urlscan.io logo urlscan.io
SecurityTrails logo

www.zdnet.com Open in urlscan Pro
2.18.233.143  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://track.adlumin.com/clickout/b094fda0-3040-4a11-8acc-e1dc84ed7358
Effective URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e...
Submission: On March 14 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 58 IPs in 5 countries across 54 domains to perform 259 HTTP transactions. The main IP is 2.18.233.143, located in European Union and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.zdnet.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on November 26th 2018. Valid for: 7 months.
This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 45.79.174.133 63949 (LINODE-AP...)
1 9 2.18.233.143 16625 (AKAMAI-AS)
57 2.18.233.149 16625 (AKAMAI-AS)
7 184.30.221.232 20940 (AKAMAI-ASN1)
1 2.18.234.21 16625 (AKAMAI-AS)
8 104.111.214.229 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.35.253.127 16509 (AMAZON-02)
2 107.23.70.147 14618 (AMAZON-AES)
1 172.217.16.166 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.217.21.194 15169 (GOOGLE)
14 68.232.35.180 15133 (EDGECAST)
5 151.101.122.133 54113 (FASTLY)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.31.192.216 16509 (AMAZON-02)
5 2606:4700::68... 13335 (CLOUDFLAR...)
2 8 54.171.224.12 16509 (AMAZON-02)
3 104.109.87.166 20940 (AKAMAI-ASN1)
4 64.30.230.22 6623 (CBSI-1)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2600:9000:204... 16509 (AMAZON-02)
1 18.195.58.242 16509 (AMAZON-02)
1 34.235.206.33 14618 (AMAZON-AES)
1 1 104.111.241.32 16625 (AKAMAI-AS)
2 2 54.175.221.100 14618 (AMAZON-AES)
2 2 2.18.233.201 16625 (AKAMAI-AS)
2 2 34.250.96.102 16509 (AMAZON-02)
2 3 3.120.224.89 16509 (AMAZON-02)
1 6 34.250.76.236 16509 (AMAZON-02)
4 54.154.175.204 16509 (AMAZON-02)
2 54.77.130.155 16509 (AMAZON-02)
3 63.140.43.37 15224 (OMNITURE)
1 23.99.128.52 8075 (MICROSOFT...)
1 4 66.117.28.68 15224 (OMNITURE)
3 12 2.18.162.235 16625 (AKAMAI-AS)
1 2.18.232.206 16625 (AKAMAI-AS)
1 3 54.72.142.23 16509 (AMAZON-02)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6b:... 20940 (AKAMAI-ASN1)
2 2 66.117.28.86 15224 (OMNITURE)
1 1 216.58.208.34 15169 (GOOGLE)
1 1 172.217.18.162 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1288:110... 34010 (YAHOO-IRD)
2 151.101.120.134 54113 (FASTLY)
2 2a03:2880:f12... 32934 (FACEBOOK)
5 13.35.253.126 16509 (AMAZON-02)
1 3.122.36.177 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 63.140.43.34 15224 (OMNITURE)
17 151.101.2.2 54113 (FASTLY)
4 151.101.1.181 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 52.204.17.14 14618 (AMAZON-AES)
1 2.16.186.24 20940 (AKAMAI-ASN1)
1 2a00:1450:401... 15169 (GOOGLE)
18 2.18.235.40 16625 (AKAMAI-AS)
3 52.44.156.47 14618 (AMAZON-AES)
4 3.83.62.79 14618 (AMAZON-AES)
7 2.16.186.8 20940 (AKAMAI-ASN1)
259 58
1    45.79.174.133 (Newark, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1273-133.members.linode.com
track.adlumin.com
9    2.18.233.143 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-143.deploy.static.akamaitechnologies.com
www.zdnet.com
57    2.18.233.149 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-149.deploy.static.akamaitechnologies.com
zdnet4.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet1.cbsistatic.com
7    184.30.221.232 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-30-221-232.deploy.static.akamaitechnologies.com
c.evidon.com
1    2.18.234.21 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
8    104.111.214.229 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-214-229.deploy.static.akamaitechnologies.com
c.go-mpulse.net
5f651e72.akstat.io
1    2a00:1450:4001:809::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
1    13.35.253.127 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-127.fra6.r.cloudfront.net
native.sharethrough.com
2    107.23.70.147 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-107-23-70-147.compute-1.amazonaws.com
l.betrad.com
1    172.217.16.166 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f166.1e100.net
ad.doubleclick.net
1    2a00:1450:4001:808::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de
1    2a00:1450:4001:815::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com
1    172.217.21.194 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f2.1e100.net
securepubads.g.doubleclick.net
14    68.232.35.180 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
tags.tiqcdn.com
5    151.101.122.133 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
vidtech.cbsinteractive.com
1    2a02:26f0:6c00::210:ba1b (European Union)

ASN20940 (AKAMAI-ASN1, US)
iicbsi-a.akamaihd.net
5    2606:4700::6810:a30d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.viglink.com
1    52.31.192.216 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-31-192-216.eu-west-1.compute.amazonaws.com
match.adsrvr.org
5    2606:4700::6810:51a5 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.lightboxcdn.com
8    54.171.224.12 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
ml314.com
3    104.109.87.166 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-87-166.deploy.static.akamaitechnologies.com
www.everestjs.net
4    64.30.230.22 (Fort Lauderdale, United States)

ASN6623 (CBSI-1 - CBS Interactive Inc., US)
PTR: phx2-dw-cbsi-xw-ext-lb.cnet.com
dw.cbsi.com
3    2606:4700:20::6819:a222 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tru.am
beacon.tru.am
1    2600:9000:2047:600:15:efbc:e300:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
js.agkn.com
1    18.195.58.242 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-58-242.eu-central-1.compute.amazonaws.com
d.agkn.com
1    34.235.206.33 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-235-206-33.compute-1.amazonaws.com
in.ml314.com
1    104.111.241.32 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-241-32.deploy.static.akamaitechnologies.com
tags.bluekai.com
2    54.175.221.100 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-175-221-100.compute-1.amazonaws.com
idsync.rlcdn.com
2    2.18.233.201 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
2    34.250.96.102 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-250-96-102.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
3    3.120.224.89 (Fairfield, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-120-224-89.eu-central-1.compute.amazonaws.com
ps.eyeota.net
6    34.250.76.236 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
dpm.demdex.net
4    54.154.175.204 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-154-175-204.eu-west-1.compute.amazonaws.com
api.viglink.com
2    54.77.130.155 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-130-155.eu-west-1.compute.amazonaws.com
cbsi.demdex.net
3    63.140.43.37 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: cbsi.com.ssl.sc.omtrdc.net
saa.cbsi.com
1    23.99.128.52 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: waws-prod-dm1-001.cloudapp.net
lightboxapi2.azurewebsites.net
4    66.117.28.68 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
pixel.everesttech.net
12    2.18.162.235 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-162-235.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2.18.232.206 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-206.deploy.static.akamaitechnologies.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
3    54.72.142.23 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-142-23.eu-west-1.compute.amazonaws.com
secure-us.imrworldwide.com
2    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
2    2a00:1450:4001:821::2006 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
s0.2mdn.net
1    2a02:26f0:6b:280::e3d (European Union)

ASN20940 (AKAMAI-ASN1, US)
web-sdk.urbanairship.com
2    66.117.28.86 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net
1    216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f2.1e100.net
cm.g.doubleclick.net
1    172.217.18.162 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:824::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:824::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
1    2a00:1288:110:833::4000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
ad.yieldmanager.com
2    151.101.120.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
zdnet-1.disqus.com
2    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
5    13.35.253.126 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-126.fra6.r.cloudfront.net
cdn-gl.imrworldwide.com
1    3.122.36.177 (Fairfield, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-122-36-177.eu-central-1.compute.amazonaws.com
www.summerhamster.com
1    2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
imasdk.googleapis.com
3    63.140.43.34 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: cbsi.com.ssl.d2.sc.omtrdc.net
som.cbsi.com
17    151.101.2.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
cdn.taboola.com
trc.taboola.com
images.taboola.com
4    151.101.1.181 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
widget.perfectmarket.com
2    2a00:1450:4001:821::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:816::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
4    52.204.17.14 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-204-17-14.compute-1.amazonaws.com
inqlnfvog763mmf771rou737u.litix.io
1    2.16.186.24 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-24.deploy.static.akamaitechnologies.com
cbsadsales-a.akamaihd.net
1    2a00:1450:4019:802::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
csi.gstatic.com
18    2.18.235.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
3    52.44.156.47 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-44-156-47.compute-1.amazonaws.com
cbsinteractive.hb.omtrdc.net
4    3.83.62.79 (Fairfield, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-83-62-79.compute-1.amazonaws.com
cbsinteractive.hb.omtrdc.net
7    2.16.186.8 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-8.deploy.static.akamaitechnologies.com
techrepublicmedia.akamaized.net
Apex Domain
Subdomains		 Transfer
57 cbsistatic.com
zdnet4.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet1.cbsistatic.com
693 KB
18 moatads.com
z.moatads.com
px.moatads.com
94 KB
17 taboola.com
cdn.taboola.com
trc.taboola.com
images.taboola.com
250 KB
14 tiqcdn.com
tags.tiqcdn.com
89 KB
12 scorecardresearch.com
sb.scorecardresearch.com
8 KB
10 cbsi.com
dw.cbsi.com
saa.cbsi.com
som.cbsi.com
14 KB
9 ml314.com
ml314.com
in.ml314.com
16 KB
9 viglink.com
cdn.viglink.com
api.viglink.com
84 KB
9 zdnet.com
www.zdnet.com
225 KB
8 imrworldwide.com
secure-us.imrworldwide.com
cdn-gl.imrworldwide.com
59 KB
8 demdex.net
dpm.demdex.net
cbsi.demdex.net
7 KB
7 akamaized.net
techrepublicmedia.akamaized.net
8 MB
7 omtrdc.net
cbsinteractive.hb.omtrdc.net
2 KB
7 evidon.com
c.evidon.com
79 KB
6 everesttech.net
pixel.everesttech.net
cm.everesttech.net
3 KB
5 lightboxcdn.com
www.lightboxcdn.com
118 KB
5 cbsinteractive.com
vidtech.cbsinteractive.com
299 KB
4 litix.io
inqlnfvog763mmf771rou737u.litix.io
1 KB
4 perfectmarket.com
widget.perfectmarket.com
94 KB
4 akstat.io
5f651e72.akstat.io
1 KB
4 doubleclick.net
ad.doubleclick.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
59 KB
4 go-mpulse.net
c.go-mpulse.net
58 KB
3 eyeota.net
ps.eyeota.net
873 B
3 tru.am
tru.am
beacon.tru.am
14 KB
3 everestjs.net
www.everestjs.net
6 KB
2 google-analytics.com
www.google-analytics.com
17 KB
2 googlesyndication.com
pagead2.googlesyndication.com
116 B
2 facebook.com
www.facebook.com
245 B
2 disqus.com
zdnet-1.disqus.com
2 KB
2 2mdn.net
s0.2mdn.net
92 KB
2 facebook.net
connect.facebook.net
60 KB
2 crwdcntrl.net
sync.crwdcntrl.net
1 KB
2 mathtag.com
pixel.mathtag.com
1 KB
2 rlcdn.com
idsync.rlcdn.com
854 B
2 agkn.com
js.agkn.com
d.agkn.com
3 KB
2 akamaihd.net
iicbsi-a.akamaihd.net
cbsadsales-a.akamaihd.net
435 KB
2 google.com
adservice.google.com
www.google.com
691 B
2 google.de
adservice.google.de
www.google.de
599 B
2 betrad.com
l.betrad.com
240 B
1 gstatic.com
csi.gstatic.com
202 B
1 googleapis.com
imasdk.googleapis.com
1 summerhamster.com
www.summerhamster.com
181 B
1 yieldmanager.com
ad.yieldmanager.com
341 B
1 googleadservices.com
www.googleadservices.com
303 B
1 urbanairship.com
web-sdk.urbanairship.com
17 KB
1 qualtrics.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
13 KB
1 azurewebsites.net
lightboxapi2.azurewebsites.net
811 B
1 bluekai.com
tags.bluekai.com
341 B
1 adsrvr.org
match.adsrvr.org
525 B
1 sharethrough.com
native.sharethrough.com
108 KB
1 googletagservices.com
www.googletagservices.com
11 KB
1 indexww.com
js-sec.indexww.com
26 KB
1 adlumin.com
track.adlumin.com
1014 B
0 techrepublic.com Failed
creatives.techrepublic.com Failed
259 54
Domain Requested by
17 px.moatads.com
17 zdnet4.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
16 zdnet3.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
14 tags.tiqcdn.com zdnet2.cbsistatic.com
tags.tiqcdn.com
13 zdnet2.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
12 sb.scorecardresearch.com 3 redirects tags.tiqcdn.com
cdn.taboola.com
widget.perfectmarket.com
11 zdnet1.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
9 www.zdnet.com 1 redirects www.zdnet.com
zdnet3.cbsistatic.com
vidtech.cbsinteractive.com
8 images.taboola.com
8 ml314.com 2 redirects tags.tiqcdn.com
ml314.com
www.zdnet.com
7 techrepublicmedia.akamaized.net vidtech.cbsinteractive.com
7 cbsinteractive.hb.omtrdc.net vidtech.cbsinteractive.com
7 c.evidon.com www.zdnet.com
c.evidon.com
6 dpm.demdex.net 1 redirects www.zdnet.com
tags.tiqcdn.com
vidtech.cbsinteractive.com
5 trc.taboola.com cdn.taboola.com
5 cdn-gl.imrworldwide.com vidtech.cbsinteractive.com
cdn-gl.imrworldwide.com
5 www.lightboxcdn.com www.zdnet.com
www.lightboxcdn.com
5 cdn.viglink.com tags.tiqcdn.com
www.zdnet.com
5 vidtech.cbsinteractive.com zdnet2.cbsistatic.com
vidtech.cbsinteractive.com
4 inqlnfvog763mmf771rou737u.litix.io vidtech.cbsinteractive.com
4 widget.perfectmarket.com cdn.taboola.com
widget.perfectmarket.com
4 cdn.taboola.com zdnet2.cbsistatic.com
cdn.taboola.com
4 pixel.everesttech.net 1 redirects
4 api.viglink.com cdn.viglink.com
4 5f651e72.akstat.io zdnet1.cbsistatic.com
c.go-mpulse.net
4 dw.cbsi.com tags.tiqcdn.com
www.zdnet.com
4 c.go-mpulse.net www.zdnet.com
zdnet1.cbsistatic.com
c.go-mpulse.net
3 som.cbsi.com vidtech.cbsinteractive.com
3 secure-us.imrworldwide.com 1 redirects
3 saa.cbsi.com tags.tiqcdn.com
3 ps.eyeota.net 2 redirects www.zdnet.com
3 www.everestjs.net tags.tiqcdn.com
www.everestjs.net
2 www.google-analytics.com widget.perfectmarket.com
2 pagead2.googlesyndication.com
2 www.facebook.com connect.facebook.net
2 zdnet-1.disqus.com zdnet2.cbsistatic.com
zdnet-1.disqus.com
2 cm.everesttech.net 2 redirects
2 s0.2mdn.net zdnet2.cbsistatic.com
s0.2mdn.net
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
2 cbsi.demdex.net tags.tiqcdn.com
2 sync.crwdcntrl.net 2 redirects
2 pixel.mathtag.com 2 redirects
2 idsync.rlcdn.com 2 redirects
2 tru.am tags.tiqcdn.com
tru.am
2 l.betrad.com www.zdnet.com
1 z.moatads.com vidtech.cbsinteractive.com
1 csi.gstatic.com s0.2mdn.net
1 cbsadsales-a.akamaihd.net
1 imasdk.googleapis.com s0.2mdn.net
1 www.summerhamster.com
1 ad.yieldmanager.com
1 www.google.de
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 web-sdk.urbanairship.com zdnet3.cbsistatic.com
1 zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com tags.tiqcdn.com
1 lightboxapi2.azurewebsites.net www.lightboxcdn.com
1 tags.bluekai.com 1 redirects
1 in.ml314.com ml314.com
1 beacon.tru.am tru.am
1 d.agkn.com js.agkn.com
1 js.agkn.com tags.tiqcdn.com
1 match.adsrvr.org js-sec.indexww.com
1 iicbsi-a.akamaihd.net tags.tiqcdn.com
1 securepubads.g.doubleclick.net www.googletagservices.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 ad.doubleclick.net www.zdnet.com
1 native.sharethrough.com www.zdnet.com
1 www.googletagservices.com www.zdnet.com
1 js-sec.indexww.com www.zdnet.com
1 track.adlumin.com 1 redirects
0 creatives.techrepublic.com Failed
259 75
Subject Issuer Validity Valid
www.cbs.com
GeoTrust RSA CA 2018		 2018-11-26 -
2019-06-22		 7 months crt.sh
cc.cnetcontent.com
DigiCert SHA2 Secure Server CA		 2019-01-25 -
2020-01-25		 a year crt.sh
*.evidon.com
DigiCert ECC Secure Server CA		 2019-02-01 -
2020-05-02		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2019-01-09 -
2020-03-09		 a year crt.sh
akstat.io
DigiCert ECC Secure Server CA		 2018-03-12 -
2019-05-11		 a year crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
*.sharethrough.com
Go Daddy Secure Certificate Authority - G2		 2018-09-18 -
2019-11-17		 a year crt.sh
l.betrad.com
Go Daddy Secure Certificate Authority - G2		 2017-04-25 -
2019-06-24		 2 years crt.sh
*.doubleclick.net
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
*.google.com
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2017-10-25 -
2020-05-13		 3 years crt.sh
vidtech.cbsinteractive.com
DigiCert SHA2 High Assurance Server CA		 2018-12-13 -
2020-12-17		 2 years crt.sh
a248.e.akamai.net
DigiCert ECC Secure Server CA		 2018-10-18 -
2019-10-18		 a year crt.sh
ssl418259.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-03-02 -
2019-09-08		 6 months crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1		 2017-02-15 -
2019-04-19		 2 years crt.sh
ssl516460.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-10-06 -
2019-04-14		 6 months crt.sh
*.ml314.com
Amazon		 2018-04-14 -
2019-05-14		 a year crt.sh
www.everestjs.net
DigiCert SHA2 Secure Server CA		 2018-10-15 -
2020-10-15		 2 years crt.sh
*.cbsi.com
DigiCert SHA2 High Assurance Server CA		 2017-11-07 -
2021-02-04		 3 years crt.sh
ssl389962.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-01-10 -
2019-07-19		 6 months crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2018-06-21 -
2020-09-16		 2 years crt.sh
www.eyeota.com
COMODO RSA Domain Validation Secure Server CA		 2018-02-12 -
2021-02-11		 3 years crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
viglink.com
Amazon		 2019-02-09 -
2020-03-09		 a year crt.sh
saa.cbsi.com
DigiCert SHA2 High Assurance Server CA		 2018-05-19 -
2019-08-22		 a year crt.sh
*.azurewebsites.net
Microsoft IT TLS CA 4		 2017-12-17 -
2019-12-17		 2 years crt.sh
*.scorecardresearch.com
COMODO RSA Organization Validation Secure Server CA		 2018-11-28 -
2019-12-26		 a year crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA		 2018-10-08 -
2021-01-06		 2 years crt.sh
*.imrworldwide.com
DigiCert SHA2 Secure Server CA		 2018-02-15 -
2019-07-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-01-21 -
2019-04-21		 3 months crt.sh
*.urbanairship.com
DigiCert SHA2 Secure Server CA		 2018-04-17 -
2019-07-17		 a year crt.sh
*.everesttech.net
DigiCert SHA2 Secure Server CA		 2017-04-13 -
2020-04-17		 3 years crt.sh
www.google.de
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2019-01-03 -
2019-07-02		 6 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2018-03-28 -
2020-04-27		 2 years crt.sh
*.summerhamster.com
Let's Encrypt Authority X3		 2019-02-27 -
2019-05-28		 3 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
som.cbsi.com
DigiCert SHA2 High Assurance Server CA		 2018-08-06 -
2019-11-13		 a year crt.sh
f2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-02-28 -
2019-09-07		 6 months crt.sh
p.ssl.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-02-22 -
2021-02-22		 2 years crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-03-01 -
2019-05-24		 3 months crt.sh
*.litix.io
Amazon		 2019-01-22 -
2020-02-22		 a year crt.sh
moatads.com
DigiCert ECC Secure Server CA		 2018-11-10 -
2020-02-09		 a year crt.sh
*.hb.omtrdc.net
DigiCert SHA2 Secure Server CA		 2017-12-22 -
2020-01-03		 2 years crt.sh

This page contains 13 frames:

Primary Page: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Frame ID: C93307D6D59B7CB4071ED78DA83F65EC
Requests: 253 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: CAA4C28AF4724FEBCE3225A839DE6776
Requests: 2 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1552594856893&lv=1
Frame ID: E7692CDAE2AA92F6762E3300045D8F91
Requests: 2 HTTP requests in this frame

Frame: https://d.agkn.com/iframe/8613/?che=92928928&gdpr=&gdpr_consent=&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&bpid=cbsinteractive&c=%7B%22bpid%22%3A%22cbsinteractive%22%2C%22loc%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744%22%2C%22gdpr%22%3A%22%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
Frame ID: 7511E72B8B862322B60CACB55794F025
Requests: 1 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=636881136844645481
Frame ID: 3D836AB87AB3FA2ADCC2F47A2A86826D
Requests: 1 HTTP requests in this frame

Frame: https://cbsi.demdex.net/dest5.html?d_nsid=undefined
Frame ID: BDDA0B1765E04B5A8D5691B78EFB861E
Requests: 1 HTTP requests in this frame

Frame: https://www.everestjs.net/static/pixel_details.html
Frame ID: B727882E04623714E1CC8861D4D66647
Requests: 1 HTTP requests in this frame

Frame: https://cbsi.demdex.net/dest5.html?d_nsid=0
Frame ID: 6B7A6AFC06A4E0EF4215C11C36634369
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 0F4318F2562E41AA68CF7A53B2F3B11A
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.286.0_en.html
Frame ID: E95B17A98182A40B58B72278182510B8
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: BF21DE54DFF356D360E9CCDA9C94D201
Requests: 1 HTTP requests in this frame

Frame: https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22a%22%3A1%7D%7D
Frame ID: 43D47F74E687DA9464FB9D0A9808AF93
Requests: 1 HTTP requests in this frame

Frame: https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22v%22%3A1%7D%7D
Frame ID: 6C27364EA30D0465975F285BA52ADE3B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://track.adlumin.com/clickout/b094fda0-3040-4a11-8acc-e1dc84ed7358 HTTP 302
    https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-y... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • env /^requirejs$/i
Overall confidence: 100%
Detected patterns
  • env /pbjs/i
Overall confidence: 100%
Detected patterns
  • env /^DISQUS/i
Overall confidence: 100%
Detected patterns
  • script /2mdn\.net/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /2mdn\.net/i
  • env /^Goog_AdSense_/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^googletag$/i
Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i
Overall confidence: 100%
Detected patterns
  • env /^optimizely$/i
Overall confidence: 100%
Detected patterns
  • env /^SWFObject$/i
Overall confidence: 100%
Detected patterns
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • env /^_?COMSCORE$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

259
Requests

98 %
HTTPS

30 %
IPv6

54
Domains

75
Subdomains

58
IPs

5
Countries

10939 kB
Transfer

16852 kB
Size

33
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://track.adlumin.com/clickout/b094fda0-3040-4a11-8acc-e1dc84ed7358 HTTP 302
    https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79
  • https://www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb?_=1552594857022 HTTP 301
  • https://www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb/?_=1552594857022
Request Chain 86
  • https://tags.bluekai.com/site/20486?limit=0&id=5978151464575185692&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=5978151464575185692%26eid=50056 HTTP 302
  • https://ml314.com/csync.ashx?fp=$_BK_UUID&person_id=5978151464575185692&eid=50056
Request Chain 87
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151464575185692 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTNTk3ODE1MTQ2NDU3NTE4NTY5MhAAGg0Iqe-q5AUSBQjoBxAAQgBKAA HTTP 307
  • https://ml314.com/csync.ashx?fp=26bfb3cdccfb90d86c1d41b2532db4a9537631264181a9e9179762f104551287f4cb09cee1a4f8eb&person_id=5978151464575185692&eid=50082
Request Chain 88
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151464575185692%26eid=50220 HTTP 302
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151464575185692%26eid=50220&mm_bnc&mm_bct HTTP 302
  • https://ml314.com/csync.ashx?fp=f1d65c8a-b5bf-4400-a208-8110c5f0dae9&person_id=5978151464575185692&eid=50220
Request Chain 89
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151464575185692 HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151464575185692 HTTP 302
  • https://ml314.com/csync.ashx?fp=f8fe614de4e7ec25cddc0ff8c5f15a7e&eid=50146&person_id=5978151464575185692
Request Chain 90
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2ZyXXDwkW4hxGRlJPtyWeWf49KG2YyV6GsMLLK0_MbtQ&gdpr=1&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil HTTP 302
  • https://ml314.com/csync.ashx?fp=2ZyXXDwkW4hxGRlJPtyWeWf49KG2YyV6GsMLLK0_MbtQ&person_id=5978151464575185692&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil HTTP 302
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Request Chain 91
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=5978151464575185692&redir= HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151464575185692&redir=
Request Chain 108
  • https://pixel.everesttech.net/4083/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26optout%3D__EFOPTOUT__%26throttleCookie%3D__EFSYNC__%26time%3D__EFTIME__ HTTP 302
  • https://www.everestjs.net/static/pixel_details.html
Request Chain 115
  • https://sb.scorecardresearch.com/b?c1=2&c2=3005086&ns__t=1552594858685&ns_c=UTF-8&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1552594858685&ns_c=UTF-8&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9=
Request Chain 123
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&rp=&ts=compact&rnd=1552594858716 HTTP 302
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&rp=&ts=compact&rnd=1552594858716&ja=1
Request Chain 136
  • https://cm.everesttech.net/cm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WElxM3FnQUFBQnVscE81LQ HTTP 302
  • https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEAYz5Y4L0PTMCXaXXEy5Ut8&google_cver=1 HTTP 302
  • https://pixel.everesttech.net/1x1
Request Chain 137
  • https://www.googleadservices.com/pagead/conversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&amp;guid=ON&amp;script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&amp;guid=ON&amp;script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=q7eKXI2WAcvcba3EtNgP&random=235796822&sscte=1&crd=&gtd= HTTP 302
  • https://www.google.com/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=235796822&crd=&cdct=2&is_vtc=1&random=3768430848 HTTP 302
  • https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=235796822&crd=&cdct=2&is_vtc=1&random=3768430848&ipr=y
Request Chain 167
  • https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1552594861480&ns_c=UTF-8&cv=3.1&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1552594861480&ns_c=UTF-8&cv=3.1&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9=
Request Chain 232
  • https://sb.scorecardresearch.com/p?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=4975&ns_st_cl=5000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=0&ns_st_pt=4975&ns_st_dpt=4975&ns_st_ipt=4975&ns_st_et=4975&ns_st_det=4975&ns_st_upc=4975&ns_st_dupc=4975&ns_st_iupc=4975&ns_st_upa=4975&ns_st_dupa=4975&ns_st_iupa=4975&ns_st_lpc=4975&ns_st_dlpc=4975&ns_st_lpa=4975&ns_st_dlpa=4975&ns_st_pa=4975&ns_ts=1552594867197&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_an=1&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_st=*null&ns_st_pu=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9= HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=4975&ns_st_cl=5000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=0&ns_st_pt=4975&ns_st_dpt=4975&ns_st_ipt=4975&ns_st_et=4975&ns_st_det=4975&ns_st_upc=4975&ns_st_dupc=4975&ns_st_iupc=4975&ns_st_upa=4975&ns_st_dupa=4975&ns_st_iupa=4975&ns_st_lpc=4975&ns_st_dlpc=4975&ns_st_lpa=4975&ns_st_dlpa=4975&ns_st_pa=4975&ns_ts=1552594867197&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_an=1&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_st=*null&ns_st_pu=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=

