d7901b8591d4fd26ba6a7ec0c3db435b0089506cc867
0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a
10d91fa50ab194aecde8ec9c8359cacf927342517fa930c3d1d159c530d79197
148b35f5e5d3dd37d6fc44caa577d6b478b0a62bb1200439d1f77e21f9c88c64
1a9bcb1cc2cb1d0cf031ef290b4df3594eb3e4486db13dfcf1f74c3e2a3e7460
1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1f3d0b143e77c67dca2473e79a556806b0a456ad19355e22f57381b274e1480e
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c20686f220dbdb4e1c33d0205efd662a266438dff9cf87e319604616c467121
2dd35cc2be90cf39853f9f8268016be1cac7f7c69d0aa73352febe5a95b14edd
2f61e74f8dfd64debe6c2f8272986e4bc0c1d83f115d2a44c3f601d0e2f39ca8
317f4c187a4fdc4dfc565ce4e2b61e8b4ad207e8ea7b2554d548d86a0c593ffb
34d9891a81b9b276febf3b6f763ededd97fc364bd399e9446f71159be6cb1d0c
377246b6dd158e127d1ab5bcc3a5837b31f493ed027e5719529ddf149fbbcaec
3c5debc99c500c94a12bdf33c736b285e422bf5468194a6da373d51642334aff
3e716b9965d602a7f29c08ad5c3f022a684ec00aa4b2818f12eb488c855d6dc9
40c7f1e3bcc7ce1386869af80a42998c18361cfc3f9b48b662581af111c0cd5a
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4eabdbeb0b950e188a78e054943766d401cf02b1bd4d62308898c451cce535ca
50ea1827f393020bc5082b1a5661a343ffd22003b87ce7f32617e94d76d23086
51b80b713d82dafe9d86ff2b83dd557f60cbf887ac76483df35a75e6479b59c5
559382b44a7cb0b397c474fe76532f50b622824e15440784425d1f4a42a991de
579a9beff0c400b8b0e87f99d32c3ec8b2b3232232d6ac63438434a0a0d7a8b7
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a
5c14a94a28817f61a07c64ad2431d29662763ae0237fb0317d4aeede78e5d24b
5c2003aaedb1eb14d28891352b047007e1c07f0ab6bae5195147d955beb2a808
5e8095cad5b71456e02e88835892814dba44009f6403b5a84416db008e5d357f
64beb09ad8948686bfee71d88ea70da6a78d9c29eadf0253f8c9756ddcfb2539
6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9
66b1ed6ba37361b3980201fb5497295a800ac23ed60bc199e7007b9b6217244a
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
68330f6767efe4ea90f23cb4bb722810d19758395bc24f59c7c893c0d4ae69ce
68982ee6196eb7359c0e994cf756b10ea98c02867ee595b560d11c1e48a39bde
6baddfd48fe0348bba0ee409eb7a73e697a1621849f81f33a97958a737d236fe
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
7977b4e4f640b8099f1f05d09b568d190977386a69173baef976892ea52eadd9
7f04f44a1c1a74008ad1664376e41f8db356fb030ad0d757ad2141d36989d32f
806c9975656fb05571e902f1154303c7b1553ae12444ca54da5b1a150007146c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811
8e1c678764d16a66f783dfd8bee93916cf2b055635cef0362bc0640b610df5b5
90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13
955cc70dba690bea15272a86dc5dd6f74871a8340a3ab1a690c9aba6e4e06652
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9c8c5ae8437903bcd9d8737d4c119c14492373d06e719215ba9ef065bc5e1186
a2160b5f1973667f258e1369f8b60dde910746cf024d9ecc930f948fa4c5756a
a352a536fca60ea189e87e14fedf938b32e79d2b677ef4ec24762829d3c105fe
a716b26ff515ccfb6f33b4b06b82c9587674938c5994d81e261ef41907d57529
a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264
a9acec177f962e74fbcc456f7a35383c3d2f46471ded3410366f96effb6d56d1
ab288dfb32dc77935fd075b2c8e92750317accd6ed5252af6bdc42636a10e701
ab7385bc83ced10d8f10ccbc3c714a0e3e44fad6aca40c8c007b5f84af5f9120
ab9036fc470c374cbf74e39cb36f5e21531964651ab9e3d6913d04d32e5b3a00
abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7
ad6110f575081c4de945f980ccf2e045737f164ad2a3d294daffd192f7a5c914
b421ab18e7ddb3cce7b3aab8d1e0eee05e60d080aef800c2cfd3b8e1d0a32971
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
bfcd5cce51aa77a183d418b0848ed62e532f99e5c4943934298593eb7acd284b
c0e1496a92d5756e5d4da2993d5bf9af1d22fdf9afef1a830b044f9bee4bbc0e
c9729d6e62c9df65567bbcd5b1b8353617b67d36c4c3d6d7a97e0a092a2872e5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1
d0a69e76b88e387f2b7d7aaba68d984f417c9da3b92352fe000735511abbf6fa
d355938847d0ab535862a8040e6f4b200ef04a76ea6c72b3e10bd1442c2fd0db
d909307b4b483f291c181ac2cafde6b469589997542860023fe898004f30efd1
d92ccaf2a33b612e982428c2367bbb80f08656fe342b004583b39a6dc74191fa
dcc6f3e870333d7408f543f7085b40b8aa8a1ea7ef0aa36f39724bcd8bdaf390
dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e65869de87ae36bcf57bc3d7983c67fb9abfd8c9c4847a80f264eb657eb5ae75
e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5
eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848
ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f1d0b1a9de0c9552e3fa4072ae4007a3a98a1855fc2736dd46dacaf121441eed
f8c3bc6b4612e018296f32dec014b0e8d4c8ef0c7ff449f26a28b641d3497da1
f97198b77ce6aac255300df17268bb253b8b5827df2407d8a8743f0531ed1918
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
fefbf917f09dacfc59fdcd21a8c4599e89349a705afebcd83e677e1faf1498d0

www.scmagazine.com Open in urlscan Pro 2606:4700:20::681a:3d7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

125 Requests

100 %HTTPS

59 %IPv6

24 Domains

39 Subdomains

34 IPs

5 Countries

3281 kBTransfer

5143 kBSize

11 Cookies

16 Outgoing links

Redirected requests

125 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.scmagazine.com Open in urlscan Pro
2606:4700:20::681a:3d7 Public Scan

Screenshot
Live screenshot

Full Image

125
Requests

100 %
HTTPS

59 %
IPv6

24
Domains

39
Subdomains

34
IPs

5
Countries

3281 kB
Transfer

5143 kB
Size

11
Cookies

125 HTTP transactions
4 data transactions