URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Submission: On September 17 via api from IN — Scanned from US

Summary

This website contacted 32 IPs in 2 countries across 25 domains to perform 118 HTTP transactions. The main IP is 2606:4700::6812:16a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.intego.com.
TLS certificate: Issued by WE1 on July 22nd 2024. Valid for: 3 months.
This is the only time www.intego.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
53 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
4 192.0.77.2 2635 (AUTOMATTIC)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 23.56.163.208 16625 (AKAMAI-AS)
3 192.0.76.3 2635 (AUTOMATTIC)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 151.101.128.84 54113 (FASTLY)
4 199.232.192.134 54113 (FASTLY)
2 2606:2800:220... 15133 (EDGECAST)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2620:1ec:33:1... 8075 (MICROSOFT...)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2 2620:116:800b... 14618 (AMAZON-AES)
2 182.22.24.252 23816 (YAHOO Yah...)
2 151.101.128.134 54113 (FASTLY)
1 2600:9000:21d... 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 192.184.68.228 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2a03:2880:f11... 32934 (FACEBOOK)
1 2607:f8b0:400... 15169 (GOOGLE)
3 182.22.30.220 23816 (YAHOO Yah...)
2 2001:4998:14:... 14777 (YAHOO)
1 52.201.168.86 14618 (AMAZON-AES)
118 32
Apex Domain
Subdomains
Transfer
53 intego.com
www.intego.com
547 KB
7 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 130
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45
td.doubleclick.net — Cisco Umbrella Rank: 189
5 KB
7 wp.com
i2.wp.com — Cisco Umbrella Rank: 8096
i0.wp.com — Cisco Umbrella Rank: 4113
stats.wp.com — Cisco Umbrella Rank: 3358
pixel.wp.com — Cisco Umbrella Rank: 3300
8 KB
6 disqus.com
macsecurityblog.disqus.com
disqus.com — Cisco Umbrella Rank: 1275
referrer.disqus.com — Cisco Umbrella Rank: 9577
50 KB
6 facebook.com
graph.facebook.com — Cisco Umbrella Rank: 177
www.facebook.com — Cisco Umbrella Rank: 106
5 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 43
379 KB
3 yahoo.co.jp
b91.yahoo.co.jp — Cisco Umbrella Rank: 112427
22 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 140
128 B
3 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1497
pixel.quantserve.com — Cisco Umbrella Rank: 1058
pixel-ssn.quantserve.com — Cisco Umbrella Rank: 50099
11 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 361
15 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
2 KB
2 yimg.com
s.yimg.com — Cisco Umbrella Rank: 758
8 KB
2 yimg.jp
s.yimg.jp — Cisco Umbrella Rank: 7350
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 178
72 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 33
21 KB
2 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1491
28 KB
2 gstatic.com
fonts.gstatic.com
44 KB
2 bootstrapcdn.com
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3593
40 KB
1 yahoo.com
sp.analytics.yahoo.com — Cisco Umbrella Rank: 1617
676 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1541
1 KB
1 pinterest.com
widgets.pinterest.com — Cisco Umbrella Rank: 23941
426 B
1 addthis.com
s7.addthis.com — Cisco Umbrella Rank: 4609
361 B
1 apple.com
embed.podcasts.apple.com — Cisco Umbrella Rank: 60704
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 670
7 KB
0 linkedin.com Failed
www.linkedin.com Failed
118 25
Domain Requested by
53 www.intego.com www.intego.com
static.cloudflareinsights.com
4 www.facebook.com
4 www.googletagmanager.com www.intego.com
www.googletagmanager.com
www.google-analytics.com
3 b91.yahoo.co.jp s.yimg.jp
3 td.doubleclick.net www.googletagmanager.com
3 bat.bing.com www.intego.com
bat.bing.com
3 macsecurityblog.disqus.com www.intego.com
macsecurityblog.disqus.com
3 i2.wp.com www.intego.com
3 fonts.googleapis.com www.intego.com
2 s.yimg.com www.intego.com
s.yimg.com
2 www.google.com
2 googleads.g.doubleclick.net www.googletagmanager.com
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 disqus.com macsecurityblog.disqus.com
2 s.yimg.jp www.googletagmanager.com
2 connect.facebook.net www.intego.com
connect.facebook.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 pixel.wp.com
2 platform.twitter.com www.intego.com
platform.twitter.com
2 graph.facebook.com www.intego.com
2 fonts.gstatic.com fonts.googleapis.com
2 netdna.bootstrapcdn.com www.intego.com
netdna.bootstrapcdn.com
1 sp.analytics.yahoo.com
1 referrer.disqus.com
1 analytics.google.com www.googletagmanager.com
1 pixel-ssn.quantserve.com
1 pixel.quantserve.com 1 redirects
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com www.intego.com
1 widgets.pinterest.com www.intego.com
1 stats.wp.com www.intego.com
1 s7.addthis.com www.intego.com
1 embed.podcasts.apple.com www.intego.com
1 static.cloudflareinsights.com www.intego.com
1 i0.wp.com www.intego.com
0 www.linkedin.com Failed www.intego.com
118 36
Subject Issuer Validity Valid
intego.com
WE1
2024-07-22 -
2024-10-20
3 months crt.sh
bootstrapcdn.com
WE1
2024-07-23 -
2024-10-21
3 months crt.sh
upload.video.google.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA
2023-11-28 -
2024-12-28
a year crt.sh
cloudflareinsights.com
WE1
2024-09-03 -
2024-12-02
3 months crt.sh
beta.music.apple.com
Apple Public Server RSA CA 11 - G1
2024-08-11 -
2024-11-09
3 months crt.sh
odc-addthis-prod-01.oracle.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-09 -
2024-12-11
a year crt.sh
*.gstatic.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.google-analytics.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-06-26 -
2024-09-24
3 months crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-05 -
2025-08-07
a year crt.sh
*.disqus.com
Sectigo RSA Domain Validation Secure Server CA
2024-04-16 -
2025-04-16
a year crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-08 -
2025-07-07
a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03
2024-09-16 -
2025-03-15
6 months crt.sh
quantserve.com
R11
2024-08-23 -
2024-11-21
3 months crt.sh
edge01.yahoo.co.jp
Cybertrust Japan SureServer CA G4
2024-07-02 -
2025-08-01
a year crt.sh
*.g.doubleclick.net
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.doubleclick.net
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.google.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
mscedge01.yahoo.co.jp
Cybertrust Japan SureServer CA G4
2023-11-20 -
2024-12-19
a year crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA
2024-08-26 -
2024-10-16
2 months crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2024-07-30 -
2025-01-22
6 months crt.sh

This page contains 8 frames:

Primary Page: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Frame ID: 8DD4666D678E3EF2641053E424230FB5
Requests: 117 HTTP requests in this frame

Frame: https://embed.podcasts.apple.com/us/podcast/intego-mac-podcast/id1293834627?itsct=podcast_box&itscg=30200
Frame ID: 163F2F2102C1C7FB99CF9DC0C049B7C9
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.intego.com
Frame ID: 2C70D2D76BB17E64548CB0F1581F2BDF
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=macsecurityblog&t_i=101625%20https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2F%3Fp%3D101625&t_u=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&t_e=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_d=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_t=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&s_o=default
Frame ID: 5505E07612311747025E97A3F8B766AF
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1060047950?random=1726552887941&cv=11&fst=1726552887941&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4990z8564007za201zb564007&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&label=6cqzCOKomwIQzpi8-QM&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 632C9FD580E73F241C05D161CABEDA1E
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=macsecurityblog&t_i=101625%20https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2F%3Fp%3D101625&t_u=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&t_e=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_d=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_t=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs
Frame ID: 29328907740C1B6D1D677062259CB3BC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-QWFMBN7P7H&gacid=213951222.1726552888&gtm=45je4990v9117895345za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=938076111
Frame ID: 7A43814DF320E3122F652445E62FD334
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1060047950?random=1726552888419&cv=11&fst=1726552888419&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4990za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 60B3A9814F552B32C4B56DA11E416EEA
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

New macOS malware HZ RAT gives attackers backdoor access to Macs - The Mac Security Blog

Detected technologies

Overall confidence: 100%
Detected patterns
  • <(?:link|style)[^>]+"/sites/(?:default|all)/(?:themes|modules)/

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • addthis\.com/js/

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

118
Requests

98 %
HTTPS

68 %
IPv6

25
Domains

36
Subdomains

32
IPs

2
Countries

1276 kB
Transfer

3602 kB
Size

22
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103
  • https://pixel.quantserve.com/pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F;uht=2;fpan=1;fpa=P0-1364713464-1726552887884;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=intego.com;dst=0;et=1726552888031;tzo=600;ogl=locale.en_US%2Ctype.article%2Ctitle.New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Secur%2Cdescription.HZ%20RAT%20is%20brand-new%20macOS%20malware%20that%20gives%20remote%20attackers%20complete%20control%20o%2Curl.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attacker%2Csite_name.The%20Mac%20Security%20Blog%2Cimage.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fwp-content%2Fuploads%2F2024%2F09%2Fevil-rat-mac%2Cimage%3Awidth.400%2Cimage%3Aheight.260;ses=9263adb0-d23d-4c2d-8b9a-7cfb82c0d1d8;mdl= HTTP 302
  • https://pixel-ssn.quantserve.com/pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F;uht=2;fpan=1;fpa=P0-1364713464-1726552887884;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=intego.com;dst=0;et=1726552888031;tzo=600;ogl=locale.en_US%2Ctype.article%2Ctitle.New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Secur%2Cdescription.HZ%20RAT%20is%20brand-new%20macOS%20malware%20that%20gives%20remote%20attackers%20complete%20control%20o%2Curl.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attacker%2Csite_name.The%20Mac%20Security%20Blog%2Cimage.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fwp-content%2Fuploads%2F2024%2F09%2Fevil-rat-mac%2Cimage%3Awidth.400%2Cimage%3Aheight.260;ses=9263adb0-d23d-4c2d-8b9a-7cfb82c0d1d8;mdl=;dip=2444ed11-23d6-43ba-bc05-81dbd4904c6e