259 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/
Redirect Chain
  • http://track.adlumin.com/clickout/b094fda0-3040-4a11-8acc-e1dc84ed7358
  • https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
435 KB
96 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
eac05fbf31e37d9466cbc2573bff2558572160be01cb562108aadf4cc11cf1e8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.zdnet.com
:scheme
https
:path
/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
server
nginx
content-type
text/html; charset=UTF-8
set-cookie
fly_device=desktop; expires=Thu, 21-Mar-2019 20:20:54 GMT; path=/; domain=.zdnet.com; secure nemo_highlander=clear_ads_fix%3a1%3aa; expires=Fri, 15 Mar 2019 06:59:59 GMT; path=/; domain=.zdnet.com; secure; fly_default_edition=eu; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Thu, 21-Mar-2019 20:20:54 GMT; path=/; domain=.zdnet.com; secure
x-enable-esi
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, User-Agent
access-control-allow-origin
https://www.zdnet.com
x-frame-options
SAMEORIGIN
content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
expires
Thu, 14 Mar 2019 21:50:54 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-tx-id
fe6b58b9-09ee-47c8-8e7f-8743b6271dd9
content-encoding
gzip
date
Thu, 14 Mar 2019 20:20:56 GMT

Redirect headers

Server
nginx/1.12.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache, private
Date
Thu, 14 Mar 2019 20:20:53 GMT
Location
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Set-Cookie
XSRF-TOKEN=eyJpdiI6Im1ibXBZakIxb09HZnN1SGhZTm1tbkE9PSIsInZhbHVlIjoiK3FlU2UzeisyRE03MEhUcVZ3OGlmOG5yWjM1RmR2U3l6UWFTcW1jSFVlV3RcL1FZYTJ6M1d3UEczKzlJNTNyQkEiLCJtYWMiOiJmZmRiZjQ3Zjc2MWQyZDFiNGIxODczYjRjOTQ2ZWJlMzk3MDJmZjVjNTY1M2VlNTI4YTY2NjVmYThmYWMwNDJjIn0%3D; expires=Thu, 14-Mar-2019 22:20:53 GMT; Max-Age=7200; path=/ laravel_session=eyJpdiI6IlJ3RTZySnBxQnNEVnRTWklNUTBGT1E9PSIsInZhbHVlIjoiZ1NJTnlQcTJNajVXaG9RTVpaanpcL3JIYXV1UWZBVllIZzg3K0x5aDdWaHBLWlJWY0k5WXlaR0MrVE5XN3NEeDYiLCJtYWMiOiJkZjVjYWI1N2VkMDdiMDM3YjczNDM3N2Y4YmEyYzdkOWY5MDBjMjc2OGZlNzBmMWIyNWEwNzY1YmFlNjNlMmFiIn0%3D; path=/; httponly
main-98cc06c3b2-rev.css
zdnet4.cbsistatic.com/fly/1657-fly/css/core/ 		320 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f427f9cedff0bcab55939c58498e44458a4112ecfe95db63fca701c1d7beb739

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:12:36 GMT
server
nginx
etag
W/"5c8a2914-4fe65"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
59645
expires
Thu, 21 Mar 2019 20:20:56 GMT
controls-5664bd9598-rev.css
zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/ 		41 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-5664bd9598-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
09e5e6ad9b3f811194f2c812a59944124cf34dae3c6d90cdc5f51dd61f9e4439

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:12:47 GMT
server
nginx
etag
W/"5c8a291f-a561"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
6569
expires
Thu, 21 Mar 2019 20:20:56 GMT
dannypalmer-author.jpg
zdnet3.cbsistatic.com/hub/i/r/2016/03/11/8691cddd-cac4-4268-abf4-4051e392aa35/thumbnail/40x40/461dbf406bd95edba75058b11c556066/ 		920 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2016/03/11/8691cddd-cac4-4268-abf4-4051e392aa35/thumbnail/40x40/461dbf406bd95edba75058b11c556066/dannypalmer-author.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e41f9d0fb2d51a0375967a0ef23dac71eabde665b7ad3af7cf65e2f5f0cb784a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
last-modified
Mon, 16 Oct 2017 07:57:34 GMT
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
content-type
image/jpeg
status
200
cache-control
max-age=5184000
accept-ranges
bytes
timing-allow-origin
*
content-length
920
expires
Mon, 13 May 2019 20:20:56 GMT
5b8024b060b24331a5a0feda-1280x7201aug272018173534poster.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/08/27/fa48c0a8-ee88-47e6-b807-84846cf04eca/thumbnail/570x322/c40a5ce2eeae65b97ba0f3ad24843723/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/08/27/fa48c0a8-ee88-47e6-b807-84846cf04eca/thumbnail/570x322/c40a5ce2eeae65b97ba0f3ad24843723/5b8024b060b24331a5a0feda-1280x7201aug272018173534poster.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6cbb103a9ffa9315f34bf691c00ce6552c74411c301bef75aba79c104e150b72

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Tue, 28 Aug 2018 10:57:14 GMT
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=28806447
timing-allow-origin
*
content-length
27630
expires
Tue, 11 Feb 2020 06:08:23 GMT
advertisement.js
zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/utils/ 		53 B
280 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/utils/advertisement.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
07b69027231d985f5bdcd4d5a539f120d26003feef6e9dc0a6b77a4b43a9b21f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 16:56:03 GMT
server
nginx
etag
"5b2a8723-35"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
71
expires
Thu, 21 Mar 2019 20:20:56 GMT
operating-system-code.png
zdnet2.cbsistatic.com/hub/i/r/2019/01/07/8c37b8ab-a39e-441b-89e6-b68e7a0a283c/thumbnail/170x128/31d117b8248431055e6d92b16a813434/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/01/07/8c37b8ab-a39e-441b-89e6-b68e7a0a283c/thumbnail/170x128/31d117b8248431055e6d92b16a813434/operating-system-code.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b0e1a7964305ee8883dfa3b8187e019a3c0fd53e76398e0f4ae65408a70f52ca

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"caacb032ce3ede8ba6e1999713f29f4c"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=31505540, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
27701
australia-flag.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/10/7ffeb457-229c-4efb-b2cf-0ae46c70215b/thumbnail/170x128/97872ff568bed5f7dd50cbfbbd7a8038/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/10/7ffeb457-229c-4efb-b2cf-0ae46c70215b/thumbnail/170x128/97872ff568bed5f7dd50cbfbbd7a8038/australia-flag.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0d4df9578aa56eedd29a7487b9152cfba7a453422b35a623170f3d3bcb174ad8

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"5c6287be4de9ff5afeaec72d54436fcf"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31486642, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
5617
huawei.jpg
zdnet1.cbsistatic.com/hub/i/r/2018/03/19/0cc09f23-3ddf-43ae-96be-61716c17e293/thumbnail/170x128/cc6d52325cb1cedb4c9d097c9d8ac2e7/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2018/03/19/0cc09f23-3ddf-43ae-96be-61716c17e293/thumbnail/170x128/cc6d52325cb1cedb4c9d097c9d8ac2e7/huawei.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4ba05e59fb9c0ab1c7c1d2291598d5794d0fcac2e202a82176afba5e2fd8c8cd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 19 Mar 2018 14:08:31 GMT
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=31480722
timing-allow-origin
*
content-length
4760
expires
Fri, 13 Mar 2020 04:59:38 GMT
senate-building.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/03/14/f08fe849-4a64-40d4-9226-f9aabf34cc7b/thumbnail/170x128/45c7226689f55cf31d0136a084b61b7a/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/03/14/f08fe849-4a64-40d4-9226-f9aabf34cc7b/thumbnail/170x128/45c7226689f55cf31d0136a084b61b7a/senate-building.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f8ab8275ebbd6c97cef0cecf565e9da2d8cbce31b37916251422d2fcbfa63de0

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"31f81674a348511b990af268ca3a8391"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31473825, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
5725
bitlocker-attack.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/03/14/63ff44e7-f55a-4b49-8a3d-458cff7ef140/thumbnail/170x128/3ac2c409f32c2f9e52fdf3abb2124ec9/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/14/63ff44e7-f55a-4b49-8a3d-458cff7ef140/thumbnail/170x128/3ac2c409f32c2f9e52fdf3abb2124ec9/bitlocker-attack.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f23379300204f6842f470f37980e4d56bc6150548d46bc390a736918b0ef1cf2

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"0b794a03744a03800313ca0f2e291294"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31468374, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
7564
untitled-6514.jpg
zdnet4.cbsistatic.com/hub/i/r/2017/09/20/9bf1d9b7-6f17-458b-bce2-ec7d558c5c96/thumbnail/170x128/074023421f92d719e972553714239394/ 		10 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2017/09/20/9bf1d9b7-6f17-458b-bce2-ec7d558c5c96/thumbnail/170x128/074023421f92d719e972553714239394/untitled-6514.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4959e2558fac8cacf637b3a2c3eb168904d82e17f14d367212b8d256fff15d8f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 19 Oct 2017 15:59:36 GMT
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=31463347
timing-allow-origin
*
content-length
9190
expires
Fri, 13 Mar 2020 00:10:03 GMT
cs-16-malicious-servers.png
zdnet3.cbsistatic.com/hub/i/r/2019/03/13/cc46d9c2-cb2d-481f-a52f-5f5ef3fb477b/thumbnail/170x128/61d4b817424dabc9c1e41eda42f2c56a/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/13/cc46d9c2-cb2d-481f-a52f-5f5ef3fb477b/thumbnail/170x128/61d4b817424dabc9c1e41eda42f2c56a/cs-16-malicious-servers.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ec9f56ef0154dce0ffa688179baaba303b09a4283f993527adae077d1d57e8b7

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"9b4f523bc0bbeb448798cf4b49cd1c1a"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=31453430, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
18026
istock-962094400.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/12/a0a80a45-774f-40b7-8b57-ab6c79dd81f8/thumbnail/170x128/631fdd301c0631ecfdacd4abc2c8188d/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/12/a0a80a45-774f-40b7-8b57-ab6c79dd81f8/thumbnail/170x128/631fdd301c0631ecfdacd4abc2c8188d/istock-962094400.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a303793414b2123a2d9e5cb1c73cb6c778541ceb76c61edfa29d0eff84f784d2

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"fd348179ec677c5560d4cd9c3ffb6cd9"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31347852, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
9029
istock-waitress-swiping-card-on-pos-machine.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/03/13/0cd51d0d-421a-4d20-bb45-b284975af874/thumbnail/170x128/63c90a2a1738db4eb742a450b08f908d/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/03/13/0cd51d0d-421a-4d20-bb45-b284975af874/thumbnail/170x128/63c90a2a1738db4eb742a450b08f908d/istock-waitress-swiping-card-on-pos-machine.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d91a3b560607304ef4cf46a9a3c36cecfddf2a803f9f3d513ebc46ffe92b7870

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"7c8aa9ae1ab630196ed047f0ed2ee15c"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31437642, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
9975
require-2.1.2.js
zdnet2.cbsistatic.com/fly/1657-fly/js/libs/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f96f203f5605c9f56e7f6f97caf6ea84f122872ec3c5ac1f9037a1b508c706ee

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:12:31 GMT
server
nginx
etag
W/"5c8a290f-3f09"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
6305
expires
Thu, 21 Mar 2019 20:20:56 GMT
evidon-sitenotice-tag.js
c.evidon.com/sitenotice/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e6b7af9cebec6e08f0d84046a51912d2e7dac2070a46d3d4ecf42673432f76ac

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
status
200
access-control-max-age
86400
content-length
10658
last-modified
Wed, 27 Feb 2019 22:45:43 GMT
server
Apache
etag
"499850fce82e70c62601a766978d58e7:1551307544"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400, private;max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 15 Mar 2019 20:20:56 GMT
country.js
c.evidon.com/geo/ 		260 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/geo/country.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Wed, 30 May 2018 22:23:16 GMT
server
Apache
access-control-allow-origin
*
etag
"c1e367d098d326049811561575dbda4a:1527718996"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
status
200
access-control-max-age
86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
content-length
165
snthemes.js
c.evidon.com/sitenotice/425/ 		79 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/425/snthemes.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f05f427c0a3425f17ce1b199296557b22f8b385c963696f80d588f692364abca

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
status
200
access-control-max-age
86400
content-length
3992
last-modified
Sun, 18 Nov 2018 21:52:50 GMT
server
Apache
etag
"f23a8c8a532eb957f9790e1985bb8e9c:1542577970"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400, private;max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 15 Mar 2019 20:20:56 GMT
settings.js
c.evidon.com/sitenotice/425/zdnet/ 		15 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/425/zdnet/settings.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1b91058b5969c2319ee3f3efb2b91ccf388c64fe22f806e59b0edb43694150d4

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
status
200
access-control-max-age
86400
content-length
1239
last-modified
Tue, 28 Aug 2018 21:08:55 GMT
server
Apache
etag
"09891370db88cdd3a58c49f5cd396b85:1535490535"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400, private;max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 15 Mar 2019 20:20:56 GMT
truncated
/ 		917 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41

Request headers

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c

Request headers

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108

Request headers

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9

Request headers

Response headers

Content-Type
image/jpeg
mag-white01.png
zdnet4.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/core/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/core/mag-white01.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c

Request headers

Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:09:11 GMT
server
nginx
etag
W/"5c8a2847-4f1"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
936
expires
Thu, 21 Mar 2019 20:20:56 GMT
Raleway-Bold.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		51 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Bold.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9db8bd3e641dc88d54edf476a148e75e29b4e8ccd040cb340404d557578dcfbd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
last-modified
Tue, 26 Feb 2019 17:11:40 GMT
server
nginx
access-control-allow-origin
*
etag
"5c75734c-cbf4"
content-type
application/octet-stream
status
200
cache-control
max-age=30225962
accept-ranges
bytes
timing-allow-origin
*
content-length
52212
expires
Thu, 27 Feb 2020 16:26:58 GMT
Raleway-Regular.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		50 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Regular.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
66ef1b7581d8ef7b82bfe2ca363a612a479d89b808e2241f68d3e8c75f4f06d4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
last-modified
Tue, 26 Feb 2019 17:11:40 GMT
server
nginx
access-control-allow-origin
*
etag
"5c75734c-c974"
content-type
application/octet-stream
status
200
cache-control
max-age=30225912
accept-ranges
bytes
timing-allow-origin
*
content-length
51572
expires
Thu, 27 Feb 2020 16:26:08 GMT
Raleway-ExtraLight.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-ExtraLight.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c2c432e808e795014171d087ba8abd58d8337f59ad387c08d8a6c6b3c32106fb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
last-modified
Tue, 26 Feb 2019 17:11:40 GMT
server
nginx
access-control-allow-origin
*
etag
"5c75734c-c634"
content-type
application/octet-stream
status
200
cache-control
max-age=30225962
accept-ranges
bytes
timing-allow-origin
*
content-length
50740
expires
Thu, 27 Feb 2020 16:26:58 GMT
play.svg
zdnet4.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/video/ 		299 B
423 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/video/play.svg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d5e9dfd6066c2872be4f85c25aa0186402b124ea3f80152e2e2b767906793284

Request headers

Referer
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-5664bd9598-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:09:11 GMT
server
nginx
access-control-allow-origin
*
etag
"5c8a2847-12b"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=31507652
accept-ranges
bytes
timing-allow-origin
*
content-length
213
expires
Fri, 13 Mar 2020 12:28:28 GMT
ring-animated.svg
zdnet1.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/video/ 		704 B
575 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/video/ring-animated.svg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd

Request headers

Referer
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-5664bd9598-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:09:11 GMT
server
nginx
access-control-allow-origin
*
etag
"5c8a2847-2c0"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=31507645
accept-ranges
bytes
timing-allow-origin
*
content-length
364
expires
Fri, 13 Mar 2020 12:28:21 GMT
Raleway-Light.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		50 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Light.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
6de73873dd441f953668e77030299f082e0f3e6335bf944d88d44978162e6609

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
last-modified
Tue, 26 Feb 2019 17:11:40 GMT
server
nginx
access-control-allow-origin
*
etag
"5c75734c-c998"
content-type
application/octet-stream
status
200
cache-control
max-age=30225870
accept-ranges
bytes
timing-allow-origin
*
content-length
51608
expires
Thu, 27 Feb 2020 16:25:26 GMT
Raleway-Black.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		50 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Black.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
927048ad11de8981ab14882b0cac610a1c194aa991d07247cdbf875032dec422

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
last-modified
Tue, 26 Feb 2019 17:11:40 GMT
server
nginx
access-control-allow-origin
*
etag
"5c75734c-c8ec"
content-type
application/octet-stream
status
200
cache-control
max-age=30226003
accept-ranges
bytes
timing-allow-origin
*
content-length
51436
expires
Thu, 27 Feb 2020 16:27:39 GMT
logo.png
zdnet2.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/core/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/core/logo.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Request headers

Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:09:11 GMT
server
nginx
etag
W/"5c8a2847-1009"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
4128
expires
Thu, 21 Mar 2019 20:20:56 GMT
en.js
c.evidon.com/sitenotice/425/translations/ 		217 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/425/translations/en.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8238f5f25e0f6c79352684181f41e1f8fb226fbbeefe07cb21aa9c074b5141b2

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
status
200
access-control-max-age
86400
content-length
7080
last-modified
Sun, 18 Nov 2018 21:51:12 GMT
server
Apache
etag
"b62d382931b2460857acce0af48570f2:1542577872"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400, private;max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 15 Mar 2019 20:20:56 GMT
vendorlist.js
c.evidon.com/sitenotice/ 		126 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/vendorlist.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cd1d44243c825f1c5b6fece79fb2f3605907af8e9948469e3be7fe265a74e6dc

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
status
200
access-control-max-age
86400
content-length
52671
last-modified
Wed, 06 Mar 2019 21:39:02 GMT
server
Apache
etag
"5bddbb4465cdcb7d5352e5dd7b6078cc:1551908342"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400, private;max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 15 Mar 2019 20:20:56 GMT
main.default.js
zdnet3.cbsistatic.com/fly/1657-fly/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3c31b25dc848cfe8053919e877b12db4fc74a39a902c1bd1899cc43ecb0c0bcd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:12:34 GMT
server
nginx
etag
W/"5c8a2912-24210"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
51713
expires
Thu, 21 Mar 2019 20:20:56 GMT
ls-zdnet.js
js-sec.indexww.com/ht/ 		85 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/ls-zdnet.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
57e1e8e64fe95a0acc0822d690633b9450b26919fcedc32958ebcf7d39393181

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Last-Modified
Thu, 14 Mar 2019 19:20:29 GMT
Server
Apache
ETag
"763a4e-15269-58412d0b8722f"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=187
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
26184
Expires
Thu, 14 Mar 2019 20:24:03 GMT
YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
c.go-mpulse.net/boomerang/ Frame CAA4 		187 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=604800, s-maxage=604800
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Timing-Allow-Origin
*
gpt.js
www.googletagservices.com/tag/js/ 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:809::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3a80b900c538dce6ded080e90ee6a3e25c9264181192f962dc62959412020681
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"107 / 668 of 1000 / last-modified: 1552592184"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
10800
x-xss-protection
1; mode=block
expires
Thu, 14 Mar 2019 20:20:56 GMT
sfp.js
native.sharethrough.com/assets/ 		371 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://native.sharethrough.com/assets/sfp.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.127 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-127.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
425355846cf962d3179d2a5675efec136193f260983e4a49b918c4f333bf430e

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 19:56:44 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 17:55:41 GMT
server
AmazonS3
age
1512
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=3600
x-amz-cf-id
3Fv_y-b0suoH0z2z7eRKRW1TnC9RGIzttc-ZPsJtt7dOsChdnfVhBg==
via
1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
expires
Thu, 14 Mar 2019 18:55:39 GMT
evidon-banner.js
c.evidon.com/sitenotice/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.evidon.com/sitenotice/evidon-banner.js
Requested by
Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
184.30.221.232 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-30-221-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4b51cad50779921c134fe5f8a46df29da7bdedf5f643c331d192b6057af97992

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
status
200
access-control-max-age
86400
content-length
2538
last-modified
Wed, 27 Feb 2019 22:45:43 GMT
server
Apache
etag
"41298c7c9394582aaf744ce4397a8521:1551307546"
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400, private;max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Fri, 15 Mar 2019 20:20:56 GMT
18863
l.betrad.com/site/v3/425/3445/3/1/2/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/425/3445/3/1/2/2/18863?consent=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.23.70.147 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-107-23-70-147.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by
Express
vary
Accept-Encoding
;ord=1552594856551
ad.doubleclick.net/ddm/ad/hxjipljy/ 		43 B
503 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/ad/hxjipljy/;ord=1552594856551?
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.16.166 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f166.1e100.net
Software
cafe /
Resource Hash
9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:20:56 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
43
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
18863
l.betrad.com/site/v3/425/3445/3/4/2/2/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.betrad.com/site/v3/425/3445/3/4/2/2/18863?consent=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.23.70.147 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-107-23-70-147.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by
Express
vary
Accept-Encoding
integrator.js
adservice.google.de/adsid/ 		109 B
490 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:808::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
490 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
104
x-xss-protection
1; mode=block
pubads_impl_319.js
securepubads.g.doubleclick.net/gpt/ 		160 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_319.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.21.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
cf65e308f1c461e06038b45d5bfa27689e22241f6b673b7d540d35cdd0ca4c32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 07 Mar 2019 16:13:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
58724
x-xss-protection
1; mode=block
expires
Thu, 14 Mar 2019 20:20:56 GMT
require.optional-dependency.js
zdnet4.cbsistatic.com/fly/js/libs/ 		582 B
518 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/js/libs/require.optional-dependency.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f27c0c9f284c6959dd7db1e768c6e43a518ea650afc69d7a60383f3a963cde7b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 30 Jul 2018 16:42:46 GMT
server
nginx
etag
"5b5f4006-246"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
307
expires
Thu, 21 Mar 2019 20:20:56 GMT
article-070c6edc57-rev.js
zdnet4.cbsistatic.com/fly/js/pages/ 		250 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/js/pages/article-070c6edc57-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c480ce7d4d5f2fb023403c864eac3350b46fab68728482d625d4d4b45b049427

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 11 Mar 2019 14:43:13 GMT
server
nginx
etag
W/"5c867401-3e718"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
72107
expires
Thu, 21 Mar 2019 20:20:56 GMT
utag.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		94 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/418F) /
Resource Hash
98a91b898a824dd0cf24f33ff1e83eed96b8846b34906a04d148d679ec76328a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 04 Feb 2019 23:26:44 GMT
server
ECS (fcn/418F)
etag
"3967517189+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
19639
expires
Thu, 14 Mar 2019 20:25:56 GMT
CBSI-PLAYER.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/ 		760 KB
203 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.122.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1491a1594a4058a62ea4c08441cfcbbfe82a0916b4f26b55f3605af896766dd7

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
age
2295838
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1933
content-length
206982
x-amz-id-2
00wxkpwuAzVTkPD8/nzRtFNLsfyAqVWfcEHoC2EHo/t6ZcwKMq60wTYpksh3aMjkKJ0nwH342Hg=
x-served-by
cache-dca17743-DCA, cache-cdg20740-CDG
last-modified
Fri, 21 Dec 2018 01:15:44 GMT
server
AmazonS3
x-timer
S1552594857.986404,VS0,VE0
etag
"ffe80da4a589534ffbb17f46d6ef50a3"
vary
Accept-Encoding
x-amz-request-id
A730A61B7DDD0284
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
backend-origin
fastlyshield--shield_cache_dca17743_DCA
x-amz-meta-mtime
1522022400
isInternalUser.js
iicbsi-a.akamaihd.net/common/js/esi/ 		22 B
262 B 		Script
General
Check archive.org
Download Go to
Full URL
https://iicbsi-a.akamaihd.net/common/js/esi/isInternalUser.js?cb=cbsiInternal
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00::210:ba1b , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
0f91e664ba993207337dbd5b1ab9f156c5f579d99d9b2e1315706815deadd0ae

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Cache-Control
max-age=274448
Server
Apache
Connection
keep-alive
ETag
"fb25287978f1b619e801f164a2dfd9ea:1473886414"
Content-Length
22
Content-Type
application/x-javascript
vglnk.js
cdn.viglink.com/api/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0dd0d42e82bfcc16e96fb72d732787a0edf0bc99b0a34f6f6eaaf1d1b32a8f9

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
10188A31AAAD84F6
status
200
content-length
27355
x-amz-id-2
DqydBfcU3scbnAmCHibbgGUjt9NeYrjWjZWtMQ9zgQT9RYVOhrlkzz28Ae6Ws0CLqevAPK6qseU=
last-modified
Thu, 28 Feb 2019 16:44:17 GMT
server
cloudflare
etag
"e4a0c710d19e7cd4fd23cd54aeb7db5e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
4b78f37f7ea79700-FRA
expires
Thu, 14 Mar 2019 20:50:56 GMT
mpulse-1.0.2.js
zdnet1.cbsistatic.com/fly/js/libs/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
763fa0bd7eff816d0a5f8c3e4075f9173a5cebf51a1e2c0d1174f841de10b9dd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Wed, 30 May 2018 18:14:04 GMT
server
nginx
etag
"5b0ee9ec-2fdf"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
4822
expires
Thu, 21 Mar 2019 20:20:56 GMT
utag.1779.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1779.js?utv=ut4.43.201812051842
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AB) /
Resource Hash
cd5e6512fdbb698425174148dba05f72357a3b1944413f8812c55c4025d3d562

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2016 20:43:57 GMT
server
ECS (fcn/41AB)
etag
"392561602"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1785
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1782.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1782.js?utv=ut4.43.201810291720
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40DB) /
Resource Hash
791b7ff5657f9c41e24adaa1f6f5a4dc51046d292b25b01a5a8d152ff4a951ac

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 29 Oct 2018 17:20:42 GMT
server
ECS (fcn/40DB)
etag
"3447796852"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1071
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1787.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		142 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40DE) /
Resource Hash
d4ccc0936dea09d1846d5bb1487dd533738e598752d8215cd883f77b3cd91d4b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 04 Feb 2019 23:26:45 GMT
server
ECS (fcn/40DE)
etag
"3502559672"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
48643
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1790.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
933 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1790.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AF) /
Resource Hash
10113bad06fefd5698a45480ffaedd421c6e06f9dbd0d1c772b7128bbea0842d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 01 Aug 2016 14:31:10 GMT
server
ECS (fcn/41AF)
etag
"2267415266"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
872
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1791.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1791.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E6) /
Resource Hash
7eae865fd7c820936603897a072b7ddd77b2c74e8022160fd19792291a63fac8

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 01 Aug 2016 14:31:10 GMT
server
ECS (fcn/40E6)
etag
"3334871598"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1196
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1792.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1792.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40D8) /
Resource Hash
dabf73474662398f4f686a1b3103542f53384dd6241e6ac13f8ba535c6372aff

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Thu, 28 Jul 2016 14:28:47 GMT
server
ECS (fcn/40D8)
etag
"2022868805"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1664
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1797.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
967 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1797.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40AE) /
Resource Hash
3ff065de0d90b0510727a72c173d05652c30967c5e6561dbf1d82fa077cabb22

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Wed, 25 Jan 2017 20:07:58 GMT
server
ECS (fcn/40AE)
etag
"1907756232"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
883
expires
Fri, 29 Mar 2019 20:20:56 GMT
utag.1800.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
995 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1800.js?utv=ut4.43.201805241512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40D7) /
Resource Hash
e9b3eb7f022396e969766ad5e908b21df0b646c943e149902c64de590e9549d9

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 07 Aug 2017 22:40:35 GMT
server
ECS (fcn/40D7)
etag
"3890296134"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
912
expires
Fri, 29 Mar 2019 20:20:56 GMT
ad-009e94c00c-rev.js
zdnet2.cbsistatic.com/fly/js/managers/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/managers/ad-009e94c00c-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
527c0c0c1a578554c4475a506762fb90fe7af774e9fa3aa12a8e46098971ab80

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Mon, 18 Feb 2019 12:17:11 GMT
server
nginx
etag
W/"5c6aa247-1aba"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
2426
expires
Thu, 21 Mar 2019 20:20:56 GMT
rid
match.adsrvr.org/track/ 		109 B
525 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184216
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.192.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-31-192-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b3e9f98451a0066f4cca7c87696f9a8ae0d81a1387c7d9aec8ad74554b63dd8a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
x-aspnet-version
4.0.30319
status
200
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zdnet.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Sat, 13 Apr 2019 20:20:56 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1552594856890&s=fd7e29d3ddc3a44bb799820926b45b05520ae0ff04c9fe603dadae2fd41766e2
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e97496cd876136ac77e9c28c1a067f7fb2d7b788b34c3159def1d579d89b75b0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
799
lightbox.js
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame E769 		326 B
544 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1552594856893&lv=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:51a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
24c7bfbeecbd090529975795b4820f6136d3a49c6addb58329eb5bbb65fb9fd1

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
x-powered-by
ASP.NET
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cf-ray
4b78f37fea5fc274-FRA
tag.aspx
ml314.com/ 		26 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?1422019
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1782.js?utv=ut4.43.201810291720
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.224.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
3aedaddba6f8d8620ca4df0ce07c6ec688675d124d82d6a3f6da0a618c9932c3

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Last-Modified
Thu, 14 Mar 2019 18:02:55 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=78118
Connection
keep-alive
Content-Length
11841
Expires
Fri, 15 Mar 2019 18:02:55 GMT
st.v3.js
www.everestjs.net/static/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/st.v3.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.87.166 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-87-166.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
35733dd71de077b039d2bac6614c78eb3ab7d3879cb307cc10cc1907d2f61eb6

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Last-Modified
Tue, 27 Nov 2018 08:53:52 GMT
Server
Apache
ETag
"183a208-4205-57ba196bd494e"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=39013
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5509
Expires
Fri, 15 Mar 2019 07:11:09 GMT
ds.js
dw.cbsi.com/js/cbsi/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dw.cbsi.com/js/cbsi/ds.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1791.js?utv=ut4.43.201805241512
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.30.230.22 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx2-dw-cbsi-xw-ext-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
d696da403b0169c2191d0ec0b0fcdaa85487b21b19fd58f4b1fb5b9edf40b153

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Sep 2017 19:06:40 GMT
Server
Apache/2.4.25
ETag
"1917-55916dc13f000"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200, s-maxage=1800
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=80, max=163
Content-Length
6423
Expires
Thu, 14 Mar 2019 20:50:57 GMT
cbsinteractive.js
tru.am/scripts/custom/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tru.am/scripts/custom/cbsinteractive.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1797.js?utv=ut4.43.201805241512
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:a222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a27fab6c5a0b1db438219c7d24ce2fff95e0910378fe4bdeb64b4f970eebccc

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 23 Jan 2018 19:10:31 GMT
server
cloudflare
etag
W/"8c3752e674fdabefc911d5c40f71780d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
4b78f3801d4ec2e7-FRA
expires
Fri, 15 Mar 2019 00:20:56 GMT
tag.js
js.agkn.com/prod/v0/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.agkn.com/prod/v0/tag.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1800.js?utv=ut4.43.201805241512
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2047:600:15:efbc:e300:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd30ffd9618eaa423abb4c900f4af01cac18be85d75265ba08d87d5230bf85b8

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 04 Dec 2018 22:35:55 GMT
via
1.1 e9cb084a7980d1028202eee7e07a5589.cloudfront.net (CloudFront)
last-modified
Tue, 04 Dec 2018 22:35:38 GMT
server
AmazonS3
age
78124
etag
"a5442c681a576408c25edbf365995343"
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
3167
x-amz-cf-id
c3JX63FC8cNdLIpFm1-Y_zWZOGH0C5KBiCvj0gefjOCg267uKH2ShA==
ad-2.0.js
zdnet3.cbsistatic.com/fly/bundles/flyjs/js/managers/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/bundles/flyjs/js/managers/ad-2.0.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
de749bdbeeb7bb7f79cb31ff00fe6830004064419f73fe9a6ec982e9de8bf19d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Wed, 12 Sep 2018 09:41:20 GMT
server
nginx
etag
W/"5b98df40-4c22"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
5115
expires
Thu, 21 Mar 2019 20:20:56 GMT
anonc.js
dw.cbsi.com/ 		73 B
620 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dw.cbsi.com/anonc.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.30.230.22 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx2-dw-cbsi-xw-ext-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
9331d43a92a7b0bdadc0dd0f4323ecca3353cb588b4a4477c764c2643c68ac78

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Apache/2.4.25
Etag
eJXpK1yKt6kvTNrcGAA.1.dw_anonc
P3P
CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-control
private, max-age=43200, s-max-age=0
Connection
Keep-Alive
Content-Type
application/javascript
Keep-Alive
timeout=80, max=399
Content-Length
73
Expires
Mon, 05 Jan 1970 12:12:12 GMT
pixel.gif
cdn.viglink.com/images/ 		43 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=1&rn=3.0367705343788747
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
x-amz-request-id
1A44048EE6D14824
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=15, must-revalidate
accept-ranges
bytes
cf-ray
4b78f37fffa29700-FRA
content-length
43
x-amz-id-2
MzLO+M36nfrkYr60LBEdLjWIZQP+zdpEDuEKphP3iM5lGEG7+bXlUdmyZWj6f44IsVLtTSb4i6I=
pixel.gif
cdn.viglink.com/images/ 		43 B
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=2&rn=3.0367705343788747
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:57 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
x-amz-request-id
1A44048EE6D14824
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=15, must-revalidate
accept-ranges
bytes
cf-ray
4b78f37fffa59700-FRA
content-length
43
x-amz-id-2
MzLO+M36nfrkYr60LBEdLjWIZQP+zdpEDuEKphP3iM5lGEG7+bXlUdmyZWj6f44IsVLtTSb4i6I=
config.json
c.go-mpulse.net/api/ Frame CAA4 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5175316&v=1.571.0&if=&sl=0&si=nozo4qu1ilo-NaN&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,LOGN&acao=
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
83014628d299ac696df5be719890f75d2a762ae3e182ebe9383e0b87d95d2fc3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
695
gpt-4.3.js
zdnet4.cbsistatic.com/fly/bundles/flyjs/js/managers/ 		52 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/bundles/flyjs/js/managers/gpt-4.3.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d48e0904f1b40972f1fc6dac3f358719e080fab3291d13d2ca4a60405707a88b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
gzip
last-modified
Tue, 04 Sep 2018 19:27:44 GMT
server
nginx
etag
W/"5b8edcb0-d143"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
10936
expires
Thu, 21 Mar 2019 20:20:56 GMT
user.js
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame E769 		608 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636881136849389971
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1552594856893&lv=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:51a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
148f8f9551ce97ae7600a6606ab8f9574cdc77a71a3cbddc8e21d7ee62f820ea

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 14 Mar 2019 20:20:56 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
EHxNt4j4xM/Jx/oqYy7CfA==
cf-polished
origSize=989791
status
200
x-ms-lease-status
unlocked
last-modified
Wed, 13 Mar 2019 22:41:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
x-ms-request-id
059234ab-301e-006a-6eed-d9096a000000
expires
Fri, 13 Mar 2020 20:20:56 GMT
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
4b78f3800ae2c274-FRA
cf-bgj
minify
Cookie set /
d.agkn.com/iframe/8613/ Frame 7511 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://d.agkn.com/iframe/8613/?che=92928928&gdpr=&gdpr_consent=&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&bpid=cbsinteractive&c=%7B%22bpid%22%3A%22cbsinteractive%22%2C%22loc%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744%22%2C%22gdpr%22%3A%22%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22-1%22%2C%22brd%22%3A%22-1%22%7D
Requested by
Host: js.agkn.com
URL: https://js.agkn.com/prod/v0/tag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.58.242 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-58-242.eu-central-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash

Request headers

Host
d.agkn.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

Cache-Control
no-cache, must-revalidate
Content-Type
text/html;charset=UTF-8
Date
Thu, 14 Mar 2019 20:20:56 GMT
Expires
Sat, 01 Jan 2000 00:00:00 GMT
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma
no-cache
Server
Apache-Coyote/1.1
Set-Cookie
ab=0001%3AgjR4pCKXsxr31jtNXku55oGTnPVy6a1Y;Max-Age=31536000;domain=agkn.com;path=/ u=C|0AEAkHXQpJB10KQAAAAAAAg1RAQCADVIBAIA;Max-Age=31536000;domain=agkn.com;path=/
Content-Length
481
Connection
keep-alive
ta-pagesocial-sdk.js
tru.am/scripts/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by
Host: tru.am
URL: https://tru.am/scripts/custom/cbsinteractive.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:a222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb9007c254c493be4a067de535b19a30f5e5aef3d5b19f58b1c72d2c65a04f79

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:57 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 21 May 2018 10:49:23 GMT
server
cloudflare
etag
W/"8761e04182a1c11ff30f706f8052c8d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86400
cf-ray
4b78f3804e54c2e7-FRA
expires
Fri, 15 Mar 2019 20:20:57 GMT
/
www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb/
Redirect Chain
  • https://www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb?_=1552594857022
  • https://www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb/?_=1552594857022
380 KB
87 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb/?_=1552594857022
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
98ac1d2bc316a4f5c7c0265d2d7f022c38d89270f320dfbabacd64b035f2a2d7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb/?_=1552594857022
pragma
no-cache
cookie
utag_main=v_id:01697ddd6b8100ac07bae1f78c700007800a007000b08$_sn:1$_ss:1$_st:1552596656833$ses_id:1552594856833%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; _ccmsi=1552594857122_q95au7yio|1552594857123; _ccmaid=5978151464575185692; fly_device=desktop; fly_geo={"countryCode": "de"}; fly_preferred_edition=eu; fly_default_edition=eu; ak_bmsc=806B80C66005040CCE560C47706DDDA60210BAB7CD700000A9B78A5CC4C73F24~plodMl0loa3tKfd0U23mIa36lQ9H3Ze8XwENeCkUr/VvEexpfVhzcPHB3Vkrpjkgqd3qVjh/QF6wRoFpU4UkrtUO6ke6HK7+1Egtv3es0tjQndSop8OmT9UFHtyvvq1IhtNS7JtStfiKe5ufX2l9bHFeqkL2r3hbNOdPJ+19pkyY/+L6UTHgvXrnIz/2CHN3maTHCjZ2LWfvZU4ri34cgm0r/E3LkOyXDElKGlFtUaa+k=
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
:method
GET
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com;
content-encoding
gzip
x-content-type-options
nosniff
status
404
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:20:58 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
vary
Accept-Encoding, User-Agent
x-tx-id
0727d4be-a5b7-4897-a7b6-046c9e3b7dbf
content-type
text/html; charset=UTF-8
cache-control
max-age=5400, private
set-cookie
bm_mi=ADF69C5327C904031B3523DD802B6016~3MHga8GKC7e2Icvydy+QgRS2/xWiD+P7NPaHyRMXn9N6eNxwpMKFnVqqlpln6rmcwkiNYqGJymSIH2ct4EVVSvXlPchDbtUz4MXTvFqIcfSZdYeT1xLT7LRK2kb1Zan5vtvFCDRK8dU0Hg6cIA1CM6A7EC+l8yUw8ZIINHOCYknH1LrTs0XawFLt02gWYe0swCsZjQ3VoiaJIPf+iqXstRcZp5SmG7fs7SkuwkYqtSFaOVChn+8Po+8RwGPxppWzj4N/hWHSIBVqvLh23KyWmwAYsQ3UThsBdMyjEaseqRo=; Domain=.zdnet.com; Path=/; Max-Age=7200; HttpOnly bm_sv=57996E60900785695C2C746CDCF64619~NrmDLJek2ujkTJqz+6VH6DGwGaHWtLy0/JsWHS+CHji3QuK2VlzQychtBIdarsp+mIS4tqsBe9WMr5s2QA6zaVKSPllQ+wwHAK1d2+HaaBwu/b0li3cdw+w0zgUquHcS5xzuxtiQrt9IWYREDhYuCh5xaMqSKpTZAseFcCFL+WI=; Domain=.zdnet.com; Path=/; Max-Age=7199; HttpOnly
expires
Thu, 14 Mar 2019 21:50:57 GMT

Redirect headers

status
301
date
Thu, 14 Mar 2019 20:20:57 GMT
vary
Accept-Encoding, User-Agent
server
nginx
location
https://www.zdnet.com/ad/ad-cookie/9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb/?_=1552594857022
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/html
access-control-allow-origin
https://www.zdnet.com
set-cookie
fly_device=desktop; expires=Thu, 21-Mar-2019 20:20:57 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Thu, 21-Mar-2019 20:20:57 GMT; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_default_edition=eu; path=/; domain=.zdnet.com; secure ak_bmsc=806B80C66005040CCE560C47706DDDA60210BAB7CD700000A9B78A5CC4C73F24~plodMl0loa3tKfd0U23mIa36lQ9H3Ze8XwENeCkUr/VvEexpfVhzcPHB3Vkrpjkgqd3qVjh/QF6wRoFpU4UkrtUO6ke6HK7+1Egtv3es0tjQndSop8OmT9UFHtyvvq1IhtNS7JtStfiKe5ufX2l9bHFeqkL2r3hbNOdPJ+19pkyY/+L6UTHgvXrnIz/2CHN3maTHCjZ2LWfvZU4ri34cgm0r/E3LkOyXDElKGlFtUaa+k=; expires=Thu, 14 Mar 2019 22:20:57 GMT; max-age=7200; path=/; domain=.zdnet.com; HttpOnly
content-length
178
beacon
beacon.tru.am/ 		17 B
388 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://beacon.tru.am/beacon
Requested by
Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:a222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
27676ea482895bdddd3f3796f430a812e11364efc224227c86973a52398966c2

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:20:57 GMT
content-encoding
br
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, private, max-age=0
cf-ray
4b78f380ec0fc2e2-FRA
expires
Thu, 01 Jan 1970 00:00:00 UTC
fb_digioh.2.1.5.css
www.lightboxcdn.com/static/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/static/fb_digioh.2.1.5.css?cb=636881136844645481
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636881136849389971
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:51a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2a804abed27cf1276fba69a26f3da96befe05f5661af72545fc97a508c82e5e

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 14 Mar 2019 20:20:57 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
i+12d4SLet4LAL0q+CrTcw==
cf-polished
origSize=5372
x-ms-meta-cbmodifiedtime
Tue, 03 Nov 2015 22:12:06 GMT
status
200
x-ms-lease-status
unlocked
last-modified
Wed, 20 Feb 2019 20:29:57 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-ms-request-id
3ff06bcd-201e-009b-7ced-d9d8f9000000
expires
Fri, 13 Mar 2020 20:20:57 GMT
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
cf-ray
4b78f380edbec274-FRA
cf-bgj
minify
ls.html
www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame 3D83 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=636881136844645481
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636881136849389971
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:51a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
www.lightboxcdn.com
:scheme
https
:path
/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=636881136844645481
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
accept-encoding
gzip, deflate, br
cookie
__cfduid=d4d0e1c4d73c17b45e3eb5b835ae060281552594856
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

status
200
date
Thu, 14 Mar 2019 20:20:57 GMT
content-type
text/html
content-md5
xa1/rdPe0J6SwxlD7atkzw==
last-modified
Wed, 13 Mar 2019 22:41:24 GMT
x-ms-request-id
9f90515b-f01e-00d6-4ea3-da1e1b000000
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
cf-cache-status
MISS
expires
Fri, 13 Mar 2020 20:20:57 GMT
cache-control
public, max-age=31536000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
4b78f380edc0c274-FRA
content-encoding
br
t.gif
www.lightboxcdn.com/z9g/ 		35 B
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.lightboxcdn.com/z9g/t.gif?c=1552594857092&h=www.zdnet.com&e=p&u=40913
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:51a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 14 Mar 2019 20:20:57 GMT
cf-cache-status
HIT
content-md5
KNaBTzCeoon4R8ac+RGUxg==
cf-polished
status=not_needed
x-ms-meta-cbmodifiedtime
Tue, 26 Feb 2019 00:59:40 GMT
status
200
content-length
35
x-ms-lease-status
unlocked
last-modified
Tue, 26 Feb 2019 01:15:02 GMT
server
cloudflare
etag
0x8D69B87D5A1B25F
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
x-ms-request-id
7e3e704a-501e-0118-4275-cd3e01000000
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
4b78f380edc2c274-FRA
cf-bgj
imgq:85
utsync.ashx
ml314.com/ 		906 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=50070&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&pv=1552594857122_q95au7yio&bl=en-us&cb=1758457&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D%5BPersonID%5D%26redir%3D&ht=&d=&dc=&si=1552594857122_q95au7yio&cid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&s=1600x1200&rp=
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?1422019
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.224.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8212f3fc5847d92f1b425d22a60819634c3829a97235c744e1264981da57c35d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
519
Expires
0
ud.ashx
in.ml314.com/ 		20 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in.ml314.com/ud.ashx?topiclimit=&cb=1422019
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?1422019
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.206.33 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-235-206-33.compute-1.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, no-cache="set-cookie"
Connection
keep-alive
Content-Length
138
Expires
Fri, 15 Mar 2019 20:20:57 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://tags.bluekai.com/site/20486?limit=0&id=5978151464575185692&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=5978151464575185692%26eid=50056
  • https://ml314.com/csync.ashx?fp=$_BK_UUID&person_id=5978151464575185692&eid=50056
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=$_BK_UUID&person_id=5978151464575185692&eid=50056
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.224.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Fri, 15 Mar 2019 16:20:57 GMT

Redirect headers

Location
https://ml314.com/csync.ashx?fp=$_BK_UUID&person_id=5978151464575185692&eid=50056
Date
Thu, 14 Mar 2019 20:20:57 GMT
Connection
keep-alive
Content-Length
0
BK-Server
df07
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
csync.ashx
ml314.com/
Redirect Chain
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151464575185692
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTNTk3ODE1MTQ2NDU3NTE4NTY5MhAAGg0Iqe-q5AUSBQjoBxAAQgBKAA
  • https://ml314.com/csync.ashx?fp=26bfb3cdccfb90d86c1d41b2532db4a9537631264181a9e9179762f104551287f4cb09cee1a4f8eb&person_id=5978151464575185692&eid=50082
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=26bfb3cdccfb90d86c1d41b2532db4a9537631264181a9e9179762f104551287f4cb09cee1a4f8eb&person_id=5978151464575185692&eid=50082
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.224.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Fri, 15 Mar 2019 16:20:57 GMT

Redirect headers

status
307
date
Thu, 14 Mar 2019 20:20:57 GMT
cache-control
no-cache, no-store
timing-allow-origin
*
content-length
0
location
https://ml314.com/csync.ashx?fp=26bfb3cdccfb90d86c1d41b2532db4a9537631264181a9e9179762f104551287f4cb09cee1a4f8eb&person_id=5978151464575185692&eid=50082
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
csync.ashx
ml314.com/
Redirect Chain
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151464575185692%26eid=50220
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151464575185692%26eid=50220&mm_bnc&mm_bct
  • https://ml314.com/csync.ashx?fp=f1d65c8a-b5bf-4400-a208-8110c5f0dae9&person_id=5978151464575185692&eid=50220
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=f1d65c8a-b5bf-4400-a208-8110c5f0dae9&person_id=5978151464575185692&eid=50220
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.224.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Fri, 15 Mar 2019 16:20:57 GMT

Redirect headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
MT3 1.31.3.9 fe26b9c DPLAT-404 cdg-pixel-x8
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://ml314.com/csync.ashx?fp=f1d65c8a-b5bf-4400-a208-8110c5f0dae9&person_id=5978151464575185692&eid=50220
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Thu, 14 Mar 2019 20:20:56 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151464575185692
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D5978151464575185692
  • https://ml314.com/csync.ashx?fp=f8fe614de4e7ec25cddc0ff8c5f15a7e&eid=50146&person_id=5978151464575185692
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=f8fe614de4e7ec25cddc0ff8c5f15a7e&eid=50146&person_id=5978151464575185692
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.224.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-171-224-12.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Fri, 15 Mar 2019 16:20:57 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:57 GMT
P3P
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location
https://ml314.com/csync.ashx?fp=f8fe614de4e7ec25cddc0ff8c5f15a7e&eid=50146&person_id=5978151464575185692
Cache-Control
no-cache
X-Server
10.26.12.81
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
match
ps.eyeota.net/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2ZyXXDwkW4hxGRlJPtyWeWf49KG2YyV6GsMLLK0_MbtQ&gdpr=1&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil
  • https://ml314.com/csync.ashx?fp=2ZyXXDwkW4hxGRlJPtyWeWf49KG2YyV6GsMLLK0_MbtQ&person_id=5978151464575185692&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
70 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.120.224.89 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-120-224-89.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
Content-Length
70
Content-Type
image/gif

Redirect headers

Date
Thu, 14 Mar 2019 20:20:56 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/html; charset=utf-8
Location
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Cache-Control
private
Connection
keep-alive
Content-Length
168
Expires
Fri, 15 Mar 2019 16:20:57 GMT
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=5978151464575185692&redir=
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151464575185692&redir=
42 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151464575185692&redir=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.76.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v021-06e3ff6f9.edge-irl1.demdex.com 5.49.0.20190304124312 5ms
Pragma
no-cache
X-TID
c/z70US4Su8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
X-TID
2xLOzq4KS48=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=5978151464575185692&redir=
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
5f651e72.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://5f651e72.akstat.io/?h.pg=article&h.ab=clear_ads_fix_a_1&when=1552594857299&t_other=custom4%7C2824&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=da986d836121209f9bd3366ca9e8576ba66ca172&h.t=1552594856956&http.initiator=api&rt.start=api&rt.si=e5865524-cf01-4552-96a0-13f059c6b4be&rt.ss=1552594860534&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:57 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 14 Mar 2019 20:20:57 GMT
ping
api.viglink.com/api/ 		266 B
944 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/ping
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.175.204 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-154-175-204.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
03178396aebd2b1e94e641d26da8d5b5ca23f9162b52b519ad37c88fc18de50d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
266
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id
dpm.demdex.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&ts=1552594857472
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.76.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b887fd25d8144ed197b2c959b309295a611de8959119a06a0022da0cbd440d41

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v021-089fc9629.edge-irl1.demdex.com 5.49.0.20190304124312 5ms
Pragma
no-cache
Content-Encoding
gzip
X-TID
HwnsbtFdT4A=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
747
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
92 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=cbsi/zdnetglobalsite/201902042326&cb=1552594857474
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AB) /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:57 GMT
last-modified
Thu, 14 Apr 2016 16:59:33 GMT
server
ECS (fcn/41AB)
etag
"2243872957"
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Thu, 14 Mar 2019 20:30:57 GMT
c.gif
dw.cbsi.com/clear/ 		42 B
346 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dw.cbsi.com/clear/c.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&assettitle=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&assettype=content_article&pubdate=2019-03-12%2011%3A05%3A00&viewguid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&devicetype=desktop&sitetype=responsive%20web&author=danny%20palmer&authorid=1aa87593-0f1d-4577-862b-a59b5ec9bc57&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&ts=1552594857463&ld=www.zdnet.com&ldc=964495ec-94a9-4ab7-9f7f-0a3e79262799&brwinsz=1600x1200&brscrsz=1600x1200&brlang=en-US&tcset=utf8&im=dsjs&clgf=eJXpK1yKt6kvTNrcGAA&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&title=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.30.230.22 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx2-dw-cbsi-xw-ext-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Apache/2.4.25
Vary
*
Content-Type
image/gif
Cache-control
no-cache, must-revalidate, no-transform
Connection
Keep-Alive
Keep-Alive
timeout=80, max=392
Content-Length
42
Expires
Mon, 05 Jan 1970 12:12:12 GMT
Cookie set dest5.html
cbsi.demdex.net/ Frame BDDA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cbsi.demdex.net/dest5.html?d_nsid=undefined
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.130.155 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-77-130-155.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
cbsi.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Accept-Encoding
gzip, deflate, br
Cookie
demdex=21907198191623399282957956508712126504
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 06 Mar 2019 12:41:20 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=21907198191623399282957956508712126504;Path=/;Domain=.demdex.net;Expires=Tue, 10-Sep-2019 20:20:57 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
5yAe6/PGRIY=
Content-Length
2764
Connection
keep-alive
id
saa.cbsi.com/ 		90 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://saa.cbsi.com/id?d_visid_ver=2.3.0&d_fieldgroup=A&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&mid=21753913182162491202980062665557970256&ts=1552594857519
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.37 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.sc.omtrdc.net
Software
Omniture DC /
Resource Hash
c5a479022fb04033a1cdeffbcb318920057c1b23609608780167e9158410ebf6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Thu, 14 Mar 2019 20:20:57 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC
xserver
www296
Vary
Origin
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/x-javascript
Keep-Alive
timeout=15
Content-Length
90
X-XSS-Protection
1; mode=block
domains
api.viglink.com/api/ 		76 B
521 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.175.204 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-154-175-204.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
65b32111ba6249c17070def5faa2ab03612a2bbad2de106cf53dc75176bc9825