118 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
87 KB
22 KB
Document
General
Full URL
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
575bc463f838342c9906374f5227a681b6c301e25b57f8053657349a2212a73c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

age
2
alt-svc
h3=":443"; ma=86400
cf-cache-status
HIT
cf-edge-cache
cache,platform=wordpress
cf-ray
8c46e1b90f2f42ee-EWR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 17 Sep 2024 06:01:27 GMT
last-modified
Tue, 17 Sep 2024 06:01:25 GMT
link
<https://www.intego.com/mac-security-blog/wp-json/>; rel="https://api.w.org/" <https://www.intego.com/mac-security-blog/wp-json/wp/v2/posts/101625>; rel="alternate"; type="application/json" <https://wp.me/p4VAYd-qr7>; rel=shortlink
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
style.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/
135 B
314 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eeea020cc6ec6c8b66b20c48a9b69a5f14b8097bdb91c5420998eb842bcbae0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=512
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"200-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f6142ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
font-awesome.css
netdna.bootstrapcdn.com/font-awesome/3.1.1/css/
23 KB
6 KB
Stylesheet
General
Full URL
https://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2d30057d0a8007fb75fb8a6e4f82f59d3858d29ea176db9c73f665209e86123
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
894
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
16208900
cdn-cachedat
03/04/2024 08:41:56
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:50 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"bbd098fc6d8263878a58191b4b45e7a6"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
e23f0896ea9464d023b84f1020997b72
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
8c46e1b9697d0f3b-EWR
cdn-requestpullsuccess
True
css
fonts.googleapis.com/
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:200,400,700,200italic,400italic,700italic
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
83212a7016848fb3c92281449aeb751aaaac914aa50a90f1b35998c8f2b19cdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 17 Sep 2024 06:01:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 Sep 2024 06:01:27 GMT
style.min.css
www.intego.com/mac-security-blog/wp-includes/css/dist/block-library/
79 KB
10 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
10523
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"13abe-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b95f6242ee-EWR
expires
Tue, 01 Oct 2024 05:10:29 GMT
mediaelementplayer-legacy.min.css
www.intego.com/mac-security-blog/wp-includes/js/mediaelement/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
2592
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"2bf8-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b95f6442ee-EWR
expires
Tue, 01 Oct 2024 05:54:17 GMT
wp-mediaelement.min.css
www.intego.com/mac-security-blog/wp-includes/js/mediaelement/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
1156
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"105a-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b95f6642ee-EWR
expires
Tue, 01 Oct 2024 05:10:29 GMT
light_style.css
www.intego.com/mac-security-blog/wp-content/plugins/jquery-collapse-o-matic/
884 B
601 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/jquery-collapse-o-matic/light_style.css?ver=1.6
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d077683ec63c7d44f473554e688628da6cfdf84c0f223b6be00f2476600433a5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=1043
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:23 GMT
server
cloudflare
etag
W/"413-61ce448fe23c0-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f6842ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
bootstrap.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
99 KB
17 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/bootstrap.css?ver=1.0
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fb4cab423b2441335fc682b79687d8eb806aceb384c937c9b28534580593fd4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=121622
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"1db16-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f6942ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
bootstrap-responsive.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
16 KB
4 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/bootstrap-responsive.css?ver=1.0
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2dcaca89ae344f9ba12d903385c7c7096fe869e8f12605e81d9b88078bef18f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=21801
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"5529-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f6a42ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
layout-responsive.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
2 KB
928 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout-responsive.css?ver=1.0
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94562cfaffaf86145e9e271e11e2044a951dcf791bdf5769c3d58ba9acc44fdc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=3429
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"d65-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f6b42ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
social-logos.min.css
www.intego.com/mac-security-blog/wp-content/plugins/jetpack/_inc/social-logos/
12 KB
8 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css?ver=10.2.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
7898
last-modified
Wed, 10 Jul 2024 13:04:22 GMT
server
cloudflare
etag
"2f4a-61ce448eee180-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b95f6d42ee-EWR
expires
Tue, 01 Oct 2024 05:25:57 GMT
jetpack.css
www.intego.com/mac-security-blog/wp-content/plugins/jetpack/css/
85 KB
17 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/jetpack/css/jetpack.css?ver=10.2.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4f9c1995de9f92f05f1a5cd0c4987e359e1aa41613bb6a33f9c82837b29e6d8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=87188
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:22 GMT
server
cloudflare
etag
W/"15494-61ce448eee180-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f6f42ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
advanced-recent-posts-widget.css
www.intego.com/mac-security-blog/wp-content/plugins/advanced-recent-posts-widget/css/
582 B
443 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/advanced-recent-posts-widget/css/advanced-recent-posts-widget.css?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f538d5803d00836b5f946264abb64976a6416ab4cc16f8f83455a025a08ad014
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=744
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:22 GMT
server
cloudflare
etag
W/"2e8-61ce448eee180-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b95f7142ee-EWR
expires
Tue, 01 Oct 2024 05:25:57 GMT
rocket-loader.min.js
www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Sep 2024 18:11:43 GMT
server
cloudflare
etag
W/"66e08bdf-302c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
8c46e1b98f9642ee-EWR
expires
Thu, 19 Sep 2024 06:01:27 GMT
btn_search.png
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/
1 KB
1 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/btn_search.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85c1eb2c2a173feceba14abe8344fe9c7cb12aa1353f083f28a62f1a366763b9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=png, origSize=2462
content-disposition
inline; filename="btn_search.webp"
alt-svc
h3=":443"; ma=86400
content-length
1104
cf-bgj
imgq:85,h2pri
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"99e-61ce4490d6600"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b95f7342ee-EWR
expires
Tue, 01 Oct 2024 05:25:48 GMT
intego-podcast-artwork-400.jpg
www.intego.com/mac-security-blog/wp-content/uploads/2021/04/
7 KB
8 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2021/04/intego-podcast-artwork-400.jpg
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
903adc82f54bd61a22c1672000865fc19334735ba0ad395b361f67ccc2bdfd33
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
843
cf-polished
qual=85, origFmt=jpeg, origSize=18660
content-disposition
inline; filename="intego-podcast-artwork-400.webp"
alt-svc
h3=":443"; ma=86400
content-length
7550
cf-bgj
imgq:85,h2pri
last-modified
Mon, 05 Apr 2021 14:37:57 GMT
server
cloudflare
etag
"48e4-5bf3aa4c61bdf"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b95f7542ee-EWR
expires
Tue, 01 Oct 2024 05:47:24 GMT
X-Twitter-logo-icon-225.gif
www.intego.com/mac-security-blog/wp-content/uploads/2024/03/
1 KB
2 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/03/X-Twitter-logo-icon-225.gif
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b302bf527209ab634a379dc27b9a22838e88001e24df759794f13f2810725e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=gif, origSize=2235
content-disposition
inline; filename="X-Twitter-logo-icon-225.webp"
alt-svc
h3=":443"; ma=86400
content-length
1338
cf-bgj
imgq:85,h2pri
last-modified
Sat, 23 Mar 2024 04:04:57 GMT
server
cloudflare
etag
"8bb-6144c0b25a6d8"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9142ee-EWR
expires
Tue, 01 Oct 2024 05:25:57 GMT
Facebook-logo-icon-225.gif
www.intego.com/mac-security-blog/wp-content/uploads/2024/03/
1 KB
2 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/03/Facebook-logo-icon-225.gif
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd71e7bfa741c12ffde65deffbc1108ee85dfd3dfd200fb99c684c877fb364c4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=gif, origSize=3000
content-disposition
inline; filename="Facebook-logo-icon-225.webp"
alt-svc
h3=":443"; ma=86400
content-length
1510
cf-bgj
imgq:85,h2pri
last-modified
Sat, 23 Mar 2024 04:31:47 GMT
server
cloudflare
etag
"bb8-6144c6b242fb9"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9242ee-EWR
expires
Tue, 01 Oct 2024 05:20:04 GMT
YouTube-logo-icon-225.png
www.intego.com/mac-security-blog/wp-content/uploads/2024/03/
8 KB
9 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/03/YouTube-logo-icon-225.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f453faccde456fd8b4f8abdda945eaea20b7fdebbff4fdb3ae03e7f75622972
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=png, origSize=10479
content-disposition
inline; filename="YouTube-logo-icon-225.webp"
alt-svc
h3=":443"; ma=86400
content-length
8526
cf-bgj
imgq:85,h2pri
last-modified
Sat, 23 Mar 2024 04:04:57 GMT
server
cloudflare
etag
"28ef-6144c0b2d8678"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9442ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
Pinterest-logo-icon-225.png
www.intego.com/mac-security-blog/wp-content/uploads/2024/03/
10 KB
10 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/03/Pinterest-logo-icon-225.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d3c6be580921c6b730a51242bbcedd60998424bb68a659b82a94b8839e63b92
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=png, origSize=12807
content-disposition
inline; filename="Pinterest-logo-icon-225.webp"
alt-svc
h3=":443"; ma=86400
content-length
9932
cf-bgj
imgq:85,h2pri
last-modified
Sat, 23 Mar 2024 04:04:56 GMT
server
cloudflare
etag
"3207-6144c0b1d7918"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9742ee-EWR
expires
Tue, 01 Oct 2024 05:47:24 GMT
LinkedIn-logo-icon-225.gif
www.intego.com/mac-security-blog/wp-content/uploads/2024/03/
2 KB
2 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/03/LinkedIn-logo-icon-225.gif
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29c6beffd42fb25d6fe9ba5dd7c5a0262c9fab9e113de7c624e62fd3ed8ed41e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=gif, origSize=4358
content-disposition
inline; filename="LinkedIn-logo-icon-225.webp"
alt-svc
h3=":443"; ma=86400
content-length
2042
cf-bgj
imgq:85,h2pri
last-modified
Sat, 23 Mar 2024 04:04:55 GMT
server
cloudflare
etag
"1106-6144c0b10c718"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9942ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
Instagram-logo-icon-225.gif
www.intego.com/mac-security-blog/wp-content/uploads/2024/03/
8 KB
8 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/03/Instagram-logo-icon-225.gif
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b05fa232d19f1752ceaea7eec0110daa8d4401caa7d415fb4e08a3db60df3f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=gif, origSize=14606
content-disposition
inline; filename="Instagram-logo-icon-225.webp"
alt-svc
h3=":443"; ma=86400
content-length
8380
cf-bgj
imgq:85,h2pri
last-modified
Sat, 23 Mar 2024 04:31:48 GMT
server
cloudflare
etag
"390e-6144c6b2e517a"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9c42ee-EWR
expires
Tue, 01 Oct 2024 05:54:17 GMT
ios9-podcasts-app-tile.png
www.intego.com/mac-security-blog/wp-content/uploads/2017/10/
38 KB
38 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2017/10/ios9-podcasts-app-tile.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b0e8742416cb22d33029e1b4799431b847420b75c58f9eff600a2b15faa6e4a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=png, origSize=49061
content-disposition
inline; filename="ios9-podcasts-app-tile.webp"
alt-svc
h3=":443"; ma=86400
content-length
38692
cf-bgj
imgq:85,h2pri
last-modified
Tue, 31 Oct 2017 12:56:45 GMT
server
cloudflare
etag
"bfa5-55cd749891d40"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1b98f9d42ee-EWR
expires
Tue, 01 Oct 2024 05:25:48 GMT
woman-with-worried-concerned-upset-face-looking-at-her-iPhone-400x260-1.jpg
i2.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/05/
710 B
1 KB
Image
General
Full URL
https://i2.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/05/woman-with-worried-concerned-upset-face-looking-at-her-iPhone-400x260-1.jpg?resize=40%2C40&ssl=1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
7963f87cb07f8a42a168d9cdcf2ed0cd45583291c011849a322a29002d38957f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
710
x-nc
HIT jfk 1
last-modified
Mon, 29 Jul 2024 07:26:03 GMT
server
nginx
etag
"051c9c6f1241c750"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.intego.com/mac-security-blog/wp-content/uploads/2024/05/woman-with-worried-concerned-upset-face-looking-at-her-iPhone-400x260-1.jpg>; rel="canonical"
expires
Wed, 29 Jul 2026 19:26:03 GMT
apple-watch-bands-hero-400.jpg
i2.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/09/
622 B
1 KB
Image
General
Full URL
https://i2.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/09/apple-watch-bands-hero-400.jpg?resize=40%2C40&ssl=1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
f1193951467f0698533ba8fd3e78c9cc9e8852b1f5e2ea2a54f05b46ddc8b275
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
622
x-nc
HIT jfk 1
last-modified
Tue, 10 Sep 2024 15:05:16 GMT
server
nginx
etag
"764c648495a413e0"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.intego.com/mac-security-blog/wp-content/uploads/2024/09/apple-watch-bands-hero-400.jpg>; rel="canonical"
expires
Fri, 11 Sep 2026 03:05:16 GMT
macOS-Sequoia-on-old-white-MacBook-2009-400x260-1.jpg
i2.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/08/
514 B
947 B
Image
General
Full URL
https://i2.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/08/macOS-Sequoia-on-old-white-MacBook-2009-400x260-1.jpg?resize=40%2C40&ssl=1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
42b34f0823b708cc37e194c980748a6cf9de5964e659c4c44d861dd02877fa50
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
514
x-nc
HIT jfk 1
last-modified
Mon, 26 Aug 2024 07:08:23 GMT
server
nginx
etag
"805f95f35f9a0662"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.intego.com/mac-security-blog/wp-content/uploads/2024/08/macOS-Sequoia-on-old-white-MacBook-2009-400x260-1.jpg>; rel="canonical"
expires
Wed, 26 Aug 2026 19:08:23 GMT
sequoia-installer-400.png
i0.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/09/
2 KB
2 KB
Image
General
Full URL
https://i0.wp.com/www.intego.com/mac-security-blog/wp-content/uploads/2024/09/sequoia-installer-400.png?resize=40%2C40&ssl=1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
d8acb590859de744b30290b81039414fcc1f0ceb539cf8d29f8f8a0438cc935c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
1750
x-nc
HIT jfk 2
last-modified
Mon, 16 Sep 2024 22:59:29 GMT
server
nginx
etag
"a626345341581ef3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.intego.com/mac-security-blog/wp-content/uploads/2024/09/sequoia-installer-400.png>; rel="canonical"
expires
Thu, 17 Sep 2026 10:59:29 GMT
related.css
www.intego.com/mac-security-blog/wp-content/plugins/yet-another-related-posts-plugin/style/
495 B
460 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/yet-another-related-posts-plugin/style/related.css?ver=5.27.6
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48e3091c3e26309f1329bb7ee2812cf158deb93cd80fe6439e53e8d57e58d3d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
age
430
etag
W/"1ef-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b98f9542ee-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 01 Oct 2024 05:20:06 GMT
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
server
cloudflare
etag
W/"2024.6.1"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
8c46e1b9ba5c80df-EWR
id1293834627
embed.podcasts.apple.com/us/podcast/intego-mac-podcast/ Frame 163F
0
0
Document
General
Full URL
https://embed.podcasts.apple.com/us/podcast/intego-mac-podcast/id1293834627?itsct=podcast_box&itscg=30200
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:31::1739:5a4b Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
daiquiri/5 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: podcasts: com.apple.podcasts: itmss: itms-podcast: https://*.apple.com; img-src 'self' data: https://*.apple.com https://*.mzstatic.com; media-src *
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

apple-originating-system
UnknownOriginatingSystem
apple-seq
0.0
apple-tk
false
cache-control
no-transform, max-age=55
content-encoding
gzip
content-length
948
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: podcasts: com.apple.podcasts: itmss: itms-podcast: https://*.apple.com; img-src 'self' data: https://*.apple.com https://*.mzstatic.com; media-src *
content-type
text/html
date
Tue, 17 Sep 2024 06:01:27 GMT
etag
"a181fb584d88698738b21347f0e95c68"
expect-ct
max-age=86400, enforce
last-modified
Mon, 15 Jul 2024 19:16:16 GMT
server
daiquiri/5
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-apple-jingle-correlation-key
3ZQYC6IIQCVQPCP74TGUXW5SYE
x-apple-request-uuid
de618179-0880-ab07-89ff-e4cd4bdbb2c1
x-apple-version-number
2428.1.0
x-content-type-options
nosniff
x-daiquiri-instance
daiquiri:45887001:st44p00it-hyhk15124201:7987:24RELEASE186:daiquiri-amp-all-shared-int-001-st daiquiri:48493002:st44p00it-hyhk16134201:7987:24RELEASE186:daiquiri-amp-all-shared-ext-001-st daiquiri:42282005:st53p00it-qujn14050102:7987:24RELEASE186:daiquiri-amp-store-l7shared-ext-001-st
x-responding-instance
silverbullet-external:2032:st47p00it-qujn14040302:8301:24K1
x-xss-protection
1; mode=block
reset.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
773 B
658 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/reset.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=1184
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"4a0-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b98f9e42ee-EWR
expires
Tue, 01 Oct 2024 05:25:47 GMT
layout.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
24 KB
6 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5f5f25721168edeb2b63229c2ab58e5d7f987ee5e8aced298e7445111badf09
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=30980
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"7904-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b98f9f42ee-EWR
expires
Tue, 01 Oct 2024 05:20:02 GMT
wrapper.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
256 KB
25 KB
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50a82e0e3e97292e27f203cea4c71f3acaff073c1cfb1dc8cd63999efc9de72e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=291157
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"47155-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b98fa042ee-EWR
expires
Tue, 01 Oct 2024 05:20:02 GMT
referrer-overrides.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
125 B
331 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/referrer-overrides.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaffceab986a8d791cfef18d2d1e28fe2dcaf40a8bdfaf4fd393b1a91c6f072b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=141
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"8d-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b98fa142ee-EWR
expires
Tue, 01 Oct 2024 05:20:02 GMT
print.css
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/
2 KB
560 B
Stylesheet
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/print.css
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
884a2330198f498e36d9e77bb5c7f4971b3d70c4411cf306a3afca8bb50bb94d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/style.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=3073
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"c01-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600
cf-ray
8c46e1b98fa342ee-EWR
expires
Tue, 01 Oct 2024 05:25:57 GMT
css2
fonts.googleapis.com/
3 KB
504 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@400;600;700;900&display=swap
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
266fc6c7a849c593382767fc93937cd9fecf56a5c7abac6b938153f001a2359a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 17 Sep 2024 06:01:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 Sep 2024 06:01:27 GMT
css2
fonts.googleapis.com/
4 KB
517 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@300;400;500;600;700&display=swap
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3362186a709ce7cffcc17f7cbd317bddb60bd6409cc7b3d8c9f364f03152f6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 17 Sep 2024 06:01:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 Sep 2024 06:01:27 GMT
addthis_widget.js
s7.addthis.com/js/300/
56 B
361 B
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.208 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-208.deploy.static.akamaitechnologies.com
Software
Oracle API Gateway /
Resource Hash
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 17 Sep 2024 06:01:27 GMT
server
Oracle API Gateway
opc-request-id
/34C0B3DE5142B6D920B43AC39F80798B/3AE6B785CB6FA5B3A1C4D1E0E251CE25
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/javascript
x-distribution
99
x-host
s7.addthis.com
content-length
76
x-xss-protection
1; mode=block
e-202438.js
stats.wp.com/
7 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202438.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT jfk
date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/14421-1717166113344.7605
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
alt-svc
h3=":443"; ma=86400
expires
Mon, 15 Sep 2025 17:30:02 GMT
sharing.min.js
www.intego.com/mac-security-blog/wp-content/plugins/jetpack/_inc/build/sharedaddy/
12 KB
4 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.2.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
3807
last-modified
Wed, 10 Jul 2024 13:04:22 GMT
server
cloudflare
etag
"2f6d-61ce448eee180-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba380342ee-EWR
expires
Tue, 01 Oct 2024 05:25:58 GMT
wp-embed.min.js
www.intego.com/mac-security-blog/wp-includes/js/
1 KB
983 B
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/wp-embed.min.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
843
alt-svc
h3=":443"; ma=86400
content-length
765
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"592-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba380542ee-EWR
expires
Tue, 01 Oct 2024 05:47:24 GMT
collapse.js
www.intego.com/mac-security-blog/wp-content/plugins/jquery-collapse-o-matic/js/
15 KB
3 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/jquery-collapse-o-matic/js/collapse.js?ver=1.6.23
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1711944c7b1540085ff5f7ee6cfa0e2fb504383825d4739ec799b4fd0dd69e7d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=21298
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:23 GMT
server
cloudflare
etag
W/"5332-61ce448fe23c0-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
cf-ray
8c46e1ba380642ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
comment_embed.js
www.intego.com/mac-security-blog/wp-content/plugins/disqus-comment-system/public/js/
878 B
586 B
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.22
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=1232
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:22 GMT
server
cloudflare
etag
W/"4d0-61ce448eee180-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
cf-ray
8c46e1ba380842ee-EWR
expires
Tue, 01 Oct 2024 05:54:17 GMT
comment_count.js
www.intego.com/mac-security-blog/wp-content/plugins/disqus-comment-system/public/js/
708 B
591 B
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=889
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:22 GMT
server
cloudflare
etag
W/"379-61ce448eee180-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
cf-ray
8c46e1ba380942ee-EWR
expires
Tue, 01 Oct 2024 05:20:06 GMT
comment-reply.min.js
www.intego.com/mac-security-blog/wp-includes/js/
3 KB
2 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/comment-reply.min.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
1346
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"ba8-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba380c42ee-EWR
expires
Tue, 01 Oct 2024 05:47:24 GMT
tracking.js
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/
3 KB
1 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/tracking.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad480458e8c9c476d4bed65c1df11a68284c9244342d977064bf4a0efd9e3ff5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=4191
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"105f-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
cf-ray
8c46e1ba380d42ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
scripts.js
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/
11 KB
4 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/scripts.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39511dff8f9d64434df213852f4f6a8964847c8e086da423e336b10ae422b678
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=19243
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"4b2b-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
cf-ray
8c46e1ba480e42ee-EWR
expires
Tue, 01 Oct 2024 05:10:29 GMT
modernizr-1.6.min.js
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/
9 KB
4 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/modernizr-1.6.min.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0140ed5069f22e4aa8bb1a1fc615c39fc55d7d64e94be541615f1c5a30ae479b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
3717
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"255b-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba481042ee-EWR
expires
Tue, 01 Oct 2024 05:10:29 GMT
html5shiv.js
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/
2 KB
1 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/html5shiv.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b859cc611126401cdc38d803ac7c5967ee5da1a626e00318700ea88df55da1b9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origSize=2376
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
W/"948-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
cf-ray
8c46e1ba481142ee-EWR
expires
Tue, 01 Oct 2024 05:10:29 GMT
bootstrap.min.js
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/
25 KB
7 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/js/bootstrap.min.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7587369160233b751c90ccc2043b7fdfd7eb1f0d9aa610371b43f4b3419fa83f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
6816
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"648f-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba481242ee-EWR
expires
Tue, 01 Oct 2024 05:10:29 GMT
jquery-migrate.min.js
www.intego.com/mac-security-blog/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
4169
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"2bd8-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba481442ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
jquery.min.js
www.intego.com/mac-security-blog/wp-includes/js/jquery/
87 KB
30 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: www.intego.com
URL: https://www.intego.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
alt-svc
h3=":443"; ma=86400
content-length
30908
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"15db1-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba481542ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
logo2.png
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/
3 KB
3 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/logo2.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e3faa302181b852e63034b619d928577e5e641d8502b630dd654cc6f0aa18ce
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/wrapper.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
2129
cf-polished
origFmt=png, origSize=3741
content-disposition
inline; filename="logo2.webp"
alt-svc
h3=":443"; ma=86400
content-length
2892
cf-bgj
imgq:85,h2pri
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"e9d-61ce4490d6600"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba481642ee-EWR
expires
Tue, 01 Oct 2024 05:25:58 GMT
blog_header_bg.gif
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/
3 KB
3 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/blog_header_bg.gif
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17aebab8504111847bb14d190557397752564704ba02e65f98c5fde9995fc834
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
origFmt=gif, origSize=5992
content-disposition
inline; filename="blog_header_bg.webp"
alt-svc
h3=":443"; ma=86400
content-length
3064
cf-bgj
imgq:85,h2pri
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"1768-61ce4490d6600"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba581842ee-EWR
expires
Tue, 01 Oct 2024 05:20:03 GMT
share_divider.png
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/
166 B
459 B
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/share_divider.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffa8b5c0d78def1b71617c0ae00e01b295bc29e2e227ba0dc84469a9ba39259c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
2844
cf-polished
origFmt=png, origSize=1219
content-disposition
inline; filename="share_divider.webp"
alt-svc
h3=":443"; ma=86400
content-length
166
cf-bgj
imgq:85,h2pri
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"4c3-61ce4490d6600"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba581a42ee-EWR
expires
Tue, 01 Oct 2024 04:40:07 GMT
sidebar_divider.jpg
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/
154 B
456 B
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/sidebar_divider.jpg
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25b786ec50525130cddd67183bc696608e1fc88651fe5d1d953667e9f4643c4d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
430
cf-polished
qual=85, origFmt=jpeg, origSize=1779
content-disposition
inline; filename="sidebar_divider.webp"
alt-svc
h3=":443"; ma=86400
content-length
154
cf-bgj
imgq:85,h2pri
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"6f3-61ce4490d6600"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1ba581c42ee-EWR
expires
Tue, 01 Oct 2024 04:54:17 GMT
truncated
/
529 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ecf7fe958f132008eb2eaeda1a079451a62372838a6c18d9e1353f64e48172a