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:57 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
76
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id
dpm.demdex.net/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&d_mid=21753913182162491202980062665557970256&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012E455BD4853132EB-6000012C000041F3&ts=1552594857698
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.76.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e7a0ad47bdec44cb474f1e35424943c6c49c71fff04d7bdd0d7b8b9ca319a536

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v021-062c6bf2b.edge-irl1.demdex.com 5.49.0.20190304124312 10ms
Pragma
no-cache
Content-Encoding
gzip
X-TID
J0kddzD0Re0=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
746
Expires
Thu, 01 Jan 1970 00:00:00 GMT
s81727832939041
saa.cbsi.com/b/ss/cnetzdnetglobalsite/10/JS-2.3.0/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://saa.cbsi.com/b/ss/cnetzdnetglobalsite/10/JS-2.3.0/s81727832939041?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=14%2F2%2F2019%2020%3A20%3A57%204%200&d.&nsid=0&jsonv=1&.d&mid=21753913182162491202980062665557970256&aid=2E455BD4853132EB-6000012C000041F3&aamlh=6&ce=UTF-8&ns=cbsinteractive&pageName=zdnet%3A%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F&g=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&cc=USD&ch=editorial&server=www.zdnet.com&v0=ftag%3ATRE49e8aa0&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=zdnet&v1=zdnet&h1=editorial%7Carticle&l1=microsoft&c2=D%3Dv2&l2=113c25b6-ec91-11e3-95d2-02911863765e&c3=D%3Dv3&v3=responsive%20web%7Cdesktop&l3=1aa87593-0f1d-4577-862b-a59b5ec9bc57&c4=D%3Dv4&c5=D%3Dv5&v5=cnetzdnetglobalsite&c6=D%3Dv6&v6=editorial%7Carticle&c7=D%3Dv7&v7=D%3Dg&c8=D%3Dv8&v8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=D%3DUser-Agent&c10=D%3Dv10&v10=article&c11=D%3Dv11&v11=D%3Dch%2B%22%3A%22%2Bv10&v15=not%20authenticated%7Canon&c20=D%3Dv20&v20=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&c22=D%3Dv22&v22=content_article&c23=D%3Dv23&v23=113c25b6-ec91-11e3-95d2-02911863765e&c24=D%3Dv24&v24=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&c25=D%3Dv25&c26=D%3Dv26&c28=D%3Dv28&c30=D%3Dv30&v30=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&c31=D%3Dv31&c33=D%3Dv33&c34=D%3Dv34&c35=D%3Dv35&v35=eJXpK1yKt6kvTNrcGAA&v44=clear_ads_fix%7C1%7Ca&c50=D%3Dv50&v50=4%3A00PM&c51=D%3Dv51&v51=Thursday&c52=D%3Dv52&v52=1&c53=D%3Dv53&v53=New&c54=D%3Dv54&v54=First%20Visit&c65=D%3Dv65&v65=discover&c69=D%3Dv69&v85=true&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&AQE=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.37 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
198578f511d1fed81e0f63a3bc056ec5dc2b7865e4772b3897320171dd9c0e61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-AAM-TID
E5l7bz3GRXo=
Date
Thu, 14 Mar 2019 20:20:57 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
1890
X-XSS-Protection
1; mode=block
DCS
dcs-prod-irl1-v021-0cd21a117.edge-irl1.demdex.com 5.49.0.20190304124312 10ms
Pragma
no-cache
Last-Modified
Fri, 15 Mar 2019 20:20:57 GMT
Server
Omniture DC/2.0.0
xserver
www121
ETag
"3334172067463495680-6757511667854097945"
Vary
*
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Wed, 13 Mar 2019 20:20:57 GMT
z
lightboxapi2.azurewebsites.net/z9p/40913/www.zdnet.com/jsonp/ 		557 B
811 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lightboxapi2.azurewebsites.net/z9p/40913/www.zdnet.com/jsonp/z?cb=1552594857830&callback=jQuery17106776610289526044_1552594857081&_=1552594857832
Requested by
Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=636881136849389971
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.99.128.52 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
waws-prod-dm1-001.cloudapp.net
Software
Kestrel / ASP.NET
Resource Hash
de958ea30c103771b4b4aa8acae8c4a5063c965fc1594e6315737fd079e731b3

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
Kestrel
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
vglnk.js
cdn.viglink.com/api/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0dd0d42e82bfcc16e96fb72d732787a0edf0bc99b0a34f6f6eaaf1d1b32a8f9

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
10188A31AAAD84F6
status
200
content-length
27355
x-amz-id-2
DqydBfcU3scbnAmCHibbgGUjt9NeYrjWjZWtMQ9zgQT9RYVOhrlkzz28Ae6Ws0CLqevAPK6qseU=
last-modified
Thu, 28 Feb 2019 16:44:17 GMT
server
cloudflare
etag
"e4a0c710d19e7cd4fd23cd54aeb7db5e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
4b78f389ce1a9700-FRA
expires
Thu, 14 Mar 2019 20:50:58 GMT
utag.1775.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1775.js?utv=ut4.43.201902042326
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AA) /
Resource Hash
0f4176807e149be9c6cc0e583699fffe630cccb37e57242ce5a7b1f7d63d859d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Thu, 10 Nov 2016 20:41:55 GMT
server
ECS (fcn/41AA)
etag
"1112944691"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
8960
expires
Fri, 29 Mar 2019 20:20:58 GMT
utag.277.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
946 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.277.js?utv=ut4.43.201902042326
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/4187) /
Resource Hash
0e13cd6845611f0c419398a75b85ba014a7fffb1b9e9575c2e1b4cfefebd0017

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2016 20:43:58 GMT
server
ECS (fcn/4187)
etag
"461771432"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
863
expires
Fri, 29 Mar 2019 20:20:58 GMT
utag.1772.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		2 KB
1020 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1772.js?utv=ut4.43.201902042326
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E8) /
Resource Hash
e482ba089d973ca257acfd70b2d7541447d5d333449b106d5c3dffebe322566a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Mon, 11 Jul 2016 20:43:58 GMT
server
ECS (fcn/40E8)
etag
"4198895974"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
959
expires
Fri, 29 Mar 2019 20:20:58 GMT
utag.1796.js
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1796.js?utv=ut4.43.201902042326
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.180 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E7) /
Resource Hash
9337d4f2ef8a00759da573e178e302712fec944ac54cfd808f48c526b9816d3b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Mon, 28 Nov 2016 15:09:53 GMT
server
ECS (fcn/40E7)
etag
"931235332"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2762
expires
Fri, 29 Mar 2019 20:20:58 GMT
pixel_details.html
www.everestjs.net/static/ Frame B727
Redirect Chain
  • https://pixel.everesttech.net/4083/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26optout%3D__EFOPTOUT__%26throttleCook...
  • https://www.everestjs.net/static/pixel_details.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/static/pixel_details.html
Requested by
Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.87.166 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-87-166.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Host
www.everestjs.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

Server
Apache
Last-Modified
Tue, 04 Oct 2011 16:14:21 GMT
ETag
"8623-a6-4ae7b62583140"
Accept-Ranges
bytes
Content-Type
text/html
Content-Encoding
gzip
Content-Length
146
Cache-Control
max-age=35514
Expires
Fri, 15 Mar 2019 06:12:52 GMT
Date
Thu, 14 Mar 2019 20:20:58 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Server
Apache
Set-Cookie
everest_session_v2=XIq3qgAAABulpO5-; path=/; domain=.everesttech.net everest_g_v2=g_surferid~XIq3qgAAABulpO5-; path=/; domain=.everesttech.net; expires=Sat, 06-Feb-2021 07:00:58 GMT
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache
Location
https://www.everestjs.net/static/pixel_details.html#google=XIq3qgAAABulpO5-&gsurfer=XIq3qgAAABulpO5-&optout=0&throttleCookie=&time=20190314202058
Content-Length
345
Keep-Alive
timeout=15, max=977797
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Cookie set dest5.html
cbsi.demdex.net/ Frame 6B7A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cbsi.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.130.155 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-77-130-155.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
cbsi.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Accept-Encoding
gzip, deflate, br
Cookie
demdex=21907198191623399282957956508712126504; dextp=269-1-1552594857728|477-1-1552594857834|771-1-1552594857941|22052-1-1552594858042|30646-1-1552594858154|121998-1-1552594858260|127444-1-1552594858362|302767-1-1552594858470
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 06 Mar 2019 12:41:57 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=21907198191623399282957956508712126504;Path=/;Domain=.demdex.net;Expires=Tue, 10-Sep-2019 20:20:58 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
4tDWZwQQRYI=
Content-Length
2764
Connection
keep-alive
/
www.zdnet.com/components/breaking-news/xhr/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
da32e2ed8ad42c030011ae24f19d9a83b5970c15050fd605dc0c2e4a0106b93e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/components/breaking-news/xhr/?slug=breaking-news-banner
pragma
no-cache
cookie
_ccmsi=1552594857122_q95au7yio|1552594857123; _ccmaid=5978151464575185692; fly_device=desktop; fly_geo={"countryCode": "de"}; fly_preferred_edition=eu; fly_default_edition=eu; ak_bmsc=806B80C66005040CCE560C47706DDDA60210BAB7CD700000A9B78A5CC4C73F24~plodMl0loa3tKfd0U23mIa36lQ9H3Ze8XwENeCkUr/VvEexpfVhzcPHB3Vkrpjkgqd3qVjh/QF6wRoFpU4UkrtUO6ke6HK7+1Egtv3es0tjQndSop8OmT9UFHtyvvq1IhtNS7JtStfiKe5ufX2l9bHFeqkL2r3hbNOdPJ+19pkyY/+L6UTHgvXrnIz/2CHN3maTHCjZ2LWfvZU4ri34cgm0r/E3LkOyXDElKGlFtUaa+k=; LDCLGFbrowser=964495ec-94a9-4ab7-9f7f-0a3e79262799; XCLGFbrowser=eJXpK1yKt6kvTNrcGAA; s_vnum=1555186857468%26vn%3D1; s_invisit=true; s_getNewRepeat=1552594857469-New; s_lv_zdnet=1552594857469; s_lv_zdnet_s=First%20Visit; AMCVS_10D31225525FF5790A490D4D%40AdobeOrg=1; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=-894706358%7CMCMID%7C21753913182162491202980062665557970256%7CMCAAMLH-1553199657%7C6%7CMCAAMB-1553199657%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1552602057s%7CNONE%7CMCAID%7C2E455BD4853132EB-6000012C000041F3%7CvVersion%7C2.3.0; s_cc=true; b2b-aam-segments=t%3DMicrosoft; aam_uuid=21907198191623399282957956508712126504; bm_mi=ADF69C5327C904031B3523DD802B6016~3MHga8GKC7e2Icvydy+QgRS2/xWiD+P7NPaHyRMXn9N6eNxwpMKFnVqqlpln6rmcwkiNYqGJymSIH2ct4EVVSvXlPchDbtUz4MXTvFqIcfSZdYeT1xLT7LRK2kb1Zan5vtvFCDRK8dU0Hg6cIA1CM6A7EC+l8yUw8ZIINHOCYknH1LrTs0XawFLt02gWYe0swCsZjQ3VoiaJIPf+iqXstRcZp5SmG7fs7SkuwkYqtSFaOVChn+8Po+8RwGPxppWzj4N/hWHSIBVqvLh23KyWmwAYsQ3UThsBdMyjEaseqRo=; bm_sv=57996E60900785695C2C746CDCF64619~NrmDLJek2ujkTJqz+6VH6DGwGaHWtLy0/JsWHS+CHji3QuK2VlzQychtBIdarsp+mIS4tqsBe9WMr5s2QA6zaVKSPllQ+wwHAK1d2+HaaBwu/b0li3cdw+w0zgUquHcS5xzuxtiQrt9IWYREDhYuCh5xaMqSKpTZAseFcCFL+WI=; viewGuid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb; utag_main=v_id:01697ddd6b8100ac07bae1f78c700007800a007000b08$_sn:1$_ss:0$_st:1552596658518$ses_id:1552594856833%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; RT="sl=1&ss=1552594853245&tt=5320&obo=0&bcn=%2F%2F5f651e72.akstat.io%2F&sh=1552594858577%3D1%3A0%3A5320&dm=zdnet.com&si=e7acf12b-2c04-440c-a5d9-c3dbafde46ba&ld=1552594858577"
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
519
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 Mar 2019 20:13:27 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:20:58 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
69fd64dd-dee4-40c7-9a76-2003773d64ae
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
set-cookie
bm_sv=57996E60900785695C2C746CDCF64619~NrmDLJek2ujkTJqz+6VH6DGwGaHWtLy0/JsWHS+CHji3QuK2VlzQychtBIdarsp+mIS4tqsBe9WMr5s2QA6zaVKSPllQ+wwHAK1d2+HaaByphwWxPTxr9tb/+2o5NhFHlk5qfQTM0Nj7ScZveGIizgsxqgD8hCTppKdRKyTtaCs=; Domain=.zdnet.com; Path=/; Max-Age=7199; HttpOnly
accept-ranges
bytes
expires
Thu, 14 Mar 2019 21:43:27 GMT
disqus-count-5922ea1c53-rev.js
zdnet2.cbsistatic.com/fly/js/components/ 		406 B
480 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/components/disqus-count-5922ea1c53-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b8c15c61feffdfe68b168cf2ac8cf58867f38547da3b15d7971a75c44f16bc26

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Mon, 30 Jul 2018 16:42:34 GMT
server
nginx
etag
"5b5f3ffa-196"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
270
expires
Thu, 21 Mar 2019 20:20:58 GMT
controls-5664bd9598-rev.css
zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/ 		41 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-5664bd9598-rev.css
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
09e5e6ad9b3f811194f2c812a59944124cf34dae3c6d90cdc5f51dd61f9e4439

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:12:47 GMT
server
nginx
etag
W/"5c8a291f-a561"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
6569
expires
Thu, 21 Mar 2019 20:20:58 GMT
disqus-loader-a1eab8131b-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		1 KB
725 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/disqus-loader-a1eab8131b-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a4d452555ef3c54319d8528439b6d27eea5e7cf579b89303b72a00e54c0dfbf5

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Wed, 06 Mar 2019 16:04:02 GMT
server
nginx
etag
W/"5c7fef72-458"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
521
expires
Thu, 21 Mar 2019 20:20:58 GMT
cs.js
sb.scorecardresearch.com/c2/3005086/ 		0
400 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/c2/3005086/cs.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1775.js?utv=ut4.43.201902042326
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Apr 2011 23:11:26 GMT
ETag
"d41d8cd98f00b204e9800998ecf8427e:1349196464"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=259200
Connection
keep-alive
Content-Length
20
Expires
Sun, 17 Mar 2019 20:20:58 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=3005086&ns__t=1552594858685&ns_c=UTF-8&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDN...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1552594858685&ns_c=UTF-8&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZD...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1552594858685&ns_c=UTF-8&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:58 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1552594858685&ns_c=UTF-8&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9=
Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:58 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
istock-waitress-swiping-card-on-pos-machine.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/03/13/0cd51d0d-421a-4d20-bb45-b284975af874/thumbnail/70x53/56fb65817a570723e67d847d339058ed/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/13/0cd51d0d-421a-4d20-bb45-b284975af874/thumbnail/70x53/56fb65817a570723e67d847d339058ed/istock-waitress-swiping-card-on-pos-machine.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2629d7ebc824cd8f408efc722da1171ee3696002bfad416abc77b0b88d013160

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"6018df1842f7130f1b85a6f8e911b96b"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31438883, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
4654
email-rawpixel.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/01/11/ad0d5294-2598-42f2-8eb4-b004111b908f/thumbnail/70x53/796f5952b0376672ed58b137e44cd279/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/01/11/ad0d5294-2598-42f2-8eb4-b004111b908f/thumbnail/70x53/796f5952b0376672ed58b137e44cd279/email-rawpixel.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ea46af0c4a4d24a8177ab02f0060171ac4b16dd24145977d08c9360f50c5da5c

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"069654d5ce089c13f642d19f09a3d1c0"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31418298, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
1814
istock-1059911054.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/03/12/aa17a71b-66ed-469e-a508-0a622b233a0f/thumbnail/70x53/f86b87687e25397206051802bf46d41a/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/03/12/aa17a71b-66ed-469e-a508-0a622b233a0f/thumbnail/70x53/f86b87687e25397206051802bf46d41a/istock-1059911054.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
2f01b49a78ae39b72dd3166ebebdf7fe07957571b7d34bfe003b429e71c539e1

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"95f6870ff3dcd442254e334a9033d349"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31415273, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
1948
istock-man-looking-sad-because-of-ransomware.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/03/07/45cf2d27-aa58-4e37-a02e-4a8567f4bcaf/thumbnail/70x53/ed50717bb61c707faa97f1ab0238949a/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/07/45cf2d27-aa58-4e37-a02e-4a8567f4bcaf/thumbnail/70x53/ed50717bb61c707faa97f1ab0238949a/istock-man-looking-sad-because-of-ransomware.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
acc5ba8f384f65d231c25a30bb9624da59f42cfe1deccfcc7f58a9afe26ec50a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"f2925f97bc13ad2852a7a551802feea0"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30910024, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
4670
/
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		52 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_3xeBFJDuSs0SRW5&Q_LOC=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.277.js?utv=ut4.43.201902042326
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.206 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-206.deploy.static.akamaitechnologies.com
Software
/ Express
Resource Hash
6a142062d341e21d360870b239bddfab464a522c17529a1a9fcfae37864be1ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
access-control-allow-origin
*
x-powered-by
Express
etag
W/"d07b-ie5jsqLKfXtiw/O2YK0p9GDEuC0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=60
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
13147
/
www.zdnet.com/newsletter/xhr/widget-login/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c40d49c6e0f8f2545f8324d09b1c89eade88481e1b2bbc4a6f325a66b45eef31
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/newsletter/xhr/widget-login/?topic=security
pragma
no-cache
cookie
_ccmsi=1552594857122_q95au7yio|1552594857123; _ccmaid=5978151464575185692; fly_device=desktop; fly_geo={"countryCode": "de"}; fly_preferred_edition=eu; fly_default_edition=eu; ak_bmsc=806B80C66005040CCE560C47706DDDA60210BAB7CD700000A9B78A5CC4C73F24~plodMl0loa3tKfd0U23mIa36lQ9H3Ze8XwENeCkUr/VvEexpfVhzcPHB3Vkrpjkgqd3qVjh/QF6wRoFpU4UkrtUO6ke6HK7+1Egtv3es0tjQndSop8OmT9UFHtyvvq1IhtNS7JtStfiKe5ufX2l9bHFeqkL2r3hbNOdPJ+19pkyY/+L6UTHgvXrnIz/2CHN3maTHCjZ2LWfvZU4ri34cgm0r/E3LkOyXDElKGlFtUaa+k=; LDCLGFbrowser=964495ec-94a9-4ab7-9f7f-0a3e79262799; XCLGFbrowser=eJXpK1yKt6kvTNrcGAA; s_vnum=1555186857468%26vn%3D1; s_invisit=true; s_getNewRepeat=1552594857469-New; s_lv_zdnet=1552594857469; s_lv_zdnet_s=First%20Visit; AMCVS_10D31225525FF5790A490D4D%40AdobeOrg=1; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=-894706358%7CMCMID%7C21753913182162491202980062665557970256%7CMCAAMLH-1553199657%7C6%7CMCAAMB-1553199657%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1552602057s%7CNONE%7CMCAID%7C2E455BD4853132EB-6000012C000041F3%7CvVersion%7C2.3.0; s_cc=true; b2b-aam-segments=t%3DMicrosoft; aam_uuid=21907198191623399282957956508712126504; bm_mi=ADF69C5327C904031B3523DD802B6016~3MHga8GKC7e2Icvydy+QgRS2/xWiD+P7NPaHyRMXn9N6eNxwpMKFnVqqlpln6rmcwkiNYqGJymSIH2ct4EVVSvXlPchDbtUz4MXTvFqIcfSZdYeT1xLT7LRK2kb1Zan5vtvFCDRK8dU0Hg6cIA1CM6A7EC+l8yUw8ZIINHOCYknH1LrTs0XawFLt02gWYe0swCsZjQ3VoiaJIPf+iqXstRcZp5SmG7fs7SkuwkYqtSFaOVChn+8Po+8RwGPxppWzj4N/hWHSIBVqvLh23KyWmwAYsQ3UThsBdMyjEaseqRo=; bm_sv=57996E60900785695C2C746CDCF64619~NrmDLJek2ujkTJqz+6VH6DGwGaHWtLy0/JsWHS+CHji3QuK2VlzQychtBIdarsp+mIS4tqsBe9WMr5s2QA6zaVKSPllQ+wwHAK1d2+HaaBwu/b0li3cdw+w0zgUquHcS5xzuxtiQrt9IWYREDhYuCh5xaMqSKpTZAseFcCFL+WI=; viewGuid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb; utag_main=v_id:01697ddd6b8100ac07bae1f78c700007800a007000b08$_sn:1$_ss:0$_st:1552596658518$ses_id:1552594856833%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session; RT="sl=1&ss=1552594853245&tt=5320&obo=0&bcn=%2F%2F5f651e72.akstat.io%2F&sh=1552594858577%3D1%3A0%3A5320&dm=zdnet.com&si=e7acf12b-2c04-440c-a5d9-c3dbafde46ba&ld=1552594858577"
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
729
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:20:59 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
75e5ca71-0294-4e11-a666-f43d2a2b003d
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
set-cookie
fly_session=cr4ajkekkt9roesif966mpnsa0; path=/; domain=.zdnet.com; secure; HttpOnly bm_sv=57996E60900785695C2C746CDCF64619~NrmDLJek2ujkTJqz+6VH6DGwGaHWtLy0/JsWHS+CHji3QuK2VlzQychtBIdarsp+mIS4tqsBe9WMr5s2QA6zaVKSPllQ+wwHAK1d2+HaaByTne/LbIV4GooKvdc7xvfl46/HQkqYYbywZAIRWtzVdNvxWv64Dw4oyh83LLWj3S4=; Domain=.zdnet.com; Path=/; Max-Age=7198; HttpOnly
accept-ranges
bytes
expires
Thu, 14 Mar 2019 20:20:59 GMT
front-door-carousel-56427878d9-rev.js
zdnet1.cbsistatic.com/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/components/front-door-carousel-56427878d9-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5ecc6a93ec2939faa8dbf80084346c7d940f5a2181ee69343810da52902eb92d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Thu, 16 Aug 2018 13:35:07 GMT
server
nginx
etag
W/"5b757d8b-124a"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
cneonction
close
timing-allow-origin
*
content-length
1564
expires
Thu, 21 Mar 2019 20:20:58 GMT
m
secure-us.imrworldwide.com/cgi-bin/
Redirect Chain
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/%3Fftag%3DTRE49e8...
  • https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/%3Fftag%3DTRE49e8...
44 B
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&rp=&ts=compact&rnd=1552594858716&ja=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.142.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-142-23.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:20:58 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status
200
cache-control
no-cache
content-type
image/gif
content-length
44
expires
Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:20:58 GMT
server
nginx
access-control-allow-origin
*
location
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&rp=&ts=compact&rnd=1552594858716&ja=1
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status
302
cache-control
no-cache
content-length
0
expires
Thu, 01 Dec 1994 16:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6bb981959d783d83df88b9aa48738948c9a8a22c1a31b8cb5305d3e338ebf9a7
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
15216
x-xss-protection
0
pragma
public
x-fb-debug
rDXDE6AkP6K9JCGcg23VUh/FEMfH7V+XLApaL4iCibBpyedK02PzBR5+vBfxudWgKD+HRky/4L/p+BdFJ2aFFg==
date
Thu, 14 Mar 2019 20:20:58 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
urban-airship-29ae327ed0-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/urban-airship-29ae327ed0-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
fa33d1db535d783b0baf4e74bdc7ce9e54633f87a03669b2803e567088d64ccb

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Wed, 29 Aug 2018 13:13:23 GMT
server
nginx
etag
W/"5b869bf3-514"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
827
expires
Thu, 21 Mar 2019 20:20:58 GMT
advertisement-d41d8cd98f-rev.js
zdnet2.cbsistatic.com/fly/js/utils/ 		0
178 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/utils/advertisement-d41d8cd98f-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
last-modified
Fri, 10 Aug 2018 18:33:06 GMT
server
nginx
etag
"5b6dda62-0"
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
0
expires
Thu, 21 Mar 2019 20:20:58 GMT
comscore.streaming.6.1.1.171219.min.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/comscore/ 		104 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/comscore/comscore.streaming.6.1.1.171219.min.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.122.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
081873caa83744b6d819ab294b08927e20b60841dd8f23a87c2a57e15f65591c

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
age
514536
x-cache
HIT, HIT
status
200
x-cache-hits
2, 3305
content-length
18881
x-amz-id-2
iNMxzm/TCgHK9pS62vBa4WS9cdIY2RAk2iZ/4rvpCGyqBgvmIfhh/M1oP8g+QU4MesGXKPLqSuQ=
x-served-by
cache-dca17747-DCA, cache-cdg20740-CDG
last-modified
Fri, 21 Dec 2018 01:17:23 GMT
server
AmazonS3
x-timer
S1552594859.780516,VS0,VE0
etag
"c3c30c0ebfc35a9426296256fc3133d8"
vary
Accept-Encoding
x-amz-request-id
089711D8482F40CB
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
backend-origin
fastlyshield--shield_cache_dca17747_DCA
x-amz-meta-mtime
1522022400
ima3.js
s0.2mdn.net/instream/html5/ 		239 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/html5/ima3.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2006 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
50178c2908dd13de5a387ee5e197029dd5aa0c24692fb2360c54b7484d03d75d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
83498
x-xss-protection
1; mode=block
expires
Thu, 14 Mar 2019 20:20:58 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1552594858861&s=94f924a2963a7c7eb945dc27c0b3d0563db1779f7b0a9fd1ff738c10de3d4e44
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
868ab1704d7a6756d97ebde1b95aa0c54a0a676791bb445b80deb8a1f48c2cde

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
800
fly-disqus-count-1f604770a3-rev.js
zdnet2.cbsistatic.com/fly/js/components/ 		882 B
670 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/components/fly-disqus-count-1f604770a3-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b2ab8784d5ca4bc5e4e1990ba55c6d9f041b8fe8cf41ad9afa37bc1c3dd12756

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Tue, 12 Mar 2019 17:29:14 GMT
server
nginx
etag
"5c87ec6a-372"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
460
expires
Thu, 21 Mar 2019 20:20:58 GMT
309391486091569
connect.facebook.net/signals/config/ 		186 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/309391486091569?v=2.8.42&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
61c7775dd53bf4483c287392a1194232ed17a29eeec5f64896c57ff53c5e66ef
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
45966
x-xss-protection
0
pragma
public
x-fb-debug
1iYB0MY1XFbkQgn3fcMW5Bm8Ew81lsR8O01zuiTItUgafzeSA0oqtv3AnqOKL4slmrCAVzw6bgou93s7p62p5g==
date
Thu, 14 Mar 2019 20:20:58 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
show-hide-1.0-7dc26ff326-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		2 KB
914 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/show-hide-1.0-7dc26ff326-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f92514f4e39c16da9037f964148a09a79419744b77d611860ffc81c86aeace0a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
last-modified
Thu, 10 Jan 2019 17:52:02 GMT
server
nginx
etag
W/"5c378642-7a5"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
710
expires
Thu, 21 Mar 2019 20:20:58 GMT
ua-sdk.min.js
web-sdk.urbanairship.com/notify/v1/ 		78 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-sdk.urbanairship.com/notify/v1/ua-sdk.min.js
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/js/components/urban-airship-29ae327ed0-rev.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6b:280::e3d , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
UploadServer /
Resource Hash
7a1c6137f5ed3900e2b07d0c6785da9915da4e44dea8aabac8c3ddaad73b4ca2

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:58 GMT
content-encoding
gzip
x-goog-meta-goog-reserved-file-mtime
1552593996
status
200
x-guploader-uploadid
AEnB2UqPfDBK7EpLhaWPan06YLNbWj5dL_Tkc23wz0MFOGLEh2-OJ2tZq6uXwjDF3gl7z-C7sXZQWsJRyRULcpZP1Of-tlRRUbxnDkxgjxnjIoSd9tJbDbQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-length
16953
last-modified
Thu, 14 Mar 2019 20:06:38 GMT
server
UploadServer
etag
"a9fa052d127e29c685af6e9134f76d4a"
vary
Accept-Encoding
x-goog-hash
crc32c=bXT+Cw==, md5=qfoFLRJ+KcaFr26RNPdtSg==
x-goog-generation
1552593998397520
cache-control
public, max-age=300
x-goog-stored-content-length
79866
accept-ranges
bytes
content-type
application/x-javascript
expires
Thu, 14 Mar 2019 20:25:58 GMT
4083-12969.js
www.everestjs.net/dl/4083/ 		484 B
655 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.everestjs.net/dl/4083/4083-12969.js
Requested by
Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.87.166 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-87-166.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1d4d518e1da495fb6d6d8b3d86bba79d7597b61b466e71c45cdb09ed79659c53

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Content-Encoding
gzip
Last-Modified
Mon, 25 Nov 2013 14:23:10 GMT
Server
Apache
ETag
"4a5a49-1e4-4ec011a776f80"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=37211
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
288
Expires
Fri, 15 Mar 2019 06:41:09 GMT
v
pixel.everesttech.net/4083/ 		128 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/4083/v?ev___loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&ev___ref=%2F%2F
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
66.117.28.68 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Last-Modified
Wed, 19 Oct 2016 22:11:25 GMT
Server
Apache
ETag
"9c38d7-80-53f3f17013d40"
Vary
Cookie
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=15, max=963963
Content-Length
128
1x1
pixel.everesttech.net/
Redirect Chain
  • https://cm.everesttech.net/cm
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WElxM3FnQUFBQnVscE81LQ
  • https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEAYz5Y4L0PTMCXaXXEy5Ut8&google_cver=1
  • https://pixel.everesttech.net/1x1
128 B
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/1x1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
66.117.28.68 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:59 GMT
Last-Modified
Wed, 19 Oct 2016 22:11:25 GMT
Server
Apache
ETag
"1433c2-80-53f3f17013d40"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=998583
Content-Length
128

Redirect headers

Date
Thu, 14 Mar 2019 20:20:58 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://pixel.everesttech.net/1x1
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
/
www.google.de/pagead/1p-user-list/1036174608/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&amp;guid=ON&amp;script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&amp;guid=ON&amp;script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=q7eKXI2WAcvcba...
  • https://www.google.com/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=235796822&crd=&cdct=2&is_vtc=1&random=3768430848
  • https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=235796822&crd=&cdct=2&is_vtc=1&random=3768430848&ipr=y
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=235796822&crd=&cdct=2&is_vtc=1&random=3768430848&ipr=y
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:20:59 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:20:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=235796822&crd=&cdct=2&is_vtc=1&random=3768430848&ipr=y
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
ad.yieldmanager.com/ 		0
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.yieldmanager.com/pixel?id=2447099&t=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:833::4000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:59 GMT
X-Content-Type-Options
nosniff
Server
ATS
Age
0
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security
max-age=31536000
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
s
pixel.everesttech.net/4083/ 		128 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.everesttech.net/4083/s?s=12969
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
66.117.28.68 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:59 GMT
Last-Modified
Wed, 19 Oct 2016 22:11:25 GMT
Server
Apache
ETag
"1433c2-80-53f3f17013d40"
Vary
Cookie
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control
no-cache
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=15, max=998598
Content-Length
128
count.js
zdnet-1.disqus.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet-1.disqus.com/count.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
186782
P3P
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 11 Mar 2019 17:49:30 GMT
Server
nginx
ETag
"5c869faa-367"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
/
www.facebook.com/tr/ 		44 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=309391486091569&ev=PageView&dl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&rl=&if=false&ts=1552594859033&sw=1600&sh=1200&v=2.8.42&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1552594859031.93645902&it=1552594858878&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:59 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 14 Mar 2019 20:20:59 GMT
mux.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/ 		70 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/mux.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.122.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3ae5d0f70dfeb1308462aaaa19d8326a6bd2d41781323b07db04cccffc09cf5f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:59 GMT
content-encoding
gzip
age
942939
x-cache
HIT, HIT
status
200
x-cache-hits
1, 596
content-length
21978
x-amz-id-2
zgcnin+SB1JSc2io3/l4gBQl7XptJ+s5461pEByzZWAMIgE8OaFve7xpNhG06y2uXYsCdR5sinU=
x-served-by
cache-dca17724-DCA, cache-cdg20740-CDG
last-modified
Fri, 21 Dec 2018 01:16:38 GMT
server
AmazonS3
x-timer
S1552594859.122059,VS0,VE0
etag
"6ff5de35d5b5d1d667e341d5109a9c19"
vary
Accept-Encoding
x-amz-request-id
3312530A0732501B
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
backend-origin
fastlyshield--shield_cache_dca17724_DCA
x-amz-meta-mtime
1522022400
ggcmb510.js
cdn-gl.imrworldwide.com/novms/js/2/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-126.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
gB9SHtsGPCXzAHzgrpgYdBOQ7nMvfStz
content-encoding
gzip
last-modified
Tue, 05 Mar 2019 14:34:42 GMT
server
AmazonS3
age
54593
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=86400
date
Thu, 14 Mar 2019 05:13:49 GMT
x-amz-cf-id
n8bf9eizIila5gVKJFkYq3b_astb6r9ydrfd71dbt7fPMCREEm2cmA==
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
AppMeasurement-2.3.0.min.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.122.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4974c54f5183f50fd1f3c3d49c496fd79602f8159b6d393d3fab09e4433555dd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:59 GMT
content-encoding
gzip
age
4373758
x-cache
HIT, HIT
status
200
x-cache-hits
4, 675
content-length
27260
x-amz-id-2
DygN9j4ptYlgqXZ3JEXmbvf/IJiVaaSANRd8iSR48wkkrUfnkNQ12kfiUTrb4fHqc/ZiJI5/jZE=
x-served-by
cache-dca17728-DCA, cache-cdg20740-CDG
last-modified
Fri, 21 Dec 2018 01:17:06 GMT
server
AmazonS3
x-timer
S1552594859.126063,VS0,VE0
etag
"d71ba6c9a930b6864408830c3e2705f9"
vary
Accept-Encoding
x-amz-request-id
183A5CA46654BB99
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
backend-origin
fastlyshield--shield_cache_dca17728_DCA
x-amz-meta-mtime
1522022400
VideoHeartbeat-2.0.2.min.js
vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/ 		143 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.122.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e08209b44a15fd9f6b9977d2580034e8d3da36542235802c2722ff8db4c0a461

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:20:59 GMT
content-encoding
gzip
age
1660292
x-cache
HIT, HIT
status
200
x-cache-hits
1, 582
content-length
28977
x-amz-id-2
E/a9o4/zW8aygkDY6AidBM53xxxeUv6iqu1HThiBa+2N5+d0iQrPHbZ2ryuJdYvWi70xd02poqU=
x-served-by
cache-dca17744-DCA, cache-cdg20740-CDG
last-modified
Fri, 21 Dec 2018 01:17:07 GMT
server
AmazonS3
x-timer
S1552594859.127028,VS0,VE0
etag
"215943f0e77b4fcc9cc72b98a8ea1cfc"
vary
Accept-Encoding
x-amz-request-id
5B30967C65AD4272
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
backend-origin
fastlyshield--shield_cache_dca17744_DCA
x-amz-meta-mtime
1522022400
bcn
www.summerhamster.com/ 		43 B
181 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.summerhamster.com/bcn?fe=1552594859129&y=2.0.1105&elg=759379641&flg=68&x=zzz.cgqhw.frp%2Fduwlfoh%2Fwklv-edqnlqj-pdozduh-mxvw-uhwxuqhg-zlwk-qhz-vqhdnb-wulfnv-wr-vwhdo-brx-gdwd%2F&vqwo=1&deo=0&g0=vg%3A%3Aer%2Cxd%3A%3Aqexd%3A%3Aqsu%7Cvg%3A%3Ask%3A%3Aqsk%3A%3Aqsu%7Cgisl%3A%3Alp%2Clqi%2Cqh%3A%3Aqoe%3A%3Aqsu%3A%3Axuo%3D%2F%2Fdg.grxeohfolfn.qhw%2Fggp%2Fdg%2Fkamlsomb%2F%3Brug%3D1552594856551%3F%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cddg%2Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.des_re_halvw%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Csu%3A%3Aid%3A%3Aquiv%3A%3Aqsu&hu=0&g2=0%3A%3A0%3A%3A0%3A%3A0%3A%3A0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.36.177 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-122-36-177.eu-central-1.compute.amazonaws.com
Software
Jetty(9.2.10.v20150310) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Thu, 14 Mar 2019 20:20:59 GMT
server
Jetty(9.2.10.v20150310)
access-control-allow-origin
*
content-length
43
access-control-allow-methods
*
content-type
image/gif
/
5f651e72.akstat.io/ 		0
354 B 		Other
General
Check archive.org
Download Go to
Full URL
https://5f651e72.akstat.io/
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:20:59 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 14 Mar 2019 20:20:59 GMT
/
www.facebook.com/tr/ Frame 0F43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
6797
pragma
no-cache
cache-control
no-cache
origin
https://www.zdnet.com
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
accept-encoding
gzip, deflate, br
Origin
https://www.zdnet.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

status
200
content-type
text/plain
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
0
server
proxygen-bolt
date
Thu, 14 Mar 2019 20:20:59 GMT
count-data.js
zdnet-1.disqus.com/ 		243 B
767 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet-1.disqus.com/count-data.js?1=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2
Requested by
Host: zdnet-1.disqus.com
URL: https://zdnet-1.disqus.com/count.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
b3d64e3a17eaacb2473e6777e771930cf3aa692b1d976843857335cc978e1439
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:20:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Age
425
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Cache-Control
public, max-age=600
Connection
keep-alive
Content-Type
application/javascript; charset=UTF-8
Vary
Accept-Encoding
Content-Length
204
X-XSS-Protection
1; mode=block
truncated
/ 		2 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e9696aabfbb60803028b14636581f459404cea187d0c0c50b7d4d5cf8e1a3b1

Request headers

Response headers

Content-Type
video/mp4
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Response headers

Content-Type
image/png
truncated
/ 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Response headers

Content-Type
image/png
glcfg510.js
cdn-gl.imrworldwide.com/novms/js/2/configs/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-126.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
C_jlH6EJFkwAH9m6jwG5pmUjxJCOeer7
content-encoding
gzip
last-modified
Tue, 05 Mar 2019 14:34:41 GMT
server
AmazonS3
age
83086
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=86400
date
Wed, 13 Mar 2019 21:16:33 GMT
x-amz-cf-id
GR2IqMJajpffuM_cV06d7k4hE0QaQudyfgeMYl1ugEE-lhIhihSSoQ==
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
id
dpm.demdex.net/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&d_cid_ic=userId%01&d_cid_ic=puuid%01&ts=1552594861256
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.76.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c12cf227885335df96a62ce773d17c8dbd9eb0de199ce1ce1289c5ff802ae95c

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v021-06f91ab0e.edge-irl1.demdex.com 5.49.0.20190304124312 10ms
Pragma
no-cache
Content-Encoding
gzip
X-Error
300,300
X-TID
vWibr4kcRQc=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
748
Expires
Thu, 01 Jan 1970 00:00:00 GMT
bridge3.286.0_en.html
imasdk.googleapis.com/js/core/ Frame E95B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.286.0_en.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.286.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
183219
date
Wed, 13 Mar 2019 00:02:15 GMT
expires
Thu, 12 Mar 2020 00:02:15 GMT
last-modified
Wed, 13 Mar 2019 00:00:39 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
age
159526
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
client.js
s0.2mdn.net/instream/video/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::2006 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
10523
x-xss-protection
1; mode=block
expires
Thu, 14 Mar 2019 20:21:01 GMT
/
www.zdnet.com/m3d0s1/xhr/right-rail/ 		10 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/m3d0s1/xhr/right-rail/
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
426d9c4e30db4842dfb3b5813d238bf05f9560b70ec68afa84ae2e96c2c716cf
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/m3d0s1/xhr/right-rail/
pragma
no-cache
cookie
_fbp=fb.1.1552594859542.1761847800; AMCV_10D31225525FF5790A490D4D%40AdobeOrg=T; upid_511738270=1
origin
https://www.zdnet.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type
application/x-www-form-urlencoded; charset=UTF-8
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
content-length
443
:method
POST
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
1634
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:21:01 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
b4fe0a90-8d66-42d5-a668-59ed9338720f
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
set-cookie
fly_device=desktop; expires=Thu, 21-Mar-2019 20:21:01 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Thu, 21-Mar-2019 20:21:01 GMT; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_default_edition=eu; path=/; domain=.zdnet.com; secure ak_bmsc=2715DC4A231CECCA698C412E41ECB4190210BAB7CD700000ADB78A5C8690E516~pl+VIo3CEhPSQMnd6Nf/HCVOmkAWgU4MAZZJf3w8tUJdsDafMb4YZcaevM27p3LHMmHxTYjDf3mJQ8nXIzq+kAwhOjVIwvh9cnTHWOy7vrDKKh9kM6jCyL3fI5qft6GMOBsZoBElXLG1SLDC13xqLJNio43r1GjSa+vbIUCvI7/zIFbF8DbBi8o+cnjI37vTGOeDj2JGLReS2oGmYy16stQMLei0hW62PSI8Avoygey6g=; expires=Thu, 14 Mar 2019 22:21:01 GMT; max-age=7200; path=/; domain=.zdnet.com; HttpOnly
accept-ranges
bytes
expires
Thu, 14 Mar 2019 20:21:01 GMT
default-se4908240cd.png
zdnet4.cbsistatic.com/fly/images/sprites/video/controls/1x/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/fly/images/sprites/video/controls/1x/default-se4908240cd.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
de4b8c1882f3c5f3e8d7ed920d1f4f31865ee05228fa7c60800656f3b279287d

Request headers

Referer
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-5664bd9598-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:01 GMT
content-encoding
gzip
last-modified
Wed, 20 Jun 2018 17:00:35 GMT
server
nginx
etag
W/"5b2a8833-1e14"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
7728
expires
Thu, 21 Mar 2019 20:21:01 GMT
id
som.cbsi.com/ 		90 B
716 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://som.cbsi.com/id?d_visid_ver=2.3.0&d_fieldgroup=A&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&mid=32463149399208463380520886632797588060&ts=1552594861362
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.34 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.d2.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
638528755e9e630423559752ffb1b9e22f730355d0e7ea5024281f9342c1ef56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Thu, 14 Mar 2019 20:21:01 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC/2.0.0
xserver
www90
Vary
Origin
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/x-javascript
Keep-Alive
timeout=15
Content-Length
90
X-XSS-Protection
1; mode=block
loader.js
cdn.taboola.com/libtrc/cbsinteractive-zdnet/ 		228 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1657-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8a6984501b8a86b7f7edbd1fa3ce4ba6a27b04d360159f092d384761d863fa5c

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
P5YD9nTG93ao.WHn31MoSQTu6NoOJI6I
content-encoding
gzip
age
13875
x-cache
HIT
status
200
date
Thu, 14 Mar 2019 20:21:01 GMT
x-amz-replication-status
COMPLETED
content-length
23348
x-amz-id-2
hLI13bJlQOFqfR/ozNXCPgvTuTA/Z7CcREPa1fsw7QvZM6/lcossuNytD8rqnF72nEO1bCwSZ7o=
x-served-by
cache-hhn1540-HHN
last-modified
Thu, 14 Mar 2019 16:29:07 GMT
server
AmazonS3
x-timer
S1552594861.423160,VS0,VE0
etag
"8b09404363ba75a65ca1d5ef0c9e06e7"
vary
Accept-Encoding
x-amz-request-id
CFA1FC88F8AF7DFF
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
89
x-cache-hits
5
PF7B87067-BF4D-F80F-E040-070AAD316CE6.js
cdn-gl.imrworldwide.com/conf/ 		42 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/conf/PF7B87067-BF4D-F80F-E040-070AAD316CE6.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/configs/glcfg510.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-126.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c6df1bf046eea1d51b9b30f72f87f5c6d13f4fea02b8efc48ac386557e8bb32a

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 19:11:18 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 18:26:21 GMT
server
AmazonS3
age
581
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
stp7Qr.MwB_68k4jq5c.s7LDvpzzAzRQ
status
200
cache-control
max-age=86400,s-maxage=86400
content-type
application/javascript
x-amz-cf-id
5PtQzqxI_A8gdlVIO24ee1WF-ESgZEMP5ukrC8LsB_BXJSyvZq7HpA==
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
nlsSDK600.bundle.min.js
cdn-gl.imrworldwide.com/novms/js/2/ 		154 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PF7B87067-BF4D-F80F-E040-070AAD316CE6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-126.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
69ab1a2de27af9982ac383ba968b31150b40465eee67ccd2cb540397dd372c14

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
.JOJbolsUKPAQzRqc25FG3kbf09NeIy8
content-encoding
gzip
last-modified
Tue, 05 Mar 2019 14:34:42 GMT
server
AmazonS3
age
16382
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=86400
date
Thu, 14 Mar 2019 19:01:08 GMT
x-amz-cf-id
Z7ZMtcAeeG0N_XtAWkCYUSXJ1Y04hvlh5SyiVL8LMLxCjGkDiPfdVQ==
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame BF21 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-126.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
cdn-gl.imrworldwide.com
:scheme
https
:path
/novms/html/ls.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

status
200
content-type
text/html
last-modified
Tue, 05 Mar 2019 14:34:40 GMT
x-amz-server-side-encryption
AES256
x-amz-version-id
bFE_v0S8rJQmD6jK1O9nK5_UKwVOFfYf
server
AmazonS3
content-encoding
gzip
date
Thu, 14 Mar 2019 15:08:15 GMT
cache-control
max-age=86400
vary
Accept-Encoding
age
18778
x-cache
Hit from cloudfront
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
x-amz-cf-id
utoV8PPDOpGl_fhYpULpBHqcu0xDk1i0u6QQQRgpgJpu467xzOB8Dw==
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:21:01 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
901
Expires
Fri, 15 Mar 2019 20:21:01 GMT
load.js
widget.perfectmarket.com/cbsinteractive-zdnet/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/cbsinteractive-zdnet/load.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d1eab2e9d5b36e1297db68599d3e9c3df71869a0863fb261972b93e919d7af1

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
rwr9L97XovW8QPypI62jHvd7E2HiNZm2
content-encoding
gzip
age
40
x-cache
HIT, MISS
status
200
date
Thu, 14 Mar 2019 20:21:01 GMT
content-length
4742
x-amz-id-2
IeE9+nTLEpRap1NUvEiPbE+qQgMPeliAJb3YSmkiHcZXNknzshBkuokPJDiSswQryBLApcOaYnY=
x-served-by
cache-lax8629-LAX, cache-hhn1549-HHN
last-modified
Thu, 20 Oct 2016 17:48:07 GMT
server
AmazonS3
x-timer
S1552594862.505250,VS0,VE148
etag
"fc0de48a0976cde02ddee0bd49a81832"
vary
Accept-Encoding,,
x-amz-request-id
47A0ED1AAAD0A94D
via
1.1 varnish, 1.1 varnish
cache-control
max-age=300
accept-ranges
bytes
content-type
binary/octet-stream
x-cache-hits
1, 0
impl.349-494-RELEASE.js
cdn.taboola.com/libtrc/ 		363 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.349-494-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c904304fd06e5bf1a7411400abf22540499f73c27d2ddf9e9524998a751844bd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
TC9RoL8LilzMRuCPKl7aB7PHNNt4t_c1
content-encoding
gzip
age
48
x-cache
HIT
status
200
date
Thu, 14 Mar 2019 20:21:01 GMT
x-amz-replication-status
PENDING
content-length
105323
x-amz-id-2
r6XVmaHMWFUSWcwjsD9tvC3NtDiegPKEdF0Hdj/AlL5BQ0GjhKFD3uN1vttimmHVwYLLFhRPS6k=
x-served-by
cache-hhn1540-HHN
last-modified
Thu, 14 Mar 2019 20:20:09 GMT
server
AmazonS3
x-timer
S1552594861.459540,VS0,VE0
etag
"e36a6852dd2e0645edefe86299f98c8b"
vary
Accept-Encoding
x-amz-request-id
14EAEB4A81677757
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
89
x-cache-hits
1118
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1552594861480&ns_c=UTF-8&cv=3.1&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20...
  • https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1552594861480&ns_c=UTF-8&cv=3.1&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%2...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1552594861480&ns_c=UTF-8&cv=3.1&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:01 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1552594861480&ns_c=UTF-8&cv=3.1&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c9=
Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:01 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
id
dpm.demdex.net/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&d_mid=32463149399208463380520886632797588060&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=AVID%012E455BD685315B84-6000010B40003B09&d_cid_ic=userId%01&d_cid_ic=puuid%01&ts=1552594861523
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.76.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
984a9c142400ed6a5f591f79a57ebbe8199a447466ff52720bc9033db8755759

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v021-01e2bec1a.edge-irl1.demdex.com 5.49.0.20190304124312 11ms
Pragma
no-cache
Content-Encoding
gzip
X-Error
300,300
X-TID
QLORGZoNT/c=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
749
Expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Response headers

Content-Type
image/gif
gen_204
pagead2.googlesyndication.com/pagead/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?vd=diff&oc=f&nc=f&oi=f&ni=f&custVid=508658153&lid=93&sdkv=h.3.286.0&id=ima_html5&c=3878837629635287&domain=www.zdnet.com
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:01 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
vglnk.js
cdn.viglink.com/api/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0dd0d42e82bfcc16e96fb72d732787a0edf0bc99b0a34f6f6eaaf1d1b32a8f9

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:01 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
10188A31AAAD84F6
status
200
content-length
27355
x-amz-id-2
DqydBfcU3scbnAmCHibbgGUjt9NeYrjWjZWtMQ9zgQT9RYVOhrlkzz28Ae6Ws0CLqevAPK6qseU=
last-modified
Thu, 28 Feb 2019 16:44:17 GMT
server
cloudflare
etag
"e4a0c710d19e7cd4fd23cd54aeb7db5e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
4b78f39d4be99700-FRA
expires
Thu, 14 Mar 2019 20:51:01 GMT
0.6508288160153898
saa.cbsi.com/b/ss/cbsib2bleadgen/1/G.4--NS/ 		43 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://saa.cbsi.com/b/ss/cbsib2bleadgen/1/G.4--NS/0.6508288160153898?AQB=1&ce=UTF%2D8&events=event66&v0=ftag_cd:LGN22ef1e6&v2=en&v3=desktop&v4=right-rail&v5=zdnet&v10=article&v20=this+banking+malware+just+returned+with+new+sneaky+tricks+to+steal+your+data&v22=content_article&v23=&v24=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&v30=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&v60=33165724,33165723,33166079&v64=2150&v69=&c0=D%3Dv0&c2=D%3Dv2&c3=D%3Dv3&c4=D%3Dv4&c5=D%3Dv5&c10=D%3Dv10&c20=D%3Dv20&c22=D%3Dv22&c23=D%3Dv23&c24=D%3Dv24&c30=D%3Dv30&c60=D%3Dv60&c64=D%3Dv64&c69=D%3Dv69&pe=lnk_o&pev2=medusa_impression&vid=201903140-leadgen-zdnet&mid=90240133173074011141898988208131324462&aid=2D535D450507F28B-40000106A0001145&AQE=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.37 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:21:02 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Fri, 15 Mar 2019 20:21:02 GMT
Server
Omniture DC/2.0.0
xserver
www93
ETag
"3334172078200913920-4672661684697973036"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Wed, 13 Mar 2019 20:21:02 GMT
e.gif
dw.cbsi.com/levt/ria/ 		43 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dw.cbsi.com/levt/ria/e.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&assettitle=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&assettype=content_article&pubdate=2019-03-12%2011%3A05%3A00&viewguid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&devicetype=desktop&sitetype=responsive%20web&author=danny%20palmer&authorid=1aa87593-0f1d-4577-862b-a59b5ec9bc57&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&s8=cnetzdnetglobalsite&v23=cnetzdnetglobalsite&v19=article&v17=113c25b6-ec91-11e3-95d2-02911863765e&v20=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&v16=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&riaevent=impression&comptyp=spot&mapp=medusa_app&objtyp=medusa&eventt=log&v18=security&comp=ucwc&ts=1552594861649&tcset=utf8&im=dsjs&title=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.30.230.22 Fort Lauderdale, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS
phx2-dw-cbsi-xw-ext-lb.cnet.com
Software
Apache/2.4.25 /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:01 GMT
Server
Apache/2.4.25
Vary
*
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate, no-transform
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=80, max=190
Content-Length
43
Expires
Fri, 23 Jan 1970 12:12:12 GMT
pmk-201618008.1.js
widget.perfectmarket.com/cbsinteractive-zdnet/ 		323 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/load.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f72e8df44e82a8066b16ca8ab2d59f8f9ef21fa52c07d8554972f48b5105f13