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93b94b74b73c37bcb3e6d8cada57b5ce45d7bd3fe5e3b2b6194a702d1353e1a0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
978 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62d2cc93ab8f52afb7379b9fabdc6f383f7700367cda04191ad1a8158c449c23

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
746 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
114773206c8b1ef17f1865f1fd0acb5ee36aa4f666718144698063fd295a0f65

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
124d5d7d1a1e13e129ad8ffbba218f6fd857f706d9af89d05d2686a0627ce127

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2
fonts.gstatic.com/s/redhatdisplay/v19/
28 KB
29 KB
Font
General
Full URL
https://fonts.gstatic.com/s/redhatdisplay/v19/8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@400;600;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25ea6c91f8fbcbd412919dbb47da3e432622997eb37a3139fad5d21d59135962
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 16:14:28 GMT
x-content-type-options
nosniff
age
481619
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29072
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 21:14:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 11 Sep 2025 16:14:28 GMT
DagnyWebPro.woff
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/webfonts/
39 KB
39 KB
Font
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/webfonts/DagnyWebPro.woff
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
364c1179390530ea06c6636e2f314aa1091d460c4c6e369c6689a0fe31672054
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1
alt-svc
h3=":443"; ma=86400
content-length
40116
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"9cb4-61ce4490d6600"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1baa85542ee-EWR
expires
Tue, 01 Oct 2024 06:01:26 GMT
fontawesome-webfont.woff
netdna.bootstrapcdn.com/font-awesome/3.1.1/font/
34 KB
34 KB
Font
General
Full URL
https://netdna.bootstrapcdn.com/font-awesome/3.1.1/font/fontawesome-webfont.woff?v=3.1.0
Requested by
Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e58b78b5844a988d67532b4683a6e8b3235b3d56d319727e65f460805bbdec4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://netdna.bootstrapcdn.com/font-awesome/3.1.1/css/font-awesome.css
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1029
age
696360
cdn-cachedat
01/02/2023 00:18:11
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
34420
last-modified
Mon, 25 Jan 2021 22:04:51 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
"9434b081ed2d237abfe96e832592ef15"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
c4d9a625fe5209b2c148c0e7d04d8473
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
8c46e1babe0f1760-EWR
cdn-requestpullsuccess
True
DagnyWebPro-Bold.woff
www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/webfonts/
40 KB
40 KB
Font
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/webfonts/DagnyWebPro-Bold.woff
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
142bb04454d6124c28f12d43249615ae8903c9742ea86c024ef0602f4dd1446e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/css/layout.css
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
2
alt-svc
h3=":443"; ma=86400
content-length
40940
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"9fec-61ce4490d6600"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1baa85742ee-EWR
expires
Tue, 01 Oct 2024 05:10:33 GMT
truncated
/
7 KB
7 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e7d52bf5f53348ca036d8381f04bb01c93b3110ccac87ca3cb75fd1ce0a92c6

Request headers

Referer
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:200,400,700,200italic,400italic,700italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.intego.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 13 Sep 2024 17:00:34 GMT
x-content-type-options
nosniff
age
306053
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Sep 2025 17:00:34 GMT
evil-rat-macos-malware-emerging-jumping-from-apple-macbook-pro-600x400-1.jpg
www.intego.com/mac-security-blog/wp-content/uploads/2024/09/
39 KB
40 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2024/09/evil-rat-macos-malware-emerging-jumping-from-apple-macbook-pro-600x400-1.jpg
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86a9de4e1dd6d002b1f6adb84200766b15f0fac31f6b5b49907b6f71af061c11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1
cf-polished
degrade=85, origSize=101605, status=webp_bigger
alt-svc
h3=":443"; ma=86400
content-length
40381
cf-bgj
imgq:85,h2pri
last-modified
Thu, 05 Sep 2024 15:48:49 GMT
server
cloudflare
etag
"18ce5-621613a05bef2"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1bab85d42ee-EWR
expires
Tue, 01 Oct 2024 06:01:26 GMT
X9-Mac-Antivirus-Launch-300x150.png
www.intego.com/mac-security-blog/wp-content/uploads/2016/06/
27 KB
28 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2016/06/X9-Mac-Antivirus-Launch-300x150.png
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25aa0b7b8ad904efa464dc2b11da0975d77ef2ba0eb747b06b72c738b95e581d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
1
cf-polished
origFmt=png, origSize=47876
content-disposition
inline; filename="X9-Mac-Antivirus-Launch-300x150.webp"
alt-svc
h3=":443"; ma=86400
content-length
27938
cf-bgj
imgq:85,h2pri
last-modified
Mon, 20 Jun 2016 03:34:07 GMT
server
cloudflare
etag
"bb04-535ad606e29c0"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1bab85e42ee-EWR
expires
Tue, 01 Oct 2024 06:01:26 GMT
wp-emoji-release.min.js
www.intego.com/mac-security-blog/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://www.intego.com/mac-security-blog/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
429
alt-svc
h3=":443"; ma=86400
content-length
4930
last-modified
Wed, 10 Jul 2024 13:04:24 GMT
server
cloudflare
etag
"4705-61ce4490d6600-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1bb38a242ee-EWR
expires
Tue, 01 Oct 2024 05:08:06 GMT
favicon.ico
www.intego.com/sites/all/themes/intego_3/dist/favicons/
401 KB
89 KB
Other
General
Full URL
https://www.intego.com/sites/all/themes/intego_3/dist/favicons/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04f5e859d2634d401e0b1e6f9a8d3abab7a5d10919e4a3aee96b7d5b90c25aec
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 10 Jul 2024 13:04:27 GMT
server
cloudflare
age
429
etag
W/"643e6-61ce4493b2cc0"
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
cache-control
max-age=1209600
cf-ray
8c46e1bb58bf42ee-EWR
alt-svc
h3=":443"; ma=86400
expires
Tue, 01 Oct 2024 04:58:57 GMT
gtm.js
www.googletagmanager.com/
345 KB
110 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-9WJ8
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a88cc37aedd930d312c51b70e7c01933a1d15ce441de8501ce6637ee68a6fbfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
112134
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 17 Sep 2024 06:01:27 GMT
/
graph.facebook.com/
202 B
317 B
XHR
General
Full URL
https://graph.facebook.com/?id=https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:1:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8b439808ec37387387c0c169a5e292a4de009f02c1b0c5fffa82231d5ebbe8ca
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
date
Tue, 17 Sep 2024 06:01:27 GMT
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1016547595
alt-svc
h3=":443"; ma=86400
content-length
202
proxy-status
http_request_error; e_fb_responsebytes="AcItkKkrFEiyvnWkAhSD00QGxYRdBLEhR_A31BCQ2a_9fvBnDHVIYpwZkgC-"; e_fb_requesttime="AcKZspV_cbmu5wvUJch66hU8wrEgZC5QM84LHe0_8ymz2Sqe94V4VWfeuIJ-jNcMKLeA7qSpVQ"; e_proxy="AcJc5Qslu4JGhG-sEB-4R9wI2qvCo1kj9E1x5iOMDHlno1EmyL7muTVmeLZU8uAtHrE68-dM2nFCcK9BSzEo"; e_fb_binaryversion="AcLdEZQmaOB-TSWV3PwbX_cRy1zjIyhYXtkKYOd__IgXZhzVSy1fCvpNxPi4z4NWTXhJuwydGf72B0WR6gjUTk3OyPAXvpvjoG8"; e_fb_httpversion="AcITgevHhcB2qVkUPE6eB8KC8EE0BggPWW7x4bDbfg3QpzfUtfRBpklw0V4w"; e_fb_canaryid="AcIGakK5lIHhhnmBvC7llFtfHN4DG_rgnolR5Yre8ryC6rB0Hi1IYDRx68KyFsBPGkvbrTplamYBtqL0RLvcWcO3hk2u_D8bh-BaVpZHnwj3QM4qqJpwl3asfuMhQnmfZJDi38kMOcm3M5dDVtIGgQ"; e_fb_requestsequencenumber="AcJ5Dc-p7gVR9NQ7hW9TmDMrgiuqEDOpq6JJqzcG2d9iXPzgI2HQgmDwZ90V"; e_upip="AcLreri1HliEi7ITMIsS3qG9__QXwE6fGL9VlNLmhSJV0h85d9L7NuxkU7E836t0NLZnvpxvQg4C63_78wt54cPybRD5tHmq0vrP3g"; e_fb_requesthandler="AcLvnxKE2cN_re_Dn99gfKxtZ9HTrisPM2qkok3tr0vClhRIqxt89Qq9YdTv5SLmTaB_2B-Pmpk"; e_fb_hostheader="AcLrb6cBrKghQpjtFlK-_y_i-il3EcmyMa21EATFHx4KBvt6scB8bjiVy3z1GkbBXZVaYY97yVzYZADO"; e_fb_builduser="AcKgbJEYifOrMCMrRotSmL9z00NsJ5CidIALylaFWxjYuTTtGgs8tsbKeQcobtZP7nQ"; e_fb_vipport="AcITpcoyeZxlV0MQgoAz7nqHTpnWhO-SEgJLXDCUa5KFYNm8LbSdDOYAMdc4"; e_clientaddr="AcIbfIQJzbwWSYuAZ1AQI0zCozFiJx__dLyApnYJrpHLs8okRynyHotPWSSVURqdcao1Ey_rjQlAJsOYAm5c1rXlrk8ZUZ4mIFkwyKz1q_hVgXTjFg"; e_fb_vipaddr="AcKNuQD5Yrxl1UBngr3gGp3_il-bY4ocf750TASSX8BWeDyvz-WYb_TMVtT7exGl2bgb1tAzbNXSorbNK1rEMYoXimjW-ewHCw"; e_fb_configversion="AcLhW0gj_vkxDJ5Xo31e6p-GX7zghAHSOVfSpNLozr4EBk-sgS4P9GwkRwRGHA", http_request_error; e_proxy="AcLopriyfqHkNvg8BqIWVFIEEFJKvYHPrCvA_TAkikDzpd1gHS8qQJx-R6FkyRKY3ba8M0jI2trSydH4"; e_fb_binaryversion="AcLLzfAPzXF7XOlMY_kQO17evu32K3QW5ugfUalGC6-z7xqrpYgBW5jUr91IOqfk6faeukdUt_MKVNR5HixhLp6W1cZLSokOOsc"; e_fb_httpversion="AcJi2oLzgp5BubPczcxj0GnhGInRbMkhhAYpfgIswjKra-1v1D6M-pdObnM3"; e_fb_responsebytes="AcKLnqg0y5Wy0lPtzE6u8gRB1PDesR87dt1eLTtr7ZV3D7FI_PfZUIO24fuv"; e_fb_requesttime="AcIbP6gKdAXCgV8p-uMi26kQzI9QFpc0N1vlvwGEEFeJtYt_y6P1p5JiygG7Iqs4mEwx3rPFwQ"; e_fb_requesthandler="AcJS9TX3nJq9ti1fSMoajpjqD9IjUSLwD8QQsxqUq_mPf14NW3_9Vl7cIIppsrQLiiG1XGf950w"; e_fb_hostheader="AcK7_l9nkEr2AdZw8QroE944eOTN-8iEn2of0sBgk6Px6znpZsy7IzTwwvxyKzLzj79JesjRLr9UsgbH"; e_fb_requestsequencenumber="AcL5pbN8uE3qCt7nkSyobyiFMigXtBuukNDl7C4rOGkpDS9pl4Co9mPLUw"; e_upip="AcK032mVq3PT0NTZ6StMHyCevCj-54Ven8Bqv4mgUZkaCgKi42Kv0G6O0aW1ouuWt3Tpjq_8Bk1iFOR9a7XPrlIEggpvqv_WcA"; e_fb_builduser="AcJT-lAoQSduTNv5OyPpBEor70lItFLr_2627PPYURdStIM8PhqjuFFUXetfJpdY-RU"; e_fb_vipport="AcIL4Za_JTsgURaFWt2XJ1ySNKC8l2ZVRqRB8mnhunCE_PYyXQm35VnCf4HV"; e_clientaddr="AcJWjVZW04EUZKGRXtHwdpJBj6r7QsDyiAaRFpQr3Ue7MCfLaB7l9sP_SLrIxZjcqAF1v4ZfbOtQYsfSXrTnqOPvOWwniJjcz7Jz3KjAdBLp7WUZ3JJ6"; e_fb_vipaddr="AcKu8YQv5ekFdosU9HhdShLV1LhqHEfN8h0gtPDhrWXj-3d_E7YTEqhenWdpSn7NWoaFk7h68-I8u7Khlt_mzSMzvTCiwD5r"; e_fb_configversion="AcJcUjzX82_fIyZNl3ggd3DegYVk3f5m0QaiRfDkq6tB46lFSRZQyQnyV6Yjuw"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=4, rtx=0, c=23, mss=1232, tbw=4444, tp=9, tpl=0, uplat=12, ullat=0
pragma
no-cache
x-fb-debug
e1LTvPCT+oiWEjBTUlxsBm/t1Ep00qL3+TP9b9xliA6CVUo5jMO7GvQbUl6REA49AJkSHD0tAXFWy2cow0Pcyw==
x-fb-trace-id
C+VVfMsxTA7
vary
Origin
content-type
application/json
access-control-allow-origin
*
x-fb-request-id
ARAnW14eK6ooGNyGNuwyCys
cache-control
no-store
facebook-api-version
v14.0
priority
u=1,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
share
www.linkedin.com/countserv/count/
0
0