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
bVoOWfmxkMrYwv2s6Uu9D96fE._5IBqu
content-encoding
gzip
age
12299276
x-cache
HIT, HIT
status
200
date
Thu, 14 Mar 2019 20:21:01 GMT
content-length
91236
x-amz-id-2
T2A7wWXMDNgx2Z35EWhae8i8jDSVEo/Aqmbmta3HbEBKVMhwoZJKjGQuEf/CaAEiaINfKwR6uJs=
x-served-by
cache-lax8642-LAX, cache-hhn1549-HHN
last-modified
Thu, 20 Oct 2016 17:47:53 GMT
server
AmazonS3
x-timer
S1552594862.672625,VS0,VE0
etag
"da73fb2066df9f51d08b6688cfb35441"
vary
Accept-Encoding,,
x-amz-request-id
58FF20717A687DE4
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31536000
accept-ranges
bytes
content-type
text/javascript
x-cache-hits
2400, 3538
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
2047
date
Thu, 14 Mar 2019 19:46:54 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17543
expires
Thu, 14 Mar 2019 21:46:54 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:21:01 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
901
Expires
Fri, 15 Mar 2019 20:21:01 GMT
tboptevent.html
widget.perfectmarket.com/opt/ Frame 43D4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22a%22%3A1%7D%7D
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash

Request headers

:method
GET
:authority
widget.perfectmarket.com
:scheme
https
:path
/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22a%22%3A1%7D%7D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

status
404
server
Varnish
retry-after
0
accept-ranges
bytes
date
Thu, 14 Mar 2019 20:21:01 GMT
via
1.1 varnish
x-served-by
cache-hhn1549-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1552594862.786217,VS0,VE0
content-length
0
domains
api.viglink.com/api/ 		42 B
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.175.204 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-154-175-204.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
d0aba2bb05aedffa1a8e809703e9e7f08d8aab76d5fb35bbf3e9ac9f9c1c9902

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:01 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
www.google-analytics.com/r/ 		35 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j73&aip=1&a=77398718&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data&ul=en-us&de=UTF-8&dt=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=536746415&gjid=916545115&cid=363753286.1552594862&tid=UA-33613588-22&_gid=1316193118.1552594862&_r=1&cd2=other&z=668934340
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:01 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
5f651e72.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://5f651e72.akstat.io/?h.pg=article&h.ab=clear_ads_fix_a_1&when=1552594862031&cdim.Site_View=desktop&t_other=custom3%7C748&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=e2679030d23df464ea467dede723ee795678503e&h.t=1552594858877&http.initiator=api&rt.start=api&rt.si=e7acf12b-2c04-440c-a5d9-c3dbafde46ba&rt.ss=1552594862505&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 14 Mar 2019 20:21:02 GMT
tboptevent.html
widget.perfectmarket.com/opt/ Frame 6C27 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22v%22%3A1%7D%7D
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash

Request headers

:method
GET
:authority
widget.perfectmarket.com
:scheme
https
:path
/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22v%22%3A1%7D%7D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744

Response headers

status
404
server
Varnish
retry-after
0
accept-ranges
bytes
date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
x-served-by
cache-hhn1549-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1552594862.049690,VS0,VE0
content-length
0
/
inqlnfvog763mmf771rou737u.litix.io/ 		0
247 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://inqlnfvog763mmf771rou737u.litix.io/
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/mux.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.17.14 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-204-17-14.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://www.zdnet.com
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:21:02 GMT
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type
Content-Length
0
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, GET
OAS_Countdown_EG_5_700.webm
cbsadsales-a.akamaihd.net/Q1/ 		434 KB
434 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://cbsadsales-a.akamaihd.net/Q1/OAS_Countdown_EG_5_700.webm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.24 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-24.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
99d71bfbd5b10b27442706ec707c0bb51976a9a43ee3ab6bf5d7888d4230e19c

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Range
bytes=0-
chrome-proxy
frfr

Response headers

Date
Thu, 14 Mar 2019 20:21:02 GMT
Last-Modified
Fri, 08 Jun 2018 13:32:14 GMT
Server
Apache
ETag
"d3f484c3ea0c4a83874bef9fb13504ff:1528464734"
Content-Type
video/webm
Content-Range
bytes 0-444471/444472
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
444472
csi
csi.gstatic.com/ 		0
202 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~jt92w6ow&c=6278509153117&met.4=hvd_lc.jt92w6ov~hvd_nd.jt92w6ow~hvd_src.jt92w6ow
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/instream/html5/ima3.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4019:802::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:02 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
204
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatvideo.js
z.moatads.com/cbsiimajsint708425247896/ 		280 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsiimajsint708425247896/moatvideo.js
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
b14e016720fd0d8e3d338716f29d0b33d19bfc93279d0309ba75925c8384f6e6

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:21:02 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Jan 2019 19:12:24 GMT
Server
AmazonS3
x-amz-request-id
780BDF4E208CEEA2
ETag
"d103e7c9f5a7645c4ed8a58c49858657"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31209
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88469
x-amz-id-2
0eMoUmYE//JU2nJTpb0r5Y0qYXR5zl+udXMjMy7xHyu3bXLPtQqGIGAM3365R6Bsi5hUuFl/+Rk=
10d31225525ff5790a490d4d-adobeorg.xml
cbsinteractive.hb.omtrdc.net/settings/ 		228 B
624 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/settings/10d31225525ff5790a490d4d-adobeorg.xml?r=1552594862228
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.156.47 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-44-156-47.compute-1.amazonaws.com
Software
nginx /
Resource Hash
0e4e46fa1aa04c24e793912d7aabaa2f2b0f7dc03d73cf74fbe12cb84f062554

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Date
Thu, 14 Mar 2019 20:21:48 GMT
Last-Modified
Tue, 05 Feb 2019 09:40:20 GMT
Server
nginx
ETag
"5c595a04-e4"
Access-Control-Allow-Methods
OPTIONS,GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Location
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
228
p
sb.scorecardresearch.com/ 		43 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=5000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=0&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1552594862222&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=892&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_an=1&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_st=*null&ns_st_pu=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
s83060243127481
som.cbsi.com/b/ss/cnetzdnetglobalsite/1/JS-2.3.0/ 		43 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://som.cbsi.com/b/ss/cnetzdnetglobalsite/1/JS-2.3.0/s83060243127481?AQB=1&ndh=1&pf=1&t=14%2F2%2F2019%2020%3A21%3A2%204%200&mid=32463149399208463380520886632797588060&aid=2E455BD685315B84-6000010B40003B09&aamlh=6&ce=UTF-8&g=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c.&siteEdition=eu&siteSection=editorial&siteType=responsive%20web&articleId=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&articleType=content_article&articleTitle=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&pageType=article&pageViewGuid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&userState=not%20authenticated&userType=anon&deviceType=desktop&testName=clear_ads_fix&testVersion=1&testGroup=a&siteRsids=cnetzdnetglobalsite&siteCode=zdnet&pageUrl=D%3Dg&sitePrimaryRsid=cnetzdnetglobalsite&userStatus=not%20authenticated&siteHier=zdnet%3Asecurity&test=clear_ads_fix%7C1%7Ca&abtest=clear_ads_fix%7C1%7Ca&videoAuthor=zdnet%20editors&Network=zdnet&tl=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&mediaAutoPlay=true&mediaMuted=true&a.&contentType=vod&media.&name=4f018ff0-2432-434e-84bc-573a55894d06&friendlyName=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&length=46&playerName=UVPJS_2.8.3&view=true&vsid=155259486223174065514&.media&.a&.c&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&pe=ms_s&pev3=video&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&AQE=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.34 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.d2.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:21:03 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Fri, 15 Mar 2019 20:21:03 GMT
Server
Omniture DC/2.0.0
xserver
www90
ETag
"3334172080348397568-6280517118802788460"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Wed, 13 Mar 2019 20:21:03 GMT
/
5f651e72.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://5f651e72.akstat.io/?h.pg=article&h.ab=clear_ads_fix_a_1&when=1552594862244&cdim.Site_View=desktop&t_other=custom2%7C8999&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=e2679030d23df464ea467dede723ee795678503e&h.t=1552594858877&http.initiator=api&rt.start=api&rt.si=e7acf12b-2c04-440c-a5d9-c3dbafde46ba&rt.ss=1552594862505&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.214.229 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-229.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 14 Mar 2019 20:21:02 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSIMAJSINT1&hp=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=8&f=0&j=&o=3&t=1552594862419&de=605339275833&m=0&ar=4f071de90bd-clean&q=2&cb=0&cu=1552594862419&ll=2&lm=0&ln=0&r=0&em=0&en=0&d=%3A%3A4574368938%3A138225997530&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&qs=1&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&fd=1&ac=1&it=500&fs=158226&na=724233223&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:02 GMT
/
cbsinteractive.hb.omtrdc.net/ 		0
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/?s:sc:rsid=cnetzdnetglobalsite&s:sc:tracking_server=som.cbsi.com&h:sc:ssl=1&s:user:aid=2E455BD685315B84-6000010B40003B09&s:user:mid=32463149399208463380520886632797588060&s:aam:blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&l:aam:loc_hint=6&s:sp:sdk=2.0.1&s:sp:player_name=UVPJS_2.8.3&s:sp:hb_version=js-2.0.2.123-150f2b&l:sp:hb_api_lvl=4&s:event:sid=155259486223174065514&s:event:type=start&l:event:duration=1&l:event:playhead=0&l:event:ts=1552594862237&l:event:prev_ts=-1&s:asset:type=main&s:asset:name=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:asset:video_id=4f018ff0-2432-434e-84bc-573a55894d06&s:asset:publisher=10D31225525FF5790A490D4D%40AdobeOrg&l:asset:length=46&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=0&s:meta:siteEdition=eu&s:meta:siteSection=editorial&s:meta:siteType=responsive%20web&s:meta:articleId=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&s:meta:articleType=content_article&s:meta:articleTitle=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&s:meta:pageType=article&s:meta:pageViewGuid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&s:meta:userState=not%20authenticated&s:meta:userType=anon&s:meta:deviceType=desktop&s:meta:testName=clear_ads_fix&s:meta:testVersion=1&s:meta:testGroup=a&s:meta:siteRsids=cnetzdnetglobalsite&s:meta:siteCode=zdnet&s:meta:pageUrl=D%3Dg&s:meta:sitePrimaryRsid=cnetzdnetglobalsite&s:meta:userStatus=not%20authenticated&s:meta:siteHier=zdnet%3Asecurity&s:meta:test=clear_ads_fix%7C1%7Ca&s:meta:abtest=clear_ads_fix%7C1%7Ca&s:meta:videoAuthor=zdnet%20editors&s:meta:Network=zdnet&s:meta:tl=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:meta:mediaAutoPlay=true&s:meta:mediaMuted=true
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.156.47 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-44-156-47.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:21:49 GMT
X-VaRouter-Backend
prod19
Server
nginx
Connection
keep-alive
/
cbsinteractive.hb.omtrdc.net/ 		0
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/?s:sc:rsid=cnetzdnetglobalsite&s:sc:tracking_server=som.cbsi.com&h:sc:ssl=1&s:user:aid=2E455BD685315B84-6000010B40003B09&s:user:mid=32463149399208463380520886632797588060&s:aam:blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&l:aam:loc_hint=6&s:sp:sdk=2.0.1&s:sp:player_name=UVPJS_2.8.3&s:sp:hb_version=js-2.0.2.123-150f2b&l:sp:hb_api_lvl=4&s:event:sid=155259486223174065514&s:event:type=start&l:event:duration=0&l:event:playhead=0&l:event:ts=1552594862240&l:event:prev_ts=-1&s:asset:type=ad&s:asset:name=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:asset:video_id=4f018ff0-2432-434e-84bc-573a55894d06&s:asset:publisher=10D31225525FF5790A490D4D%40AdobeOrg&l:asset:length=46&s:asset:ad_id=4574368938&s:asset:ad_sid=1552594862240224735548&s:asset:resolver=UVPJS_2.8.3&s:asset:pod_id=1c2651525904e5ad5dbf22c913b3cdbc_1&s:asset:pod_position=1&l:asset:pod_offset=0&s:asset:pod_name=OAS_Countdown_EG_5&l:asset:ad_length=5&s:asset:ad_name=OAS_Countdown_EG_5&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=0&s:meta:siteEdition=eu&s:meta:siteSection=editorial&s:meta:siteType=responsive%20web&s:meta:articleId=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&s:meta:articleType=content_article&s:meta:articleTitle=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&s:meta:pageType=article&s:meta:pageViewGuid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&s:meta:userState=not%20authenticated&s:meta:userType=anon&s:meta:deviceType=desktop&s:meta:testName=clear_ads_fix&s:meta:testVersion=1&s:meta:testGroup=a&s:meta:siteRsids=cnetzdnetglobalsite&s:meta:siteCode=zdnet&s:meta:pageUrl=D%3Dg&s:meta:sitePrimaryRsid=cnetzdnetglobalsite&s:meta:userStatus=not%20authenticated&s:meta:siteHier=zdnet%3Asecurity&s:meta:test=clear_ads_fix%7C1%7Ca&s:meta:abtest=clear_ads_fix%7C1%7Ca&s:meta:videoAuthor=zdnet%20editors&s:meta:Network=zdnet&s:meta:tl=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:meta:mediaAutoPlay=true&s:meta:mediaMuted=true
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.44.156.47 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-44-156-47.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:21:49 GMT
X-VaRouter-Backend
prod19
Server
nginx
Connection
keep-alive
/
cbsinteractive.hb.omtrdc.net/ 		0
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/?s:sc:rsid=cnetzdnetglobalsite&s:sc:tracking_server=som.cbsi.com&h:sc:ssl=1&s:user:aid=2E455BD685315B84-6000010B40003B09&s:user:mid=32463149399208463380520886632797588060&s:aam:blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&l:aam:loc_hint=6&s:cuser:userId.as=0&s:cuser:puuid.as=0&s:sp:sdk=2.0.1&s:sp:player_name=UVPJS_2.8.3&s:sp:hb_version=js-2.0.2.123-150f2b&l:sp:hb_api_lvl=4&s:event:sid=155259486223174065514&s:event:type=aa_start&l:event:duration=0&l:event:playhead=0&l:event:ts=1552594862255&l:event:prev_ts=-1&s:asset:type=main&s:asset:name=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:asset:video_id=4f018ff0-2432-434e-84bc-573a55894d06&s:asset:publisher=10D31225525FF5790A490D4D%40AdobeOrg&l:asset:length=46&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=0
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.83.62.79 Fairfield, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-83-62-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:20:47 GMT
X-VaRouter-Backend
prod19
Server
nginx
Connection
keep-alive
/
cbsinteractive.hb.omtrdc.net/ 		0
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/?s:sc:rsid=cnetzdnetglobalsite&s:sc:tracking_server=som.cbsi.com&h:sc:ssl=1&s:user:aid=2E455BD685315B84-6000010B40003B09&s:user:mid=32463149399208463380520886632797588060&s:aam:blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&l:aam:loc_hint=6&s:sp:sdk=2.0.1&s:sp:player_name=UVPJS_2.8.3&s:sp:hb_version=js-2.0.2.123-150f2b&l:sp:hb_api_lvl=4&s:event:sid=155259486223174065514&s:event:type=aa_ad_start&l:event:duration=0&l:event:playhead=0&l:event:ts=1552594862256&l:event:prev_ts=-1&s:asset:type=ad&s:asset:name=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:asset:video_id=4f018ff0-2432-434e-84bc-573a55894d06&s:asset:publisher=10D31225525FF5790A490D4D%40AdobeOrg&l:asset:length=46&s:asset:ad_id=4574368938&s:asset:ad_sid=1552594862240224735548&s:asset:resolver=UVPJS_2.8.3&s:asset:pod_id=1c2651525904e5ad5dbf22c913b3cdbc_1&s:asset:pod_position=1&l:asset:pod_offset=0&s:asset:pod_name=OAS_Countdown_EG_5&l:asset:ad_length=5&s:asset:ad_name=OAS_Countdown_EG_5&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=0
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.83.62.79 Fairfield, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-83-62-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:20:47 GMT
X-VaRouter-Backend
prod19
Server
nginx
Connection
keep-alive
json
trc.taboola.com/cbsinteractive-zdnet/trc/3/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/cbsinteractive-zdnet/trc/3/json?tim=20%3A21%3A02.552&data=%7B%22id%22%3A775%2C%22ii%22%3A%22%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1552594862549%2C%22cv%22%3A%22349-494-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22bw%22%3A1600%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22qs%22%3A%22%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22ZDNETarticleDesktop%2FTablet-Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22ZDNETarticleDesktop%2FTablet-Below%20Article%20Thumbnails%22%2C%22cd%22%3A3489.125%2C%22mw%22%3A770%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22normal%22%7D
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.349-494-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
47df27d53a150e553c96eec9213fa3c3b3a4a07091e09e6cc672730e87c79bcd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
content-encoding
gzip
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
200
via
1.1 varnish
x-served-by
cache-hhn1540-HHN
server
nginx
x-timer
S1552594863.583924,VS0,VE287
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
/
inqlnfvog763mmf771rou737u.litix.io/ 		43 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://inqlnfvog763mmf771rou737u.litix.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.17.14 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-204-17-14.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Access-Control-Allow-Methods
POST, GET
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache,no-store,must-revalidate
Connection
keep-alive
Content-Length
43
Expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&kq=1&lo=0&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&bq=8&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=109&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=3889&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=19&an=0&gf=19&gg=0&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=19&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&hj=0&pv=0&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=38&cd=0&ah=38&am=0&dq=38&dr=0&ds=38&dt=0&zx=0&vm=0&vl=0&vt=0&vd=0&zMoatSRE=0&zMoatVSD=0&hc=0&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&eb=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1651771192&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:02 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=29&q=0&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&bq=8&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=113&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=3889&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=19&an=19&gf=19&gg=19&ez=1&aj=1&pg=100&pf=100&ib=0&cc=0&bw=19&bx=19&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&hj=0&pv=0&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=38&cd=38&ah=38&am=38&dq=38&dr=38&ds=38&dt=38&zx=0&vm=0&vl=0&vt=0&vd=0&zMoatSRE=0&zMoatVSD=0&hc=0&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&eb=1&ef=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1457035092&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:02 GMT
userx.349-494-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/userx.349-494-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f1555c5caec4e707678b569a1dd60bd8dd64293ff6e09d8b9027739cefa1d79

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
m.yvtQYL0rIbgTJGb8xJGmwyz3MHCgWl
content-encoding
gzip
age
20
x-cache
HIT
status
200
date
Thu, 14 Mar 2019 20:21:02 GMT
x-amz-replication-status
PENDING
content-length
7624
x-amz-id-2
7def0qTcQMLsUUkLvwKdqa+oJHZ7BKudGPKuRlH+MM+75duAx8JFOzaGnF8WjQZ+tULXHjlkjDE=
x-served-by
cache-hhn1540-HHN
last-modified
Thu, 14 Mar 2019 20:20:41 GMT
server
AmazonS3
x-timer
S1552594863.900299,VS0,VE0
etag
"576a4afae6daaf6d573dc397fa9992c0"
vary
Accept-Encoding
x-amz-request-id
DA9BB011EB03C9B1
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
70
x-cache-hits
66
social
trc.taboola.com/cbsinteractive-zdnet/log/3/ 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/cbsinteractive-zdnet/log/3/social?ri=29bd7a5e407e8a30db374aeb853d31e3&sd=v2_cadb84b35f9a7b9eda72ad7ea0ecd536_de9c2b68-c86f-498a-98f0-9570b8cc4016-tuct3843d2e_1552594862_1552594862_CNawjgYQzro_GNWD9u6XLSABKAEwODib4wlAiYoQSIOXHVCj7BBYAWAA&ui=de9c2b68-c86f-498a-98f0-9570b8cc4016-tuct3843d2e&pi=/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data&wi=-7562137714401880870&pt=text&vi=1552594862549&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A2%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A2%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22%22%2C%22sec%22%3A%22%22%2C%22aut%22%3A%22%22%2C%22img%22%3A%22%22%2C%22v%22%3A13%7D%5D%7D&tim=20%3A21%3A02.908&id=4551&llvl=1&cv=349-494-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
server
nginx
x-timer
S1552594863.917584,VS0,VE11
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
204
cache-control
no-cache
access-control-allow-credentials
true
x-cache-hits
0
accept-ranges
bytes
content-type
image/gif
access-control-allow-origin
*
x-served-by
cache-hhn1540-HHN
social
trc.taboola.com/cbsinteractive-zdnet/log/3/ 		0
84 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/cbsinteractive-zdnet/log/3/social?ri=29bd7a5e407e8a30db374aeb853d31e3&sd=v2_cadb84b35f9a7b9eda72ad7ea0ecd536_de9c2b68-c86f-498a-98f0-9570b8cc4016-tuct3843d2e_1552594862_1552594862_CNawjgYQzro_GNWD9u6XLSABKAEwODib4wlAiYoQSIOXHVCj7BBYAWAA&ui=de9c2b68-c86f-498a-98f0-9570b8cc4016-tuct3843d2e&pi=/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data&wi=-7562137714401880870&pt=text&vi=1552594862549&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22ln%22%3A%22above-fold%22%2C%22lx%22%3A362%2C%22ly%22%3A440%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=20%3A21%3A02.908&id=2432&llvl=1&cv=349-494-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
server
nginx
x-timer
S1552594863.917836,VS0,VE8
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
204
cache-control
no-cache
access-control-allow-credentials
true
x-cache-hits
0
accept-ranges
bytes
content-type
image/gif
access-control-allow-origin
*
x-served-by
cache-hhn1540-HHN
social
trc.taboola.com/cbsinteractive-zdnet/log/3/ 		0
196 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/cbsinteractive-zdnet/log/3/social?ri=29bd7a5e407e8a30db374aeb853d31e3&sd=v2_cadb84b35f9a7b9eda72ad7ea0ecd536_de9c2b68-c86f-498a-98f0-9570b8cc4016-tuct3843d2e_1552594862_1552594862_CNawjgYQzro_GNWD9u6XLSABKAEwODib4wlAiYoQSIOXHVCj7BBYAWAA&ui=de9c2b68-c86f-498a-98f0-9570b8cc4016-tuct3843d2e&pi=/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data&wi=-7562137714401880870&pt=text&vi=1552594862549&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22ln%22%3A%22above-fold%22%2C%22lx%22%3A670%2C%22ly%22%3A440%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=20%3A21%3A02.909&id=8275&llvl=1&cv=349-494-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
server
nginx
x-timer
S1552594863.917866,VS0,VE10
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
204
cache-control
no-cache
access-control-allow-credentials
true
x-cache-hits
0
accept-ranges
bytes
content-type
image/gif
access-control-allow-origin
*
x-served-by
cache-hhn1540-HHN
available
trc.taboola.com/cbsinteractive-zdnet/log/3/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/cbsinteractive-zdnet/log/3/available
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.349-494-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
server
nginx
x-timer
S1552594863.923271,VS0,VE9
x-served-by
cache-hhn1540-HHN
status
204
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
shutterstock_347702339_1000x600_583cf22f8dcfd16836b5153817f790bc.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a54d8613-525c-43e2-bfbe-4a5d2fb48335/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a54d8613-525c-43e2-bfbe-4a5d2fb48335/shutterstock_347702339_1000x600_583cf22f8dcfd16836b5153817f790bc.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
9a6dbff4c8e28ee0dc73c2b59cf9d582479febda913405635129f5241b2ab3cb

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
1070501
x-cache
HIT
status
200
expiration
expiry-date="Thu, 07 Mar 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a54d8613-525c-43e2-bfbe-4a5d2fb48335/shutterstock_347702339_1000x600_583cf22f8dcfd16836b5153817f790bc.png
content-length
13308
x-served-by
cache-hhn1540-HHN
last-modified
Mon, 04 Feb 2019 11:03:40 GMT
server
cloudinary
x-timer
S1552594863.948953,VS0,VE0
etag
"7856fdd29569b4432e1bf01c1cdbec98"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
57
3205cafa97abe856047f8119103ad879.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3205cafa97abe856047f8119103ad879.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
63c54de58501e037de4ba5e087be2f77f0c0af9fcaebbb8e4f9b5decb96e13b9

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
1804662
x-cache
HIT
status
200, 200 OK
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3205cafa97abe856047f8119103ad879.jpg
content-length
30255
x-request-id
032bb39d17917b0d
x-served-by
cache-hhn1540-HHN
last-modified
Thu, 21 Feb 2019 15:29:54 GMT
server
cloudinary
x-timer
S1552594863.949201,VS0,VE0
etag
"d65a76aadb6e304575693822ea2d6146"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
67
42d6ff5a46930121cf378151242e7de1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/42d6ff5a46930121cf378151242e7de1.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
23aa145b7c572abba67dd9a4221074ad4c53da05de592da1324f35c1b6235132

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
732776
x-cache
HIT
status
200
expiration
expiry-date="Mon, 18 Mar 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/42d6ff5a46930121cf378151242e7de1.jpg
content-length
16082
x-served-by
cache-hhn1540-HHN
last-modified
Fri, 15 Feb 2019 20:01:23 GMT
server
cloudinary
x-timer
S1552594863.949008,VS0,VE1
etag
"43878993a0af97362ddb79352b833174"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
b788488d2056a33041487c6ca4995644.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b788488d2056a33041487c6ca4995644.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
a4616611e7b6cd068e161a91269a2506fcc45e2416e15a645ddf077ed7a504d2

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
946947
x-cache
HIT
status
200
expiration
expiry-date="Mon, 04 Mar 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b788488d2056a33041487c6ca4995644.jpg
content-length
12277
x-served-by
cache-hhn1540-HHN
last-modified
Fri, 01 Feb 2019 21:12:15 GMT
server
cloudinary
x-timer
S1552594863.949188,VS0,VE0
etag
"10a99db8520a49f82f86148e8e73160a"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
78
1de5edc3530ef6e520f7c731e1378900.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1de5edc3530ef6e520f7c731e1378900.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
c7061d9afd26edf53ac2f579d2eba69a428603cfa57f5b01b8080fa7dff7b5d8

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
2444488
x-cache
HIT
status
200
expiration
expiry-date="Fri, 15 Feb 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1de5edc3530ef6e520f7c731e1378900.jpg
content-length
6891
x-served-by
cache-hhn1540-HHN
last-modified
Tue, 15 Jan 2019 11:37:13 GMT
server
cloudinary
x-timer
S1552594863.949199,VS0,VE0
etag
"86c78ed85f1d3a25cf19d9c48ce41a16"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
2671f1cc28920f66d520b0b9d67154d0.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2671f1cc28920f66d520b0b9d67154d0.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
8b5acce407d23bddf1034e28911490bad044010c1eae101467928b5def538ade

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
143043
x-cache
HIT
status
200
expiration
expiry-date="Fri, 05 Apr 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2671f1cc28920f66d520b0b9d67154d0.jpg
content-length
8530
x-served-by
cache-hhn1540-HHN
last-modified
Tue, 05 Mar 2019 13:34:55 GMT
server
cloudinary
x-timer
S1552594863.949223,VS0,VE0
etag
"b030a53246f9ca786b656630cb45e647"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
630
6e5397c5a3f39d4b8e6ceaca02c6ce73.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6e5397c5a3f39d4b8e6ceaca02c6ce73.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
a958258d13893fddd73b8d56084a3862f2bbbaf0ed3e49a39e7e0c953971d430

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
1964743
x-cache
HIT
status
200
expiration
expiry-date="Wed, 06 Mar 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6e5397c5a3f39d4b8e6ceaca02c6ce73.jpg
content-length
8816
x-served-by
cache-hhn1540-HHN
last-modified
Sun, 03 Feb 2019 08:30:52 GMT
server
cloudinary
x-timer
S1552594863.961032,VS0,VE0
etag
"7bfdd0ad69b080b39406258cb6a6e8a8"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
96
938abc09496d266eef8cd77c996b1877.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/938abc09496d266eef8cd77c996b1877.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
a125ff36a366640891258dcd29a925de26081d914838e95c6e763fca15698218

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:02 GMT
via
1.1 varnish
age
1264843
x-cache
HIT
status
200, 200 OK
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/938abc09496d266eef8cd77c996b1877.jpg
content-length
13481
x-request-id
da3301eb36025d6f
x-served-by
cache-hhn1540-HHN
last-modified
Tue, 26 Feb 2019 14:15:46 GMT
server
cloudinary
x-timer
S1552594863.961006,VS0,VE0
etag
"370141c08f8c07706e50b3bd8938a094"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
2
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 		254 B
795 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.349-494-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via
1.1 varnish
age
1421106
x-cache
HIT
status
200
date
Thu, 14 Mar 2019 20:21:02 GMT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
XvamycYj5i9elo1HIxQVWoqB3bzM0MDs3mgweXjpvYdi7ZZIyzbyvzEvbwKvdJGIx5LiaLJce0k=
x-served-by
cache-hhn1540-HHN
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1552594863.945767,VS0,VE0
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
x-req
/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
x-amz-request-id
093E8082E423E036
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/png
abp
70
x-cache-hits
576964
domains
api.viglink.com/api/ 		42 B
487 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.175.204 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-154-175-204.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
99c3e619b374e379e701e041c25b7b49a9ef5e54af7ec68ef448e541a24a96d0

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:02 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT
s81332102622243
som.cbsi.com/b/ss/cnetzdnetglobalsite/1/JS-2.3.0/ 		43 B
616 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://som.cbsi.com/b/ss/cnetzdnetglobalsite/1/JS-2.3.0/s81332102622243?AQB=1&ndh=1&pf=1&t=14%2F2%2F2019%2020%3A21%3A2%204%200&mid=32463149399208463380520886632797588060&aid=2E455BD685315B84-6000010B40003B09&aamlh=6&ce=UTF-8&g=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c.&a.&media.&vsid=155259486223174065514&name=4f018ff0-2432-434e-84bc-573a55894d06&playerName=UVPJS_2.8.3&friendlyName=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&length=46&ad.&name=4574368938&friendlyName=OAS_Countdown_EG_5&podFriendlyName=OAS_Countdown_EG_5&length=5&playerName=UVPJS_2.8.3&pod=1c2651525904e5ad5dbf22c913b3cdbc_1&podPosition=1&podSecond=0.0&view=true&.ad&.media&contentType=vod&.a&siteEdition=eu&siteSection=editorial&siteType=responsive%20web&articleId=5ed764c9-fc60-49dd-a1e9-54d332fb4fe2&articleType=content_article&articleTitle=this%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data&pageType=article&pageViewGuid=9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb&userState=not%20authenticated&userType=anon&deviceType=desktop&testName=clear_ads_fix&testVersion=1&testGroup=a&siteRsids=cnetzdnetglobalsite&siteCode=zdnet&pageUrl=D%3Dg&sitePrimaryRsid=cnetzdnetglobalsite&userStatus=not%20authenticated&siteHier=zdnet%3Asecurity&test=clear_ads_fix%7C1%7Ca&abtest=clear_ads_fix%7C1%7Ca&videoAuthor=zdnet%20editors&Network=zdnet&tl=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&mediaAutoPlay=true&mediaMuted=true&.c&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&pe=msa_s&pev3=videoAd&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&AQE=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.140.43.34 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
cbsi.com.ssl.d2.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 14 Mar 2019 20:21:03 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Fri, 15 Mar 2019 20:21:03 GMT
Server
Omniture DC/2.0.0
xserver
www204
ETag
"3334172080348397568-5034110828824003073"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Wed, 13 Mar 2019 20:21:03 GMT
m
secure-us.imrworldwide.com/cgi-bin/ 		44 B
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-700144&c29=plid,15525948614262120&c30=bldv,6.0.0.326&c6=vc,c01&c3=st,a&cg=ZDNet%20Video&tl=dav0-New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&c9=devid,&pr=iag.sid,1000011&pr=iag.tfid,902&pr=iag.bcr,us-700144&pr=iag.pgm,New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&pr=iag.epi,New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn%7C%7C%7Csf&pr=iag.seg,1&pr=iag.pd,www.zdnet.com&pr=iag.brn,us-700144&pr=iag.ap,pre&pr=iag.cte,&pr=iag.oad,na&pr=iag.fp,sf&pr=iag.pod,1_1_1_1&pr=iag.apt,na&pr=iag.cp,soc&c10=plt,&c26=dmap,3&tp=gg&c24=zip,99&uoo=&c68=bndlid,&c61=createtm,1552594863&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c62=sendTime,1552594863&rnd=11122
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.72.142.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-142-23.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:03 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status
200
cache-control
no-cache
content-type
image/gif
content-length
44
expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=1218&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1181&an=19&gi=1&gf=1181&gg=19&ez=1&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&cc=1&bw=1181&bx=19&jz=999&dj=1&dx=1&aa=1&ad=1084&cn=0&gn=1&gk=1084&gl=0&cp=999&cq=1&cr=1&hj=0&pv=0&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=999&cd=38&ah=999&am=38&dq=999&dr=38&ds=999&dt=38&zx=0&vm=1&vl=0&vt=272&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&hc=0&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&ef=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=2102843218&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:03 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:03 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=1220&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1181&an=1181&gi=1&gf=1181&gg=1181&ez=1&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&cc=1&bw=1181&bx=1181&jz=999&dj=1&dx=1&aa=1&ad=1084&cn=1084&gn=1&gk=1084&gl=1084&cp=999&cq=1&cr=1&hj=0&pv=0&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=999&cd=999&ah=999&am=999&dq=999&dr=999&ds=999&dt=999&zx=0&vm=1&vl=272&vt=272&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&hc=0&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&ef=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=206960313&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:03 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:03 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=29&q=1&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=1278&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1181&an=1181&gi=1&gf=1181&gg=1181&ez=1&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&cc=1&bw=1181&bx=1181&jz=999&dj=1&dx=1&aa=1&ad=1084&cn=1084&gn=1&gk=1084&gl=1084&cp=999&cq=1&cr=1&hj=0&pv=0&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1200&cd=999&ah=1200&am=999&dq=1200&dr=999&ds=1200&dt=999&zx=0&vm=1&vl=272&vt=272&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&ef=1&eg=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1092844794&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:03 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:03 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ima_sdk_v&v=h.3.286.0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 14 Mar 2019 20:21:03 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=1280&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1181&an=1181&gi=1&gf=1181&gg=1181&ez=1&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&cc=1&bw=1181&bx=1181&jz=999&dj=1&dx=1&aa=1&ad=1084&cn=1084&gn=1&gk=1084&gl=1084&cp=999&cq=1&cr=1&hj=0&pv=0&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1200&cd=1200&ah=1200&am=1200&dq=1200&dr=1200&ds=1200&dt=1200&zx=0&vm=1&vl=272&vt=272&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&ef=1&eg=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1612833625&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:03 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:03 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=6&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=2227&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=2190&an=1181&gi=1&gf=2190&gg=1181&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=2190&bx=1181&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=2093&cn=1084&gn=1&gk=2093&gl=1084&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=0&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2008&cd=1200&ah=2008&am=1200&dq=2008&dr=1200&ds=2008&dt=1200&zx=0&vm=1&vl=272&vt=505&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=2190&fj=0&ef=1&eg=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=431586468&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:04 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:04 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=7&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=2228&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=2190&an=2190&gi=1&gf=2190&gg=2190&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=2190&bx=2190&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=2093&cn=2093&gn=1&gk=2093&gl=2093&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=0&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2008&cd=2008&ah=2008&am=2008&dq=2008&dr=2008&ds=2008&dt=2008&zx=0&vm=1&vl=505&vt=505&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=2190&fj=2190&ef=1&eg=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=872216651&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:04 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:04 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=29&q=2&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=8&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=2528&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=2393&an=2190&gi=1&gf=2393&gg=2190&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=2393&bx=2190&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=2296&cn=2093&gn=1&gk=2296&gl=2093&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=0&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2412&cd=2008&ah=2412&am=2008&dq=2412&dr=2008&ds=2412&dt=2008&zx=0&vm=1&vl=505&vt=552&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=2393&fj=2190&ef=1&eg=1&eh=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1425137565&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:04 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:04 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=2&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=9&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=2632&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=2596&an=2393&gi=1&gf=2596&gg=2393&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=2596&bx=2393&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=2499&cn=2296&gn=1&gk=2499&gl=2296&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2412&cd=2412&ah=2412&am=2412&dq=2412&dr=2412&ds=2412&dt=2412&zx=0&vm=1&vl=552&vt=599&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=2596&fj=2393&ef=1&eg=1&eh=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1554641626&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:05 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:05 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=10&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=2634&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=2596&an=2596&gi=1&gf=2596&gg=2596&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=2596&bx=2596&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=2499&cn=2499&gn=1&gk=2499&gl=2499&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2615&cd=2412&ah=2615&am=2412&dq=2615&dr=2412&ds=2615&dt=2412&zx=0&vm=1&vl=599&vt=599&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=2596&fj=2596&ef=1&eg=1&eh=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=187504858&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:05 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:05 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=3&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=11&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=2835&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=2798&an=2596&gi=1&gf=2798&gg=2596&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=2798&bx=2596&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=2701&cn=2499&gn=1&gk=2701&gl=2499&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2615&cd=2615&ah=2615&am=2615&dq=2615&dr=2615&ds=2615&dt=2615&zx=0&vm=1&vl=599&vt=646&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=2798&fj=2596&ef=1&eg=1&eh=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=960014095&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:05 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:05 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=29&q=3&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=12&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=3778&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=3604&an=2798&gi=1&gf=3604&gg=2798&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=3604&bx=2798&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=3507&cn=2701&gn=1&gk=3507&gl=2701&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3623&cd=2615&ah=3623&am=2615&dq=3623&dr=2615&ds=3623&dt=2615&zx=0&vm=1&vl=646&vt=832&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=3604&fj=2798&ef=1&eg=1&eh=1&ei=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=673265905&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:06 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:06 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=3&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=13&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=3842&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=3805&an=3604&gi=1&gf=3805&gg=3604&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=3805&bx=3604&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=3708&cn=3507&gn=1&gk=3708&gl=3507&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3824&cd=3623&ah=3824&am=3623&dq=3824&dr=3623&ds=3824&dt=3623&zx=0&wa=2&vm=1&vl=832&vt=878&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=3805&fj=3604&ef=1&eg=1&eh=1&ei=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=1361156605&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:06 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:06 GMT
/
inqlnfvog763mmf771rou737u.litix.io/ 		0
247 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://inqlnfvog763mmf771rou737u.litix.io/
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/mux.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.17.14 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-204-17-14.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://www.zdnet.com
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:21:07 GMT
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type
Content-Length
0
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, GET
/
inqlnfvog763mmf771rou737u.litix.io/ 		43 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://inqlnfvog763mmf771rou737u.litix.io/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.17.14 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-204-17-14.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:07 GMT
Access-Control-Allow-Methods
POST, GET
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache,no-store,must-revalidate
Connection
keep-alive
Content-Length
43
Expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=29&q=4&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=14&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=4765&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=4612&an=3805&gi=1&gf=4612&gg=3805&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=4612&bx=3805&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=4515&cn=3708&gn=1&gk=4515&gl=3708&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4631&cd=3824&ah=4631&am=3824&dq=4631&dr=3824&ds=4631&dt=3824&zx=0&wa=2&vm=1&vl=878&vt=1065&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&du=62&eb=1&ec=9288&fh=2190&fi=4612&fj=3805&ef=1&eg=1&eh=1&ei=1&ej=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=283647097&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:07 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:07 GMT
p2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_s...
  • https://sb.scorecardresearch.com/p2?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_...
43 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=4975&ns_st_cl=5000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=0&ns_st_pt=4975&ns_st_dpt=4975&ns_st_ipt=4975&ns_st_et=4975&ns_st_det=4975&ns_st_upc=4975&ns_st_dupc=4975&ns_st_iupc=4975&ns_st_upa=4975&ns_st_dupa=4975&ns_st_iupa=4975&ns_st_lpc=4975&ns_st_dlpc=4975&ns_st_lpa=4975&ns_st_dlpa=4975&ns_st_pa=4975&ns_ts=1552594867197&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_an=1&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_st=*null&ns_st_pu=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:07 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://sb.scorecardresearch.com/p2?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=4975&ns_st_cl=5000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=0&ns_st_pt=4975&ns_st_dpt=4975&ns_st_ipt=4975&ns_st_et=4975&ns_st_det=4975&ns_st_upc=4975&ns_st_dupc=4975&ns_st_iupc=4975&ns_st_upa=4975&ns_st_dupa=4975&ns_st_iupa=4975&ns_st_lpc=4975&ns_st_dlpc=4975&ns_st_lpa=4975&ns_st_dlpa=4975&ns_st_pa=4975&ns_ts=1552594867197&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_an=1&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_st=*null&ns_st_pu=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=
Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:07 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
banking-trojan-jumps-from-poland-to-spain.m3u8
www.zdnet.com/video/manifest/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/video/manifest/banking-trojan-jumps-from-poland-to-spain.m3u8?device=ott&change-to-host=techrepublicmedia.akamaized.net&secure=true
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
9856212bc694c334a1cf96ddd308c8fcc14b91600d92ad438f046f8fcb9913f4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/video/manifest/banking-trojan-jumps-from-poland-to-spain.m3u8?device=ott&change-to-host=techrepublicmedia.akamaized.net&secure=true
pragma
no-cache
cookie
GED_PLAYLIST_ACTIVITY=W3sidSI6IlpzdDciLCJ0c2wiOjE1NTI1OTQ4NjYsIm52IjowLCJ1cHQiOjE1NTI1OTQ4NTYsImx0IjoxNTUyNTk0ODU2fV0.; muxData=sid=76cc8ac8-dc3d-471d-b60c-54596dd75757&sst=1552594867189&sex=1552596367206
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.zdnet.com
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
:scheme
https
:method
GET
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
373
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 Mar 2019 20:06:17 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:21:07 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
a1b7515a-db2e-445b-944f-85858636bc67
content-type
application/x-mpegURL
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
set-cookie
fly_device=desktop; expires=Thu, 21-Mar-2019 20:21:07 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Thu, 21-Mar-2019 20:21:07 GMT; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_default_edition=eu; path=/; domain=.zdnet.com; secure
accept-ranges
bytes
expires
Thu, 14 Mar 2019 21:36:17 GMT
/
www.zdnet.com/video/related-videos-xhr/banking-trojan-jumps-from-poland-to-spain/ 		32 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/video/related-videos-xhr/banking-trojan-jumps-from-poland-to-spain/
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
235fe8e135d64dcfdab425bc75681b0890a7fc32f28fefd64b2d1c6242547630
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/video/related-videos-xhr/banking-trojan-jumps-from-poland-to-spain/
pragma
no-cache
cookie
GED_PLAYLIST_ACTIVITY=W3sidSI6IlpzdDciLCJ0c2wiOjE1NTI1OTQ4NjYsIm52IjowLCJ1cHQiOjE1NTI1OTQ4NTYsImx0IjoxNTUyNTk0ODU2fV0.; muxData=sid=76cc8ac8-dc3d-471d-b60c-54596dd75757&sst=1552594867189&sex=1552596367206
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
5067
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 Mar 2019 20:06:17 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:21:07 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
762d6b3f-fe18-4608-8ed9-4a3f7f4c85a5
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
set-cookie
fly_device=desktop; expires=Thu, 21-Mar-2019 20:21:07 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Thu, 21-Mar-2019 20:21:07 GMT; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_default_edition=eu; path=/; domain=.zdnet.com; secure ak_bmsc=39050C2D935877DCD8E7BD4FB17148060210BAB7CD700000B3B78A5C1865AC63~plQhQBLYcMa9QkutjmVwyXGxwxX4YEBR2393Vf5jfe+alz9TVyYy7+xN5okNqqPRvTGCpH81/nWWiAc8wgNLqWf5JvwW3ZgpIzDmcGjZGvlrckGnCy9nHJbO1rbSi+z5Hj2be8wa8mU5DnbxFTw72bgnG8v0Mi2VCr1kx8IMF9vY097E7oFc8YoVBMFnOg/OHLTCiO4AnK1WEG1VfsvQ6GxgqStd0quALAFB5wDeR6RkU=; expires=Thu, 14 Mar 2019 22:21:07 GMT; max-age=7200; path=/; domain=.zdnet.com; HttpOnly
accept-ranges
bytes
expires
Thu, 14 Mar 2019 21:36:17 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=28&q=0&hp=1&kq=1&lo=0&tr=1&ua=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSIMAJSINT1&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23yAb%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)Wx%7C*E%24%3D!L2ux%7Ci_lOfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BA&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBBBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9TiFF3dOKBCBBxBBBBBBBfBz1BD7fB3BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002100&qr=0&vf=1&vg=100&bq=8&g=15&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=433&w=770&om=0&fy=207.5&gp=505&f=0&j=&o=3&t=1552594862419&de=605339275833&cu=1552594862419&m=4766&ar=4f071de90bd-clean&cb=0&zMoatSc=1600x1200&zMoatVp=1600x1200&zMoatRawVp=1600x1200&ll=2&lm=0&ln=0&r=0&dl=0&dm=1000&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=505&lb=4447&le=1&gm=1&io=1&ct=undefined&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=4612&an=4612&gi=1&gf=4612&gg=4612&ez=1&ck=2190&kw=999&aj=1&pg=100&pf=100&ib=0&dw=1&ka=1&kb=1&cc=1&bw=4612&bx=4612&ci=2190&jz=999&dj=1&dx=1&undefined=1&aa=1&ad=4515&cn=4515&gn=1&gk=4515&gl=4515&co=2093&cp=999&cq=1&cr=1&ew=1&ex=1&hj=1&pv=1&vk=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4631&cd=4631&ah=4631&am=4631&dq=4631&dr=4631&ds=4631&dt=4631&zx=0&wa=2&vm=1&vl=1065&vt=1065&vd=0&zMoatSRE=0.17365104166666667&zMoatVSD=5&dh=5000&hc=1&er=0&es=0&gs=0&gt=0&eu=0&ev=0&et=1&dp=0&dz=1&ea=1&du=62&eb=1&ec=9288&fh=2190&fi=4612&fj=4612&ef=1&eg=1&eh=1&ei=1&ej=1&rf=0&re=0&cl=0&at=0&d=%3A%3A4574368938%3A138225997530&dfp=0%2C1&la=4574368938&zMoatPL=vaw-can&zMoatPL2=zdnet&bo=vaw-can&bd=zdnet&gw=cbsiimajsint708425247896&zMoatPT=article&zMoatTest=clear_ads_fix%7C1%7Ca&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&or=0&oq=1&ot=ff&zMoatJS=2%3A&tc=0&fs=158226&na=2006775955&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:07 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Thu, 14 Mar 2019 20:21:07 GMT
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800.m3u8
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		879 B
436 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800.m3u8
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e9c7cb8be27d51672066ff8810d58097845ea52672d72ec7e3e1002f9337727a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
last-modified
Mon, 27 Aug 2018 17:46:42 GMT
server
Apache
status
200
etag
"cf827a026791c2e68d3287e5424a16db:1535392005"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
219
/
cbsinteractive.hb.omtrdc.net/ 		0
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/?s:sc:rsid=cnetzdnetglobalsite&s:sc:tracking_server=som.cbsi.com&h:sc:ssl=1&s:user:aid=2E455BD685315B84-6000010B40003B09&s:user:mid=32463149399208463380520886632797588060&s:aam:blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&l:aam:loc_hint=6&s:sp:sdk=2.0.1&s:sp:player_name=UVPJS_2.8.3&s:sp:hb_version=js-2.0.2.123-150f2b&l:sp:hb_api_lvl=4&s:event:sid=155259486223174065514&s:event:type=play&l:event:duration=4958&l:event:playhead=0&l:event:ts=1552594867198&l:event:prev_ts=-1&s:asset:type=ad&s:asset:name=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:asset:video_id=4f018ff0-2432-434e-84bc-573a55894d06&s:asset:publisher=10D31225525FF5790A490D4D%40AdobeOrg&l:asset:length=46&s:asset:ad_id=4574368938&s:asset:ad_sid=1552594862240224735548&s:asset:resolver=UVPJS_2.8.3&s:asset:pod_id=1c2651525904e5ad5dbf22c913b3cdbc_1&s:asset:pod_position=1&l:asset:pod_offset=0&s:asset:pod_name=OAS_Countdown_EG_5&l:asset:ad_length=5&s:asset:ad_name=OAS_Countdown_EG_5&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=0
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.83.62.79 Fairfield, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-83-62-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:20:52 GMT
X-VaRouter-Backend
prod19
Server
nginx
Connection
keep-alive
/
cbsinteractive.hb.omtrdc.net/ 		0
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cbsinteractive.hb.omtrdc.net/?s:sc:rsid=cnetzdnetglobalsite&s:sc:tracking_server=som.cbsi.com&h:sc:ssl=1&s:user:aid=2E455BD685315B84-6000010B40003B09&s:user:mid=32463149399208463380520886632797588060&s:aam:blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&l:aam:loc_hint=6&s:sp:sdk=2.0.1&s:sp:player_name=UVPJS_2.8.3&s:sp:hb_version=js-2.0.2.123-150f2b&l:sp:hb_api_lvl=4&s:event:sid=155259486223174065514&s:event:type=complete&l:event:duration=0&l:event:playhead=0&l:event:ts=1552594867198&l:event:prev_ts=-1&s:asset:type=ad&s:asset:name=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&s:asset:video_id=4f018ff0-2432-434e-84bc-573a55894d06&s:asset:publisher=10D31225525FF5790A490D4D%40AdobeOrg&l:asset:length=46&s:asset:ad_id=4574368938&s:asset:ad_sid=1552594862240224735548&s:asset:resolver=UVPJS_2.8.3&s:asset:pod_id=1c2651525904e5ad5dbf22c913b3cdbc_1&s:asset:pod_position=1&l:asset:pod_offset=0&s:asset:pod_name=OAS_Countdown_EG_5&l:asset:ad_length=5&s:asset:ad_name=OAS_Countdown_EG_5&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=0
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.83.62.79 Fairfield, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-83-62-79.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 14 Mar 2019 20:20:52 GMT
X-VaRouter-Backend
prod19
Server
nginx
Connection
keep-alive
is-the-end-in-sight-for-cryptojacking-cy-5c8a2420fe727300b83cbceb-1-mar-14-2019-12-31-36-poster.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/03/14/d6202897-6c46-46d2-90c0-b406050f60fc/thumbnail/170x96/540ff83afd268455b6ec90fe545e97be/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/03/14/d6202897-6c46-46d2-90c0-b406050f60fc/thumbnail/170x96/540ff83afd268455b6ec90fe545e97be/is-the-end-in-sight-for-cryptojacking-cy-5c8a2420fe727300b83cbceb-1-mar-14-2019-12-31-36-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1c9936e889b081a50780b09336123729dfe611d241cdc08cd627061995e168f6

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"c182f930a06317057d31c73bb2fedd4f"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31509319, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
2136
banking-trojans-flood-the-enterprise-and-5c8654982f64e300dd728e9a-1-mar-11-2019-16-17-59-poster.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/03/11/0deed48a-3819-4898-b61b-eb7edc8a6df3/thumbnail/170x96/cc6a9763e455b0b97a83f8c7da91df87/ 		873 B
883 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/11/0deed48a-3819-4898-b61b-eb7edc8a6df3/thumbnail/170x96/cc6a9763e455b0b97a83f8c7da91df87/banking-trojans-flood-the-enterprise-and-5c8654982f64e300dd728e9a-1-mar-11-2019-16-17-59-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
45fd3260d9335d17504007cb23b3a142be18b0c1e88cc8ba0e242478b9dd897d

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"98d6f58ab0dafbb86b083a001561bb34"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31341064, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
652
chinese-hackers-strike-us-universities-i-5c81116f2f64e300c587448c-1-mar-11-2019-16-17-55-poster.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/03/11/0fd2fa2e-564e-4fab-b4e4-f2148bc63baa/thumbnail/170x96/e976b85cd296878f4fcab12a21f4c9f2/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/03/11/0fd2fa2e-564e-4fab-b4e4-f2148bc63baa/thumbnail/170x96/e976b85cd296878f4fcab12a21f4c9f2/chinese-hackers-strike-us-universities-i-5c81116f2f64e300c587448c-1-mar-11-2019-16-17-55-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
aac30469f689bc02880c5bf16bb0377b7c3c1e8ef82eb938c30e597112c87628

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"976abf49974d4686f87192efa0513ae0"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=31288166, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
3152
buttar-thumb.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/03/07/f9db2bb0-370f-4b30-8940-ed48af60b6b8/thumbnail/170x96/5b6be561800f730d05927729c17da8c6/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/03/07/f9db2bb0-370f-4b30-8940-ed48af60b6b8/thumbnail/170x96/5b6be561800f730d05927729c17da8c6/buttar-thumb.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d2274e5c8aabf16aa49182097e33b459d538a190e7f5396d61e3a36baaab98ce

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"117ffc1acd844e431a4b73f0867adae5"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30995377, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
7851
heres-how-to-securely-wipe-your-android-5c7d564add173300c0c29853-1-mar-06-2019-20-54-42-poster.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/03/06/6eccd51c-4eb2-489f-ba0c-ae6e3b4cdc91/thumbnail/170x96/282717928d72133958b40aaece56ccce/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/03/06/6eccd51c-4eb2-489f-ba0c-ae6e3b4cdc91/thumbnail/170x96/282717928d72133958b40aaece56ccce/heres-how-to-securely-wipe-your-android-5c7d564add173300c0c29853-1-mar-06-2019-20-54-42-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f4a21231c33148c4a2f96e28fb7cb4dcd1c247cdc0347755cd7c78bdef22c161