count.json
widgets.pinterest.com/v1/urls/
168 B
426 B
Script
General
Full URL
https://widgets.pinterest.com/v1/urls/count.json?source=6&url=https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/&callback=jQuery36006137620197904967_1726552887566&_=1726552887567
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
576d0eb7380bdda4fd5a2b2e2b11faf4754f68aed5620af6fc1f43e63850bd6c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
x-pinterest-rid-128bit
1457228a1b85592b7b4dc916cd67518f
age
1
vary
accept-encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
must-revalidate, max-age=887
x-envoy-upstream-service-time
1
accept-ranges
none
x-pinterest-rid
8884978739644420
expires
Tue, 17 Sep 2024 06:16:26 GMT
count.js
macsecurityblog.disqus.com/
1 KB
2 KB
Script
General
Full URL
https://macsecurityblog.disqus.com/count.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.22
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=300; includeSubdomains
X-Amz-Cf-Pop
SFO53-P1
Age
297
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 12 Sep 2024 22:00:42 GMT
Server
nginx
ETag
"66e3648a-367"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id
cWLDBMdeexwwP4APPZBbjSirWQ8jbQmHI9rKbws6W1KQwD9VikbCUA==
embed.js
macsecurityblog.disqus.com/
80 KB
26 KB
Script
General
Full URL
https://macsecurityblog.disqus.com/embed.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.22
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
9fb0e90acdc30d671831403cf82c00e959fa92575d5c3aa7dd6bf3ac2c1518e7
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
Strict-Transport-Security
max-age=300; includeSubdomains
server
openresty
Age
1
Vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
x-service
router
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
26330
widgets.js
platform.twitter.com/
91 KB
28 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyd/D15F) /
Resource Hash
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:27 GMT
Content-Encoding
gzip
Age
1434
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27597
Last-Modified
Mon, 11 Dec 2023 17:20:28 GMT
Server
ECS (nyd/D15F)
Etag
"824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
g.gif
pixel.wp.com/
50 B
177 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.2.1&blog=72832157&post=101625&tz=-7&srv=www.intego.com&host=www.intego.com&ref=&fcp=361&rand=0.5442842862687856
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 17 Sep 2024 06:01:27 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
content-length
50
content-type
image/gif
/
graph.facebook.com/
244 B
357 B
Script
General
Full URL
https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.2.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:1:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5dbb141f9f2f8af004e6215d82091b371dc829a86f8fe3930ae5c7e942e91fe1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
date
Tue, 17 Sep 2024 06:01:27 GMT
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1016547595
alt-svc
h3=":443"; ma=86400
content-length
244
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=4, rtx=0, c=23, mss=1232, tbw=4474, tp=10, tpl=0, uplat=31, ullat=0
pragma
no-cache
x-fb-debug
8fT8cjP0I0pKwr30DxiRA/jhqz4v/yqOesKdir415VW2eA5cGOzjnwJocs3lYM0kGkdMl1pwHPBfuuKAu1DkDg==
x-fb-trace-id
Hmfpw2jFFlJ
vary
Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AADzw7RtxNeaZHjG6pwim8n
cache-control
no-store
facebook-api-version
v14.0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
pici.png
www.intego.com/mac-security-blog/wp-content/uploads/2021/05/
35 KB
35 KB
Image
General
Full URL
https://www.intego.com/mac-security-blog/wp-content/uploads/2021/05/pici.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0590a5e32234930923f899ff7d662b436300c40ff463dba142b7984ad16c987f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
429
cf-polished
origFmt=png, origSize=58478
content-disposition
inline; filename="pici.webp"
alt-svc
h3=":443"; ma=86400
content-length
35876
cf-bgj
imgq:85,h2pri
last-modified
Mon, 24 May 2021 09:25:34 GMT
server
cloudflare
etag
"e46e-5c30ffddbf057"
vary
Accept
content-type
image/webp
cache-control
max-age=1209600
accept-ranges
bytes
cf-ray
8c46e1bbc91b42ee-EWR
expires
Tue, 01 Oct 2024 05:25:58 GMT
g.gif
pixel.wp.com/
50 B
177 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.1833323840617671
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 17 Sep 2024 06:01:27 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
content-length
50
content-type
image/gif
rum
www.intego.com/cdn-cgi/
0
140 B
XHR
General
Full URL
https://www.intego.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:16a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://www.intego.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
8c46e1bbd92442ee-EWR
recommendations.js
macsecurityblog.disqus.com/
64 KB
22 KB
Script
General
Full URL
https://macsecurityblog.disqus.com/recommendations.js
Requested by
Host: macsecurityblog.disqus.com
URL: https://macsecurityblog.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
5b55b331422f0b68aa5649c11069b824f87aca2709cb5a3c32be6963832fe855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
Strict-Transport-Security
max-age=300; includeSubdomains
server
openresty
Age
1
Vary
Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
content-type
application/javascript; charset=utf-8
cache-control
stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
x-service
router
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
21419
widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 2C70
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.intego.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyd/D140) /
Resource Hash

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
15202195
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105429
Content-Type
text/html; charset=utf-8
Date
Tue, 17 Sep 2024 06:01:27 GMT
Etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified
Mon, 11 Dec 2023 17:19:49 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (nyd/D140)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
destination
www.googletagmanager.com/gtag/
243 KB
86 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-1060047950&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-9WJ8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d1bfdad3f419c4d41ab765fe350d28f7dd920796388f7db5c64efb344111ba3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87969
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 17 Sep 2024 06:01:27 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-9WJ8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 17 Sep 2024 04:51:57 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4170
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 17 Sep 2024 06:51:57 GMT
bat.js
bat.bing.com/
49 KB
14 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Tue, 17 Sep 2024 06:01:27 GMT
last-modified
Fri, 06 Sep 2024 21:17:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 887EAE9E12EC490C94052B03C4281EDA Ref B: EWR30EDGE1007 Ref C: 2024-09-17T06:01:27Z
etag
"016326a20db1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14305
fbevents.js
connect.facebook.net/en_US/
225 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 17 Sep 2024 06:01:27 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58953
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=2, rtx=0, c=23, mss=1232, tbw=4548, tp=11, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
yx/mBVChnBTfS3uiB6mvDoMLsH1ekV7axf6uGBPCfLXh/M6eLFlicKaTWpg8ajXX71T2i17VGVeu43G58Qbv6A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
aquant.js
secure.quantserve.com/
23 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/aquant.js?a=p-NVNd7-g373ynZ
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:c1e8:5385:5098:6bf0 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
76c46df9a6ba94318fafe8023e3f52e28b1b9a1eaf16dcd4d7ce95ab6942859b

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
gzip
etag
"tIg8n6xaLBY4WwNLLw9OGA=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Tue, 24 Sep 2024 06:01:27 GMT
conversion.js
s.yimg.jp/images/listing/tool/cv/
6 KB
2 KB
Script
General
Full URL
https://s.yimg.jp/images/listing/tool/cv/conversion.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-9WJ8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.22.24.252 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
nghttpx /
Resource Hash
9e3a9103c80346b1b39bea3de46f44a462b3f594fa45e7206252bc41d7e3e855

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

ats-carp-promotion
1
date
Tue, 17 Sep 2024 05:51:43 GMT
content-encoding
gzip
last-modified
Tue, 25 Jan 2022 16:25:04 GMT
server
nghttpx
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
age
585
vary
Accept-Encoding
content-type
application/javascript
x-ntap-sg-trace-id
9abebcad99cf7e1e
cache-control
public, max-age=600
permissions-policy
ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
content-length
2140
js
www.googletagmanager.com/gtag/
242 KB
86 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1060047950
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-9WJ8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a9a9619e48113a9d2b0199b4ff63dfc14d4cf3631aa4c26336b6fedd2c826199
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
87967
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 17 Sep 2024 06:01:27 GMT
/
disqus.com/embed/comments/ Frame 5505
0
0
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=macsecurityblog&t_i=101625%20https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2F%3Fp%3D101625&t_u=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&t_e=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_d=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_t=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&s_o=default
Requested by
Host: macsecurityblog.disqus.com
URL: https://macsecurityblog.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.134 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Age
3
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2971
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Resource-Policy
cross-origin
Date
Tue, 17 Sep 2024 06:01:27 GMT
ETag
W/"lounge:view:10310437447.5b26dd663183accb3ee3a883a3254b53.2"
Last-Modified
Thu, 05 Sep 2024 17:14:48 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy
no-referrer-when-downgrade
Server
nginx
Strict-Transport-Security
max-age=300; includeSubdomains
Timing-Allow-Origin
*
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
rules-p-NVNd7-g373ynZ.js
rules.quantcount.com/
1 KB
1 KB
Script
General
Full URL
https://rules.quantcount.com/rules-p-NVNd7-g373ynZ.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/aquant.js?a=p-NVNd7-g373ynZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:8c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dfc988a3bfd2d7c74069ed4414fb522a7f9b6536767f897ab15773772f517d17

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 05:54:18 GMT
content-encoding
gzip
via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
age
2696
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Thu, 13 Oct 2022 16:28:24 GMT
server
AmazonS3
etag
W/"4395cced20ab623d7e83cebf7caf109d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-id
F0FnHE3rfOfx_PxlLlIW3uByheaaqRlGmuZU63uQx4ZfUcaGlalHCA==
4033358.js
bat.bing.com/p/action/
370 B
424 B
Script
General
Full URL
https://bat.bing.com/p/action/4033358.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7f47f02c93d5de5de03db0ebffa39fe1060767437b086996e295c9818a05b2f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Tue, 17 Sep 2024 06:01:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AF3C83C3E71A4108B297A79F2758B6F2 Ref B: EWR30EDGE1007 Ref C: 2024-09-17T06:01:27Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
collect
www.google-analytics.com/j/
15 B
220 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=845330884&t=pageview&_s=1&dl=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&ul=en-us&de=UTF-8&dt=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiAABDAAAAC~&jid=1348940411&gjid=1369163317&cid=213951222.1726552888&tid=UA-1724183-7&_gid=1555966518.1726552888&_slc=1&gtm=45He4990n519WJ8v564007za200&cg3=&cd3=!!!!&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&z=1670139820
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
4ba8349bee5aa103d984f9ca66a1c4e268c7fba177b94909e3b5ba91895ead83
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.intego.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
345 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1724183-7&cid=213951222.1726552888&jid=1348940411&gjid=1369163317&_gid=1555966518.1726552888&_u=YGBAiAABDAAAAG~&z=241844767
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 17 Sep 2024 06:01:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.intego.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1060047950/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1060047950/?random=1726552887941&cv=11&fst=1726552887941&bg=ffffff&guid=ON&async=1&gtm=45be4990z8564007za201zb564007&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&label=6cqzCOKomwIQzpi8-QM&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1060047950&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
df5296954b4c5155eed65d71beeb433ad14963f0bffad951414a6eb4f3ccfc10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2423
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1060047950
td.doubleclick.net/td/rul/ Frame 632C
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/1060047950?random=1726552887941&cv=11&fst=1726552887941&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4990z8564007za201zb564007&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&label=6cqzCOKomwIQzpi8-QM&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1060047950&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 17 Sep 2024 06:01:28 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
731235797425639
connect.facebook.net/signals/config/
72 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/731235797425639?v=2.9.167&r=stable&domain=www.intego.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
45e46c34b4cea638b7563a944c2b94d90325bb0d6bced15a351c381bb0bef72e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 17 Sep 2024 06:01:28 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14730
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=4, rtx=0, c=74, mss=1232, tbw=67188, tp=64, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
9kLXfVrgkFZAdLDIZuF3eiDPAzbmhXgG5xI2otu80rEI6DuHgMfzXEe0FBp2aPjS4BOv7HTQcqasDS0YYkCIaw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/
296 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QWFMBN7P7H&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
544ba3c2398f4b395185620535b868f3b1b0be7775f748262349ecb8c1c93d3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 17 Sep 2024 06:01:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99664
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 17 Sep 2024 06:01:28 GMT
/
disqus.com/recommendations/ Frame 2932
0
0
Document
General
Full URL
https://disqus.com/recommendations/?base=default&f=macsecurityblog&t_i=101625%20https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2F%3Fp%3D101625&t_u=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&t_e=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_d=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs&t_t=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs
Requested by
Host: macsecurityblog.disqus.com
URL: https://macsecurityblog.disqus.com/recommendations.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.134 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Age
1
Cache-Control
stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2381
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Resource-Policy
cross-origin
Date
Tue, 17 Sep 2024 06:01:28 GMT
Last-Modified
Thu, 03 Nov 2022 16:35:53 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Server
nginx
Strict-Transport-Security
max-age=300; includeSubdomains
Timing-Allow-Origin
*
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
0
bat.bing.com/action/
0
361 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=4033358&Ver=2&mid=2157c081-5b90-48ba-80a0-5164759afffa&sid=4745b8e074ba11ef882b4905c3474a54&vid=4746114074ba11efb45dcbea6e56d469&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&p=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&r=&lt=365&evt=pageLoad&sv=1&cdb=AQAQ&rn=63770
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 17 Sep 2024 06:01:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0504799C8B794321BA8B1B92BAAECCC8 Ref B: EWR30EDGE1007 Ref C: 2024-09-17T06:01:28Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F;uht=2;f...
pixel-ssn.quantserve.com/
Redirect Chain
  • https://pixel.quantserve.com/pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backd...
  • https://pixel-ssn.quantserve.com/pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-b...
35 B
356 B
Image
General
Full URL
https://pixel-ssn.quantserve.com/pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F;uht=2;fpan=1;fpa=P0-1364713464-1726552887884;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=intego.com;dst=0;et=1726552888031;tzo=600;ogl=locale.en_US%2Ctype.article%2Ctitle.New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Secur%2Cdescription.HZ%20RAT%20is%20brand-new%20macOS%20malware%20that%20gives%20remote%20attackers%20complete%20control%20o%2Curl.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attacker%2Csite_name.The%20Mac%20Security%20Blog%2Cimage.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fwp-content%2Fuploads%2F2024%2F09%2Fevil-rat-mac%2Cimage%3Awidth.400%2Cimage%3Aheight.260;ses=9263adb0-d23d-4c2d-8b9a-7cfb82c0d1d8;mdl=;dip=2444ed11-23d6-43ba-bc05-81dbd4904c6e
Protocol
H2
Server
192.184.68.228 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
attribution-reporting-register-trigger
{"event_trigger_data":[{"filters":[{"label":["XIs9cXuHhiR3L4rY6hRZdQ=="],"pcode":["p-NVNd7-g373ynZ"]}],"trigger_data":"1"}]}
strict-transport-security
max-age=86400
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
attribution-reporting-register-trigger
{"event_trigger_data":[{"filters":[{"label":["XIs9cXuHhiR3L4rY6hRZdQ=="],"pcode":["p-NVNd7-g373ynZ"]}],"trigger_data":"1"}]}
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://pixel-ssn.quantserve.com/pixel;r=1165265974;labels=_fp.event.Default;rf=0;a=p-NVNd7-g373ynZ;url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F;uht=2;fpan=1;fpa=P0-1364713464-1726552887884;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=intego.com;dst=0;et=1726552888031;tzo=600;ogl=locale.en_US%2Ctype.article%2Ctitle.New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Secur%2Cdescription.HZ%20RAT%20is%20brand-new%20macOS%20malware%20that%20gives%20remote%20attackers%20complete%20control%20o%2Curl.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attacker%2Csite_name.The%20Mac%20Security%20Blog%2Cimage.https%3A%2F%2Fwww%252Eintego%252Ecom%2Fmac-security-blog%2Fwp-content%2Fuploads%2F2024%2F09%2Fevil-rat-mac%2Cimage%3Awidth.400%2Cimage%3Aheight.260;ses=9263adb0-d23d-4c2d-8b9a-7cfb82c0d1d8;mdl=;dip=2444ed11-23d6-43ba-bc05-81dbd4904c6e
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
/
www.google.com/pagead/1p-user-list/1060047950/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1060047950/?random=1726552887941&cv=11&fst=1726552800000&bg=ffffff&guid=ON&async=1&gtm=45be4990z8564007za201zb564007&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&label=6cqzCOKomwIQzpi8-QM&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfN0y_hHb6Tyw_9aRL8fKT8kCF-ZCwZA&random=3397099226&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/
0
273 B
Image
General
Full URL
https://www.facebook.com/tr/?id=731235797425639&ev=ViewContent&dl=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&rl=&if=false&ts=1726552888059&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=4126&fbp=fb.1.1726552888054.503174912807784409&cs_est=true&est_source=757774251754991&ler=empty&cdl=API_unavailable&it=1726552887998&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=1, rtx=0, c=10, mss=1328, tbw=2845, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 17 Sep 2024 06:01:28 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
848 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=731235797425639&ev=ViewContent&dl=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&rl=&if=false&ts=1726552888059&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=4126&fbp=fb.1.1726552888054.503174912807784409&cs_est=true&est_source=757774251754991&ler=empty&cdl=API_unavailable&it=1726552887998&coo=false&es=automatic&tm=3&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Tue, 17 Sep 2024 06:01:28 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7415488189386705166", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1328, tbw=6858, tp=-1, tpl=-1, uplat=49, ullat=0
pragma
no-cache
x-fb-debug
IlEl2JggXRH1cFThQNY0yZfaynSY33yyd29iYbzGG1BuXr/7gKVfFETAUjHgN3nXEe3K4i0PhIJX2sRj/N+M0w==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7415488189386705166"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
102 B
Image
General
Full URL
https://www.facebook.com/tr/?id=731235797425639&ev=PageView&dl=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&rl=&if=false&ts=1726552888061&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726552888054.503174912807784409&cs_est=true&ler=empty&cdl=API_unavailable&it=1726552887998&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=1, rtx=0, c=10, mss=1328, tbw=3131, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 17 Sep 2024 06:01:28 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=731235797425639&ev=PageView&dl=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&rl=&if=false&ts=1726552888061&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1726552888054.503174912807784409&cs_est=true&ler=empty&cdl=API_unavailable&it=1726552887998&coo=false&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x09080ad7e78acc20","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:3656702261062735","7830:3656702261062735","10853:3656702261062735","41:3656702261062735","8046:3656702261062735"]},"debug_reporting":true,"debug_key":"4078133039522142119"}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Tue, 17 Sep 2024 06:01:28 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7415488188910727405", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1328, tbw=3286, tp=-1, tpl=-1, uplat=36, ullat=0
pragma
no-cache
x-fb-debug
BsnyaPz48BQtAwSUtpnqhA4cWkVNxzdldTQr/xHxiF2Ij5g3GftJ8Jp47pBOxNzNpXUXhmoFiMfgCDGB+AyPQw==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7415488188910727405"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-QWFMBN7P7H&gtm=45je4990v9117895345za200&_p=1726552887610&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-us&sr=1600x1200&cid=213951222.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&dt=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&sid=1726552888&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_3=!!!!&tfd=982
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QWFMBN7P7H&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.intego.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
56 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QWFMBN7P7H&cid=213951222.1726552888&gtm=45je4990v9117895345za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QWFMBN7P7H&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.intego.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rul
td.doubleclick.net/td/ga/ Frame 7A43
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-QWFMBN7P7H&gacid=213951222.1726552888&gtm=45je4990v9117895345za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=938076111
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QWFMBN7P7H&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 17 Sep 2024 06:01:28 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
conversion_async.js
b91.yahoo.co.jp/pagead/
54 KB
21 KB
Script
General
Full URL
https://b91.yahoo.co.jp/pagead/conversion_async.js
Requested by
Host: s.yimg.jp
URL: https://s.yimg.jp/images/listing/tool/cv/conversion.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
182.22.30.220 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
cafe /
Resource Hash
11881632fa4eac74afa58935826c302aa25724e2a5bce413e81be1315492bb44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:28 GMT
Content-Encoding
br
X-Content-Type-Options
nosniff
Age
0
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Connection
close
X-XSS-Protection
0
Server
cafe
Accept-CH
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
ETag
16790842644195367019
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=UTF-8
Cache-Control
private, max-age=3600
Permissions-Policy
unload=(), ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
Timing-Allow-Origin
*
Expires
Tue, 17 Sep 2024 06:01:28 GMT
conversion.js
s.yimg.jp/images/listing/tool/cv/
6 KB
0
Script
General
Full URL
https://s.yimg.jp/images/listing/tool/cv/conversion.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-9WJ8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.22.24.252 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
nghttpx /
Resource Hash
9e3a9103c80346b1b39bea3de46f44a462b3f594fa45e7206252bc41d7e3e855

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

ats-carp-promotion
1
date
Tue, 17 Sep 2024 05:51:43 GMT
content-encoding
gzip
last-modified
Tue, 25 Jan 2022 16:25:04 GMT
server
nghttpx
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
age
585
vary
Accept-Encoding
content-type
application/javascript
x-ntap-sg-trace-id
9abebcad99cf7e1e
cache-control
public, max-age=600
permissions-policy
ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
content-length
2140
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1060047950/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1060047950/?random=1726552888419&cv=11&fst=1726552888419&bg=ffffff&guid=ON&async=1&gtm=45be4990za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1060047950
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
314b6f21456e57e7c746198924fa8d846dadd5b00224559c3ec3d04d30f63bf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2396
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1060047950
td.doubleclick.net/td/rul/ Frame 60B3
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/1060047950?random=1726552888419&cv=11&fst=1726552888419&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4990za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1060047950
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 17 Sep 2024 06:01:28 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
stat.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/stat.gif?event=failed_recommendations.server.undefined
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:28 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
content-type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
x-xss-protection
1; mode=block
ytc.js
s.yimg.com/wi/
19 KB
7 KB
Script
General
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.intego.com
URL: https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
aebe8df81ee2ba5bc51e3abc322910ee5122a0ac06edfbcf7a04e1659d17dc9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

ats-carp-promotion
1, 1
date
Tue, 17 Sep 2024 05:44:29 GMT
x-amz-version-id
JRuD6BVFDpXh1T7iUrCVWNpcX_ACBwVG
content-encoding
gzip
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-amz-request-id
ZR4EB50FJNV97HXH
age
1020
x-amz-server-side-encryption
AES256
content-length
6826
x-amz-id-2
9m1bN6BkM3km9Pm1BQLhxEBl20YQi+r7qv0i1HJ7RwzRkbH0tk1ZjU5KN3iLRRJ48Hj90T20bgH3WP03pIi7acsrMnWxbFb4
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Fri, 03 Oct 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Wed, 28 Aug 2024 12:33:10 GMT
server
ATS
etag
"bc033c3a83e1880e480086bf11ac0b0a-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=3600
accept-ranges
bytes
/
www.google.com/pagead/1p-user-list/1060047950/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1060047950/?random=1726552888419&cv=11&fst=1726552800000&bg=ffffff&guid=ON&async=1&gtm=45be4990za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&hn=www.googleadservices.com&frm=0&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&npa=0&pscdl=noapi&auid=1384021669.1726552888&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfzmoimFI1YXwNKqCLZGGiveyKv0y7vVZ7kZ5o1n7cltT1kcx7&random=2940741364&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
10013026.json
s.yimg.com/wi/config/
2 B
468 B
XHR
General
Full URL
https://s.yimg.com/wi/config/10013026.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

ats-carp-promotion
1, 1
date
Tue, 17 Sep 2024 05:28:06 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-amz-request-id
4TVTQPJ63KX7SAS5
age
2002
content-length
2
x-amz-id-2
f+UxhIVEqkOEWdJJJbWAMM9uVe4VTvFmVbnPivl81DhFL27y5X3O6yD5Xa0Jpq6g/PgdB12JWe8=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
public,max-age=3600
sp.pl
sp.analytics.yahoo.com/
43 B
676 B
Image
General
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Tue%2C%2017%20Sep%202024%2006%3A01%3A28%20GMT&n=10&b=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&.yp=10013026&f=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&enc=UTF-8&yv=1.16.5&tagmgr=gtm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.201.168.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-168-86.compute-1.amazonaws.com
Software
ATS/9.1.10.134 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Sep 2024 06:01:28 GMT
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.134)
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS/9.1.10.134
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, no-store, private, must-revalidate
accept-ranges
bytes
content-length
43
expires
Tue, 17 Sep 2024 06:01:28 GMT
/
b91.yahoo.co.jp/pagead/conversion/1000324116/
42 B
669 B
Image
General
Full URL
https://b91.yahoo.co.jp/pagead/conversion/1000324116/?random=1726552889199&cv=9&fst=1726552889199&num=1&fmt=3&value=1&label=yGd0CMDksGoQi-v4oAM&guid=ON&disvt=true&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=1&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
182.22.30.220 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:29 GMT
X-Content-Type-Options
nosniff
Age
0
Cross-Origin-Resource-Policy
cross-origin
Connection
close
Content-Length
42
X-XSS-Protection
0
Pragma
no-cache
Server
cafe
Accept-CH
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate
Permissions-Policy
unload=(), ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
Timing-Allow-Origin
*
Expires
Fri, 01 Jan 1990 00:00:00 GMT
/
b91.yahoo.co.jp/pagead/conversion/1000324116/
42 B
669 B
Image
General
Full URL
https://b91.yahoo.co.jp/pagead/conversion/1000324116/?random=1726552889211&cv=9&fst=1726552889211&num=1&fmt=3&value=0&label=2ZHECN3Sq2oQi-v4oAM&guid=ON&disvt=true&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=1&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.intego.com%2Fmac-security-blog%2Fnew-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs%2F&tiba=New%20macOS%20malware%20HZ%20RAT%20gives%20attackers%20backdoor%20access%20to%20Macs%20-%20The%20Mac%20Security%20Blog&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
182.22.30.220 , Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 17 Sep 2024 06:01:29 GMT
X-Content-Type-Options
nosniff
Age
0
Cross-Origin-Resource-Policy
cross-origin
Connection
close
Content-Length
42
X-XSS-Protection
0
Pragma
no-cache
Server
cafe
Accept-CH
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate
Permissions-Policy
unload=(), ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform-version=*, ch-ua-arch=*
Timing-Allow-Origin
*
Expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.linkedin.com
URL
https://www.linkedin.com/countserv/count/share?url=https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/&callback=jQuery36006137620197904967_1726552887564&_=1726552887565

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| __cfQR object| __cfBeacon object| _wpemojiSettings function| jQuery object| html5 object| twemoji object| wp object| Modernizr function| setCookie function| getCookie function| integoFormButtonSwap function| sideMenuDisplay object| dataLayer function| toggleProductMainNav string| title function| customWidget function| injectCustomWidget string| colomatduration string| colomatslideEffect object| WPCOM_sharing_counts object| addComment object| countVars string| disqus_shortname object| embedVars string| disqus_url string| disqus_identifier string| disqus_container_id string| disqus_title function| disqus_config function| collapse_init function| swapTitle function| toggleState function| closeOtherGroups function| closeOtherRelMembers function| closeOtherTogMembers function| closeOtherMembers function| colomat_expandall function| colomat_collapseall object| sharing_js_options object| WPCOMSharing object| _stq function| AI_responsive_widget object| addthis_config function| shareEventHandler boolean| __cfRLUnblockHandlers function| st_go function| linktracker_init object| wpcom string| com_binding object| DISQUSWIDGETS object| DISQUS function| disqus_recommendations_config object| __twttrll object| twttr object| __twttr object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| gtmTracker object| uetq function| fbq function| _fbq object| ezt function| getParameterByName object| wrapper function| enableIntent function| init object| DISQUS_RECOMMENDATIONS function| quantserve function| __qc object| _qevents function| UET function| UET_init function| UET_push object| ueto_e6bd71ba1a object| gaplugins object| gaGlobal object| gaData object| GooglebQhCsO function| gtag object| dotq object| YAHOO function| GooglemKTybQhCsO function| google_trackConversion

22 Cookies

Domain/Path Name / Value
.intego.com/ Name: __cf_bm
Value: 1aDrL9NaYZ2IDmtgDoOkZyjCZKnBE_oBkTiV52Jv9nI-1726552887-1.0.1.1-q7qscJh3w8drLnMM16_xd.Y9G4rZmM2SSWHFZOhvyfzzG4ROMhYmUaedmsLRirT5_28DOt3EVtymVSKsD_WJGw
.linkedin.com/ Name: bcookie
Value: "v=2&7ecb0af2-1420-4d73-84f0-86d73a6d47c4"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20240917060127802b15e5-60e1-46a9-8a29-36cf10636548AQGCb2KhnvHLgtjj6GvTL4MlxOxdw5-w"
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3373:u=1:x=1:i=1726552887:t=1726639287:v=2:sig=AQG4QBkwS3dyL7W5k7-keva8nyo0uYKK"
.intego.com/ Name: _gcl_au
Value: 1.1.1384021669.1726552888
.intego.com/ Name: _ga
Value: GA1.2.213951222.1726552888
.intego.com/ Name: _gid
Value: GA1.2.1555966518.1726552888
.intego.com/ Name: _dc_gtm_UA-1724183-7
Value: 1
.intego.com/ Name: _uetsid
Value: 4745b8e074ba11ef882b4905c3474a54
.intego.com/ Name: _uetvid
Value: 4746114074ba11efb45dcbea6e56d469
.bing.com/ Name: MUID
Value: 228362A8CF9B64C9189C7655CEF965DD
.bat.bing.com/ Name: MR
Value: 0
.quantserve.com/ Name: mc
Value: 66e91b38-0a13c-88705-904a4
.intego.com/ Name: _fbp
Value: fb.1.1726552888054.503174912807784409
.intego.com/ Name: _ga_QWFMBN7P7H
Value: GS1.2.1726552888.1.0.1726552888.60.0.0
.intego.com/ Name: __qca
Value: P0-1364713464-1726552887884
.disqus.com/ Name: disqus_unique
Value: 61rh3saqir24o
.doubleclick.net/ Name: IDE
Value: AHWqTUkAV6hzEMPtS9J_kYIHGTWgwmvK2cwJjkuHLJ9hjM7M4HI_vo8sb3SYg-SJ
disqus.com/ Name: __jid
Value: 61rh3d4jtir8n
.yahoo.com/ Name: A3
Value: d=AQABBDgb6WYCEL5_nPJlL4JfBI3noJGhKU4FEgEBAQFs6mbyZtxC0iMA_eMAAA&S=AQAAAk5qKj85ViUNo18wg7zuG0M
.yahoo.co.jp/ Name: XA
Value: 9c72iehjei6po&sd=A&t=1726552888&u=1726552888&v=1
.yahoo.co.jp/ Name: XB
Value: 47c30638-74ba-11ef-bfb5-31d99d1161b3&v=6&u=1726552888&s=o0

1 Console Messages

Source Level URL
Text
network error URL: https://graph.facebook.com/?id=https://www.intego.com/mac-security-blog/new-macos-malware-hz-rat-gives-attackers-backdoor-access-to-macs/
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
b91.yahoo.co.jp
bat.bing.com
connect.facebook.net
disqus.com
embed.podcasts.apple.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
i0.wp.com
i2.wp.com
macsecurityblog.disqus.com
netdna.bootstrapcdn.com
pixel-ssn.quantserve.com
pixel.quantserve.com
pixel.wp.com
platform.twitter.com
referrer.disqus.com
rules.quantcount.com
s.yimg.com
s.yimg.jp
s7.addthis.com
secure.quantserve.com
sp.analytics.yahoo.com
static.cloudflareinsights.com
stats.g.doubleclick.net
stats.wp.com
td.doubleclick.net
widgets.pinterest.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.intego.com
www.linkedin.com
www.linkedin.com
151.101.128.134
151.101.128.84
182.22.24.252
182.22.30.220
192.0.76.3
192.0.77.2
192.184.68.228
199.232.192.134
2001:4998:14:800::1001
23.56.163.208
2600:141b:1c00:31::1739:5a4b
2600:9000:21dd:8c00:6:44e3:f8c0:93a1
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:4700::6810:4f49
2606:4700::6812:16a
2606:4700::6812:bcf
2607:f8b0:4004:c1f::9d
2607:f8b0:4006:80c::200e
2607:f8b0:4006:816::2004
2607:f8b0:4006:817::2003
2607:f8b0:4006:817::2008
2607:f8b0:4006:81f::2002
2607:f8b0:4006:821::2002
2607:f8b0:4006:823::200a
2607:f8b0:4006:824::200e
2620:116:800b:21:c1e8:5385:5098:6bf0
2620:1ec:33:1::10
2a03:2880:f012:1:face:b00c:0:1
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
52.201.168.86
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
0140ed5069f22e4aa8bb1a1fc615c39fc55d7d64e94be541615f1c5a30ae479b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04f5e859d2634d401e0b1e6f9a8d3abab7a5d10919e4a3aee96b7d5b90c25aec
0590a5e32234930923f899ff7d662b436300c40ff463dba142b7984ad16c987f
0e3faa302181b852e63034b619d928577e5e641d8502b630dd654cc6f0aa18ce
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
114773206c8b1ef17f1865f1fd0acb5ee36aa4f666718144698063fd295a0f65
11881632fa4eac74afa58935826c302aa25724e2a5bce413e81be1315492bb44
124d5d7d1a1e13e129ad8ffbba218f6fd857f706d9af89d05d2686a0627ce127
142bb04454d6124c28f12d43249615ae8903c9742ea86c024ef0602f4dd1446e
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
1711944c7b1540085ff5f7ee6cfa0e2fb504383825d4739ec799b4fd0dd69e7d
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
17aebab8504111847bb14d190557397752564704ba02e65f98c5fde9995fc834
25aa0b7b8ad904efa464dc2b11da0975d77ef2ba0eb747b06b72c738b95e581d
25b786ec50525130cddd67183bc696608e1fc88651fe5d1d953667e9f4643c4d
25ea6c91f8fbcbd412919dbb47da3e432622997eb37a3139fad5d21d59135962
266fc6c7a849c593382767fc93937cd9fecf56a5c7abac6b938153f001a2359a
29c6beffd42fb25d6fe9ba5dd7c5a0262c9fab9e113de7c624e62fd3ed8ed41e
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
314b6f21456e57e7c746198924fa8d846dadd5b00224559c3ec3d04d30f63bf9
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
364c1179390530ea06c6636e2f314aa1091d460c4c6e369c6689a0fe31672054
39511dff8f9d64434df213852f4f6a8964847c8e086da423e336b10ae422b678
3b302bf527209ab634a379dc27b9a22838e88001e24df759794f13f2810725e6
3fb4cab423b2441335fc682b79687d8eb806aceb384c937c9b28534580593fd4
42b34f0823b708cc37e194c980748a6cf9de5964e659c4c44d861dd02877fa50
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45e46c34b4cea638b7563a944c2b94d90325bb0d6bced15a351c381bb0bef72e
4ba8349bee5aa103d984f9ca66a1c4e268c7fba177b94909e3b5ba91895ead83
4d3c6be580921c6b730a51242bbcedd60998424bb68a659b82a94b8839e63b92
4e58b78b5844a988d67532b4683a6e8b3235b3d56d319727e65f460805bbdec4
50a82e0e3e97292e27f203cea4c71f3acaff073c1cfb1dc8cd63999efc9de72e
544ba3c2398f4b395185620535b868f3b1b0be7775f748262349ecb8c1c93d3a
575bc463f838342c9906374f5227a681b6c301e25b57f8053657349a2212a73c
576d0eb7380bdda4fd5a2b2e2b11faf4754f68aed5620af6fc1f43e63850bd6c
5b55b331422f0b68aa5649c11069b824f87aca2709cb5a3c32be6963832fe855
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dbb141f9f2f8af004e6215d82091b371dc829a86f8fe3930ae5c7e942e91fe1
5e7d52bf5f53348ca036d8381f04bb01c93b3110ccac87ca3cb75fd1ce0a92c6
60631ed8f1dfa6713ff9e30fec41786aadc477c0cac5a75dca66b5a49f76b901
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
62d2cc93ab8f52afb7379b9fabdc6f383f7700367cda04191ad1a8158c449c23
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7587369160233b751c90ccc2043b7fdfd7eb1f0d9aa610371b43f4b3419fa83f
76c46df9a6ba94318fafe8023e3f52e28b1b9a1eaf16dcd4d7ce95ab6942859b
7963f87cb07f8a42a168d9cdcf2ed0cd45583291c011849a322a29002d38957f
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7f47f02c93d5de5de03db0ebffa39fe1060767437b086996e295c9818a05b2f2
80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf
82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e
83212a7016848fb3c92281449aeb751aaaac914aa50a90f1b35998c8f2b19cdd
85c1eb2c2a173feceba14abe8344fe9c7cb12aa1353f083f28a62f1a366763b9
86a9de4e1dd6d002b1f6adb84200766b15f0fac31f6b5b49907b6f71af061c11
884a2330198f498e36d9e77bb5c7f4971b3d70c4411cf306a3afca8bb50bb94d
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8b0e8742416cb22d33029e1b4799431b847420b75c58f9eff600a2b15faa6e4a
8b439808ec37387387c0c169a5e292a4de009f02c1b0c5fffa82231d5ebbe8ca
8ecf7fe958f132008eb2eaeda1a079451a62372838a6c18d9e1353f64e48172a
903adc82f54bd61a22c1672000865fc19334735ba0ad395b361f67ccc2bdfd33
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
93b94b74b73c37bcb3e6d8cada57b5ce45d7bd3fe5e3b2b6194a702d1353e1a0
94562cfaffaf86145e9e271e11e2044a951dcf791bdf5769c3d58ba9acc44fdc
9e3a9103c80346b1b39bea3de46f44a462b3f594fa45e7206252bc41d7e3e855
9eeea020cc6ec6c8b66b20c48a9b69a5f14b8097bdb91c5420998eb842bcbae0
9f453faccde456fd8b4f8abdda945eaea20b7fdebbff4fdb3ae03e7f75622972
9fb0e90acdc30d671831403cf82c00e959fa92575d5c3aa7dd6bf3ac2c1518e7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2d30057d0a8007fb75fb8a6e4f82f59d3858d29ea176db9c73f665209e86123
a48e3091c3e26309f1329bb7ee2812cf158deb93cd80fe6439e53e8d57e58d3d
a4f9c1995de9f92f05f1a5cd0c4987e359e1aa41613bb6a33f9c82837b29e6d8
a5f5f25721168edeb2b63229c2ab58e5d7f987ee5e8aced298e7445111badf09
a88cc37aedd930d312c51b70e7c01933a1d15ce441de8501ce6637ee68a6fbfc
a9a9619e48113a9d2b0199b4ff63dfc14d4cf3631aa4c26336b6fedd2c826199
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aaffceab986a8d791cfef18d2d1e28fe2dcaf40a8bdfaf4fd393b1a91c6f072b
ad480458e8c9c476d4bed65c1df11a68284c9244342d977064bf4a0efd9e3ff5
aebe8df81ee2ba5bc51e3abc322910ee5122a0ac06edfbcf7a04e1659d17dc9c
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b859cc611126401cdc38d803ac7c5967ee5da1a626e00318700ea88df55da1b9
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c3362186a709ce7cffcc17f7cbd317bddb60bd6409cc7b3d8c9f364f03152f6f
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d077683ec63c7d44f473554e688628da6cfdf84c0f223b6be00f2476600433a5
d1bfdad3f419c4d41ab765fe350d28f7dd920796388f7db5c64efb344111ba3f
d2dcaca89ae344f9ba12d903385c7c7096fe869e8f12605e81d9b88078bef18f
d8acb590859de744b30290b81039414fcc1f0ceb539cf8d29f8f8a0438cc935c
dd71e7bfa741c12ffde65deffbc1108ee85dfd3dfd200fb99c684c877fb364c4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df5296954b4c5155eed65d71beeb433ad14963f0bffad951414a6eb4f3ccfc10
dfc988a3bfd2d7c74069ed4414fb522a7f9b6536767f897ab15773772f517d17
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1193951467f0698533ba8fd3e78c9cc9e8852b1f5e2ea2a54f05b46ddc8b275
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f538d5803d00836b5f946264abb64976a6416ab4cc16f8f83455a025a08ad014
f9b05fa232d19f1752ceaea7eec0110daa8d4401caa7d415fb4e08a3db60df3f
ffa8b5c0d78def1b71617c0ae00e01b295bc29e2e227ba0dc84469a9ba39259c