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"621fbd17da27241c58015eabe4164a52"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30929083, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
3372
palmer-thumb.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/03/06/46b6d2f2-8fe4-473a-a2e4-e5361170cfd5/thumbnail/170x96/89b9794bfc9beeb319e4aa15539e17a4/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/06/46b6d2f2-8fe4-473a-a2e4-e5361170cfd5/thumbnail/170x96/89b9794bfc9beeb319e4aa15539e17a4/palmer-thumb.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c5fc6ec2843194782f6e3b5e8a660aa1bd5fb9f13dd1a1aa13370f164f62513f

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"3dfe2f633108d604df160cd1b01710db"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30847219, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
7956
these-major-scammers-just-switched-focus-5c7d0bd6bd785600b9b326e9-1-mar-04-2019-14-39-39-poster.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/04/9d8b65fc-d555-4f24-96af-c1c397eb59c2/thumbnail/170x96/cf1118ff47ac3c988ee61a47072d2258/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/04/9d8b65fc-d555-4f24-96af-c1c397eb59c2/thumbnail/170x96/cf1118ff47ac3c988ee61a47072d2258/these-major-scammers-just-switched-focus-5c7d0bd6bd785600b9b326e9-1-mar-04-2019-14-39-39-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e08f7f02be50f559acd7166c57472078d9277ad251cb71b446cff681f92f74dd

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"8a0cd50ecce34cfd150d3d512ccf42cf"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30816410, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
6462
youtube-to-disable-comments-on-videos-fe-5c7c94ccfe727300b980ac00-1-mar-04-2019-5-36-42-poster.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/03/04/7f5a8362-cc6f-4196-85c7-d30e83336c44/thumbnail/170x96/ffd895bbcb8b40d3c231160a511dd7e4/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/03/04/7f5a8362-cc6f-4196-85c7-d30e83336c44/thumbnail/170x96/ffd895bbcb8b40d3c231160a511dd7e4/youtube-to-disable-comments-on-videos-fe-5c7c94ccfe727300b980ac00-1-mar-04-2019-5-36-42-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
05810003dc685a05be39bb0dccf45f696dbf053bedff37512d8b0b016697df30

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"084afd913ab1e6ea58b8ca73f6cb41a6"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30778269, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
4801
microsoft-do-these-things-now-to-protect-5c792bdb60b294479c9b8ad2-1-mar-04-2019-15-16-38-poster.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/04/4956186b-05f0-4710-9b35-b4f2d79f9624/thumbnail/170x96/9c692348c0120eacd5337d493e02b945/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/04/4956186b-05f0-4710-9b35-b4f2d79f9624/thumbnail/170x96/9c692348c0120eacd5337d493e02b945/microsoft-do-these-things-now-to-protect-5c792bdb60b294479c9b8ad2-1-mar-04-2019-15-16-38-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dba4ac7ec7dcf0d3cba97021cc666289374678f7ceb8a177da1dc6a285465a63

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"8073bd4ed0fe0c330290c58056a2cd5e"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30727573, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
5322
the-military-wants-to-build-lethal-tanks-5c792bf460b2395563981260-1-mar-04-2019-14-36-01-poster.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/04/3e41cde5-5b74-4fb3-aa91-9dd819507784/thumbnail/170x96/d9d9d99ec462483c305886a194038e6c/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/04/3e41cde5-5b74-4fb3-aa91-9dd819507784/thumbnail/170x96/d9d9d99ec462483c305886a194038e6c/the-military-wants-to-build-lethal-tanks-5c792bf460b2395563981260-1-mar-04-2019-14-36-01-poster.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c09952aaaf246f650062530665461cce7cab3555769255823b8b600c220da939

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
http://origin.img.hub.zdnet.com
etag
"1680829293f2a8541efa2647a0290f88"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=30681620, s-maxage=21600
content-transfer-encoding
binary
timing-allow-origin
*
content-length
2529
arrows-sfb3cc8e09f.png
zdnet3.cbsistatic.com/fly/images/sprites/ 		430 B
611 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/fly/images/sprites/arrows-sfb3cc8e09f.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
189bac19ed72631b5d881ef5cd82042a1deb6f2e84ffcc2f09888db4581a14bc

Request headers

Referer
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-5664bd9598-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
last-modified
Mon, 14 Jan 2019 21:13:48 GMT
server
nginx
etag
"5c3cfb8c-1ae"
content-type
image/png
status
200
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
content-length
430
expires
Thu, 21 Mar 2019 20:21:07 GMT
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_0.ts
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		1 MB
1 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_0.ts
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4a7988c0dffba589852c0b1b907f1086bae4ae0f54aa9711ed487094c498fb0b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
last-modified
Mon, 27 Aug 2018 17:46:43 GMT
server
Apache
etag
"19ad9391b55dd81e8044abe14ce35fe1:1535392005"
status
200
content-type
video/MP2T
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
1231776
29559f8c-c98f-49b8-8d46-07f8dfdfb361
https://www.zdnet.com/ 		61 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.zdnet.com/29559f8c-c98f-49b8-8d46-07f8dfdfb361
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c34da761727d7d301b12207d336e5b0486df63e2bb18fcf279769d519900b5a7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length
62104
Content-Type
text/javascript
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_1.ts
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		1 MB
1 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_1.ts
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8d85e5d68321279f8a3a21adef645b9383a4f193de259e7837a453436fe12f9c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:07 GMT
last-modified
Mon, 27 Aug 2018 17:46:43 GMT
server
Apache
etag
"a83d9380be8c0cc93e2541716d6eec9c:1535392005"
status
200
content-type
video/MP2T
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
1355104
p
sb.scorecardresearch.com/ 		43 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=end&ns_st_po=4975&ns_st_cl=5000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=0&ns_st_pt=4975&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=5896&ns_st_det=921&ns_st_upc=4975&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=4975&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=4975&ns_st_dlpc=0&ns_st_lpa=4975&ns_st_dlpa=0&ns_st_pa=4975&ns_ts=1552594868118&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=0&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_an=1&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=va11&ns_st_st=*null&ns_st_pu=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:08 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
p
sb.scorecardresearch.com/ 		43 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=3005086&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1552594861329&ns_st_ec=4&ns_st_sp=1&ns_st_sc=1&ns_st_psq=2&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=2&ns_st_ev=play&ns_st_po=0&ns_st_cl=46000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=4f018ff0-2432-434e-84bc-573a55894d06&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=4975&ns_ts=1552594868120&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=ZDNet%20Video&ns_st_sn=*null&ns_st_en=*null&ns_st_ct=vc12&ns_st_ge=*null&ns_st_st=3000074&ns_st_ce=0&ns_st_ia=0&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=zdnet&c3=UVPJS%7C2_8_3&c4=3000074&c6=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c8=This%20banking%20malware%20just%20returned%20with%20new%20sneaky%20tricks%20to%20steal%20your%20data%20%7C%20ZDNet&c9=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.162.235 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-162-235.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Mar 2019 20:21:08 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_2.ts
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		1 MB
1 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_2.ts
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a2d59b3b3c072aacdb67f673eca51d073af38c24259557f2f956af2436b80ffe

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:08 GMT
last-modified
Mon, 27 Aug 2018 17:46:44 GMT
server
Apache
etag
"c62852c14e4fa540d4f1009cb72a71c0:1535392005"
status
200
content-type
video/MP2T
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
1387816
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_3.ts
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		1 MB
1 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_3.ts
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c4ceceaea5d9a726235bddb939d2d438396d9858e404b31c2d0e83d2085ab8bf

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:08 GMT
last-modified
Mon, 27 Aug 2018 17:46:45 GMT
server
Apache
etag
"e12cab5b8139519ab67ad60c03254346:1535392005"
status
200
content-type
video/MP2T
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
1341192
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_4.ts
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		1 MB
1 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_4.ts
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1f1cb9b91275aea0cd13311c52afbf93abfc9d9076ed5d91022f60bca35ae88c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:08 GMT
last-modified
Mon, 27 Aug 2018 17:46:46 GMT
server
Apache
etag
"bb8ed2d7d1a1c68389086c80cffd90c9:1535392006"
status
200
content-type
video/MP2T
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
1467904
2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_5.ts
techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/ 		1 MB
1 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://techrepublicmedia.akamaized.net/media/2018/08/27/1307286595900/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800/2018-08-27-wochit-banking-trojan-jumps-from-poland-to-spain_1644452_1800_5.ts
Requested by
Host: vidtech.cbsinteractive.com
URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.8 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
Origin
https://www.zdnet.com

Response headers

date
Thu, 14 Mar 2019 20:21:08 GMT
last-modified
Mon, 27 Aug 2018 17:46:47 GMT
server
Apache
etag
"37cb01647d10a62b17b10f0480edf8c8:1535392007"
status
200
content-type
video/MP2T
access-control-allow-origin
https://www.zdnet.com
akamai-mon-iucid-del
525165
accept-ranges
bytes
content-length
1269752
/
www.zdnet.com/homepage/xhr/ 		270 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/homepage/xhr/
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1657-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/homepage/xhr/
pragma
no-cache
cookie
fly_device=desktop; fly_geo={"countryCode": "de"}; fly_preferred_edition=eu; fly_default_edition=eu; ak_bmsc=39050C2D935877DCD8E7BD4FB17148060210BAB7CD700000B3B78A5C1865AC63~plQhQBLYcMa9QkutjmVwyXGxwxX4YEBR2393Vf5jfe+alz9TVyYy7+xN5okNqqPRvTGCpH81/nWWiAc8wgNLqWf5JvwW3ZgpIzDmcGjZGvlrckGnCy9nHJbO1rbSi+z5Hj2be8wa8mU5DnbxFTw72bgnG8v0Mi2VCr1kx8IMF9vY097E7oFc8YoVBMFnOg/OHLTCiO4AnK1WEG1VfsvQ6GxgqStd0quALAFB5wDeR6RkU=; muxData=sid=76cc8ac8-dc3d-471d-b60c-54596dd75757&sst=1552594867189&sex=1552596367963; GED_PLAYLIST_ACTIVITY=W3sidSI6IlpzdDciLCJ0c2wiOjE1NTI1OTQ4NjgsIm52IjowLCJ1cHQiOjE1NTI1OTQ4NTYsImx0IjoxNTUyNTk0ODU2fV0.
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
www.zdnet.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
28248
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 Mar 2019 19:36:35 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Thu, 14 Mar 2019 20:21:08 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
21e5660a-0dee-4bf3-b387-221ed284ee39
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
set-cookie
bm_sv=7345736859AAB549191A095942669E7C~NrmDLJek2ujkTJqz+6VH6Hnwbb8/vcXrT1rrvB2MLpProGtMFeQrlWcv6lv/uGoeFDv+m110fl9TWeR5iLZg/z9XW0jiHpVjPFIuv7KKjoaEI5bfFVmQNUTdTNiU67xT8NnOTXKeQLSWA37DyeVlfhZlCnRx5q8m4UlPYY13liQ=; Domain=.zdnet.com; Path=/; Max-Age=7200; HttpOnly
accept-ranges
bytes
expires
Thu, 14 Mar 2019 21:06:35 GMT
ring.gif
zdnet1.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/logos/ 		16 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/logos/ring.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
309e20d540054848c2bee4268a2ec8e37656da9e7d5f8084c6f66f4fd711aed6

Request headers

Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:08 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:09:11 GMT
server
nginx
etag
W/"5c8a2847-3f75"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
9039
expires
Thu, 21 Mar 2019 20:21:08 GMT
ZDLogoMicroRed-x2.png
zdnet1.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/logos/ZDLogoMicroRed-x2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.149 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-149.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d6f28c2ecc7e7b603cead026b3febaa53ef60ef1ee17095ccaa5bfd465565e5e

Request headers

Referer
https://zdnet4.cbsistatic.com/fly/1657-fly/css/core/main-98cc06c3b2-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 14 Mar 2019 20:21:08 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 10:09:11 GMT
server
nginx
etag
W/"5c8a2847-6fa"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=604800
timing-allow-origin
*
content-length
1513
expires
Thu, 21 Mar 2019 20:21:08 GMT
gn
secure-us.imrworldwide.com/cgi-bin/ 		0
0
m
secure-us.imrworldwide.com/cgi-bin/ 		0
0
ZDLogoMicroWhite-x2.png
zdnet2.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/logos/ 		0
0
anyaberkut_iStock-1018929822.jpg
creatives.techrepublic.com/whitepapers/pro/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure-us.imrworldwide.com
URL
https://secure-us.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=us-700144&ch=us-700144_c01_P&asn=defChnAsset&sessionId=vBnA6EL7o4AnacmSa0sMJUYDfQRCC1552594861&tl=New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&prv=1&c6=vc,c01&ca=us-700144_c01_4f018ff0-2432-434e-84bc-573a55894d06&cg=ZDNet%20Video&c13=asid,PF7B87067-BF4D-F80F-E040-070AAD316CE6&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,UVPJS_2.8.3&plugv=&playerv=&sup=0&segment2=&segment1=&forward=1&ad=0&cr=4_00_99_V1_00000&c9=devid,&enc=true&c1=nuid,999&at=view&rt=video&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,15525948614262120&c30=bldv,6.0.0.326&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,4f018ff0-2432-434e-84bc-573a55894d06&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&sd=46&devtypid=&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=4f018ff0-2432-434e-84bc-573a55894d06&c3=st,c&c64=starttm,1552594867&adid=4f018ff0-2432-434e-84bc-573a55894d06&c58=isLive,false&c59=sesid,yXrR0xEiwL83olC5AU7EtLCOe5pHN1552594869&c61=createtm,1552594869&c63=pipMode,&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&c77=adsuprt,1&uoo=&evdata=&c71=ottflg,0&c72=otttyp,none&c44=progen,&davty=0&si=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data%2F%3Fftag%3DTRE49e8aa0%26bhid%3D28479449993231099838979844348744&c66=mediaurl,&c62=sendTime,1552594869&rnd=428349
Domain
secure-us.imrworldwide.com
URL
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-700144&c29=plid,15525948614262120&c30=bldv,6.0.0.326&c6=vc,c01&c3=&cg=ZDNet%20Video&tl=dav0-New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&c9=devid,&pr=iag.sid,1000011&pr=iag.tfid,902&pr=iag.bcr,us-700144&pr=iag.pgm,New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn&pr=iag.epi,New%20banking%20trojan%20malware%20getting%20ready%20for%20a%20global%20campaign%2C%20experts%20warn%7C%7C%7Csf&pr=iag.seg,1&pr=iag.pd,www.zdnet.com&pr=iag.oad,na&pr=iag.fp,sf&pr=iag.cp,soc&c10=plt,&c26=dmap,3&tp=gg&c24=zip,99&uoo=&c68=bndlid,&c61=createtm,1552594869&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c62=sendTime,1552594869&rnd=292955
Domain
zdnet2.cbsistatic.com
URL
https://zdnet2.cbsistatic.com/fly/1552558151-fly/bundles/zdnetcss/images/logos/ZDLogoMicroWhite-x2.png
Domain
creatives.techrepublic.com
URL
https://creatives.techrepublic.com/whitepapers/pro/anyaberkut_iStock-1018929822.jpg

Verdicts & Comments Add Verdict or Comment

320 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| soastaTracking object| ZdnetPageVars object| ZdnetFunctions boolean| gdprConsent object| evidon object| knownServiceWorkers object| cbsiGptDivIds function| UUIDv4 string| __tealium_data_guid object| utag_data function| requirejs function| require function| define number| BOOMR_lstart object| _sp_ function| $ function| jQuery object| googletag object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken string| testGroup string| testName object| __core-js_shared__ function| setImmediate function| clearImmediate function| UUIDv1 function| clamp object| STR undefined| UUID object| BOOMR object| BOOMR_mq object| Audit object| swfobject object| Modernizr function| Waypoint object| jQuery18307907987216801955 object| debug object| utag_err boolean| utag_condload function| getCookieValue object| isInternal object| js object| s object| adData string| adCookieName undefined| adCookieData undefined| adRegion function| parseJson object| match object| utag function| runInternalUserFuncs function| cbsiInternal function| _tealium_old_error boolean| isEuUser object| vglnk object| omnitureMgr object| dwMgr object| om object| GPT_jstiming undefined| google_measure_js_timing object| headertag function| headertag_render object| pbjs object| CryptoJS object| mPulseApp function| lightboxjs function| lightboxlib object| _ml object| EF function| dw_callback function| setUpAgknTag function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| doSiteCatalystTag object| headID object| newScript object| s_c_il number| s_c_in function| Visitor object| visitor function| DIL number| s_objectID number| s_giq function| vl_cB function| vl_disable function| vglnk_15525948569506 object| __ql string| path string| host object| scriptTags function| agknTagBuilder object| _agknTag string| _agknTagName object| _agknEchoTag number| _isAgknTagSet function| renderAdCallback function| blankAdCallback string| waypointContextKey object| sticky object| TRUE_ANTHEM number| BOOMR_configt object| _bmrEvents object| DIGIOH_API object| LIGHTBOX_API undefined| vglnk_15525948574527 object| DW function| dw_anonc object| DW_anonc object| optimizely string| f0 object| omMgr undefined| vglnk_15525948576339 object| s_i_cnetzdnetglobalsite undefined| jQuery17106776610289526044_1552594857081 undefined| _ function| Hls undefined| uuid function| addResizeListener function| removeResizeListener function| Spinner object| uvpjs function| Class object| mpulseUserTiming object| jQuery17106776610289526044 number| BOOMR_onload string| adBlockCookieValue object| $tealium object| ret boolean| searchOpen object| $lastFocusedInput string| pageType function| udm_ function| ns_order object| ns_ object| ns_p string| ZN_3xeBFJDuSs0SRW5_ed string| ZN_3xeBFJDuSs0SRW5_sampleRate string| ZN_3xeBFJDuSs0SRW5_url function| fbq function| _fbq object| UA object| QSI string| disqus_shortname number| _rnd string| __prot object| __i function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| ima object| google object| NOLCMB object| DISQUSWIDGETS undefined| disqus_domain object| platform function| mux object| ADB object| closure_lm_432891 boolean| autoplay object| google_persistent_state_async number| google_global_correlator object| NOLBUNDLE object| closure_lm_121723 string| emmUrlKey string| optoutCookieKey object| ns object| paramsPassed object| stateObject string| BUILDVERSION object| stateEvents object| TRC object| _tblConsole object| _taboola object| _comscore undefined| msg string| pm_pgtp object| COMSCORE function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcDOMWalker function| __trcPurgeEventHandlers function| __trcJSONify function| __trcUnJSONify function| __trcGetMargins function| __trcAttachResize function| __trcDetachResize function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| PageManager object| params number| trc_debug_level string| trc_article_id string| trc_item_url object| TRCImpl string| pm_ppy string| pm_geo string| _pmep string| _pmep_geo string| _pmpmk boolean| _pmasync boolean| _pmoptimization boolean| _pmoptimizationmanipulation boolean| _pmhp boolean| _pmsb function| _pmloadfile object| bbVer object| pmk object| pmglb object| pmfa object| pmad object| pmdebug_c object| _pmenv undefined| _tb_d undefined| _tb_rand function| getBBVersion function| _tb_getUrlParameter object| _pm_mcm function| pmws_request_done object| _tb_ext_xp object| _pmk function| TBWidgetStorage function| TBWidgetPersonalization function| TBWidgetWhatsApp function| TBWidgetGawkerComments function| TBWidgetGawkerPersonalization function| TBWidgetWeatherStories function| TBWidgetFBCommentPersonalization function| TBWidgetDisqusPersonalization function| TBWidgetFacebookComments function| TBWidgetCommentButton function| TBWidgetMsnTsb function| TBClickToPlayVideo function| TBClickToPlayVideoElem function| TBWidgetVideoPlayer function| TBGenericVideoModule function| TBOtherPlayer function| TBVideoMetaData function| TBKalturaPlayer function| TBBrightcovePlayer function| TBOoYalaPlayer function| TBMSNPlayer function| TBWidgetMsnTsbPersonalization function| TBVideoCarousel function| TBVideoRightRail function| TBWidgetVideoPersonalization function| TBWidgetFPORunner function| PMTargeting function| PMTracking function| PMUniversalGA function| PMMdotLabs function| PMComScore function| PMPublisher function| TBOptimization function| TBWidgetFacebook function| TBWidgetTwitter function| TBWidgetAddThis function| TBWidgetShareThis function| TBWidgetDisqus function| TBWidgetGigya function| TBWidgetReddit function| TBWidgetPinterest function| TBWidgetSC function| TBWidgetSTPPersonalization function| TBWidgetSCPersonalization function| _comcast_fn function| PMRetry function| PMGlobal function| PMIdentifier function| pmws_getlocation_done object| pmdebug object| pmws object| xq string| GoogleAnalyticsObject function| ga object| _pm_mcg object| tbopt function| PMAd function| openx_ad_request_done function| pm_image_onload_done undefined| vglnk_155259486178511 object| google_tag_data object| gaplugins object| gaGlobal object| gaData undefined| ct undefined| et undefined| hourElapsed undefined| pixelDomain undefined| pxSrc undefined| px object| Moat#G26 object| MoatSuperV26 object| callbacks object| Moat#PML#26#1.2 boolean| Moat#EVA number| creativeWidth number| creativeHeight number| taboola_view_id object| time undefined| vglnk_155259486302512 object| google_image_requests

33 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 21907198191623399282957956508712126504
.lightboxcdn.com/ Name: a1583f50-579b-41d0-8c4e-1cd1790d945c
Value: N4Ig-mBGAeDGCuAnRIBcoAOGAuBnNAjAKxEBMRAnACwAcRNVAbAAwA0IGAbrAHbaHtc-VMTKVa9Jmw6dcvfiPaIkAGzQgQ7FavUB6AIaJsAS1gqApruwALY7gC0kfTwDWxngHN7AW30qA7obm9gBW8LjY9ojm2Eg85gAm9v7GNvbx.va48fouAJ722IimLg7YAPZZ2OZ-9nnl8PYJ-tj6ugD8AGatHgC8ACoASgCiVBTmNPr6miAqeIQk5NR0DCzsGDqoANogBkamFla2Dk6u7l6-AUGh4ZHRsYjxSSlpGVk5-YXFsKWFlRE1FR1BpNFptLo9AYjMYTKbMABkkFsCV6pAYAHZqGMKBQAMykXEEZg4mi4mgUTEMKi42joqhUEAAXQAvuwIDAMNFOGhQM08sItqIlhJVowWWyoNBzJxzHxhMBWeBJbBjAl1LjOlRYJ1qBR7OYKAkiPYtZ1cfYKAR0UlYDR0YwSBRYIwqMx0fYheI6OiaKRmCBmUA__
.lightboxcdn.com/ Name: __bxtest
Value: IYIwxgHgngXkA___
.www.lightboxcdn.com/ Name: __cfduid
Value: d4d0e1c4d73c17b45e3eb5b835ae060281552594856
.zdnet.com/ Name: RT
Value: "sl=1&ss=1552594853245&tt=5320&obo=0&bcn=%2F%2F5f651e72.akstat.io%2F&sh=1552594858577%3D1%3A0%3A5320&dm=zdnet.com&si=e7acf12b-2c04-440c-a5d9-c3dbafde46ba&ld=1552594858577"
.zdnet.com/ Name: utag_main
Value: v_id:01697ddd6b8100ac07bae1f78c700007800a007000b08$_sn:1$_ss:0$_st:1552596658518$ses_id:1552594856833%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session
.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data Name: CBS_INTERNAL
Value: 0
.zdnet.com/ Name: bm_sv
Value: 57996E60900785695C2C746CDCF64619~NrmDLJek2ujkTJqz+6VH6DGwGaHWtLy0/JsWHS+CHji3QuK2VlzQychtBIdarsp+mIS4tqsBe9WMr5s2QA6zaVKSPllQ+wwHAK1d2+HaaBwu/b0li3cdw+w0zgUquHcS5xzuxtiQrt9IWYREDhYuCh5xaMqSKpTZAseFcCFL+WI=
.zdnet.com/ Name: bm_mi
Value: ADF69C5327C904031B3523DD802B6016~3MHga8GKC7e2Icvydy+QgRS2/xWiD+P7NPaHyRMXn9N6eNxwpMKFnVqqlpln6rmcwkiNYqGJymSIH2ct4EVVSvXlPchDbtUz4MXTvFqIcfSZdYeT1xLT7LRK2kb1Zan5vtvFCDRK8dU0Hg6cIA1CM6A7EC+l8yUw8ZIINHOCYknH1LrTs0XawFLt02gWYe0swCsZjQ3VoiaJIPf+iqXstRcZp5SmG7fs7SkuwkYqtSFaOVChn+8Po+8RwGPxppWzj4N/hWHSIBVqvLh23KyWmwAYsQ3UThsBdMyjEaseqRo=
.zdnet.com/ Name: s_lv_zdnet_s
Value: First%20Visit
.zdnet.com/ Name: aam_uuid
Value: 21907198191623399282957956508712126504
.zdnet.com/ Name: fly_default_edition
Value: eu
.zdnet.com/ Name: AMCV_10D31225525FF5790A490D4D%40AdobeOrg
Value: -894706358%7CMCMID%7C21753913182162491202980062665557970256%7CMCAAMLH-1553199657%7C6%7CMCAAMB-1553199657%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1552602057s%7CNONE%7CMCAID%7C2E455BD4853132EB-6000012C000041F3%7CvVersion%7C2.3.0
.demdex.net/ Name: dextp
Value: 269-1-1552594857728|477-1-1552594857834|771-1-1552594857941|22052-1-1552594858042|30646-1-1552594858154|121998-1-1552594858260|127444-1-1552594858362|302767-1-1552594858470
.agkn.com/ Name: u
Value: C|0CEAkHXQpJB10KQAAAAABAg1RAQCADVIBAIABEUEAAAAA
www.zdnet.com/ Name: viewGuid
Value: 9dd8f9d9-7a90-4590-8628-1e4a2e4c93eb
.zdnet.com/ Name: AMCVS_10D31225525FF5790A490D4D%40AdobeOrg
Value: 1
.zdnet.com/ Name: b2b-aam-segments
Value: t%3DMicrosoft
.zdnet.com/ Name: s_getNewRepeat
Value: 1552594857469-New
.zdnet.com/ Name: s_invisit
Value: true
.zdnet.com/ Name: s_vnum
Value: 1555186857468%26vn%3D1
www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data Name: zdnet_ad_ftag
Value: TRE49e8aa0
www.zdnet.com/ Name: XCLGFbrowser
Value: eJXpK1yKt6kvTNrcGAA
.zdnet.com/ Name: fly_preferred_edition
Value: eu
.agkn.com/ Name: ab
Value: 0001%3AgjR4pCKXsxr31jtNXku55qGrDUHqMITaHcXJu2ftvkcanALVFJ5hUg%3D%3D
www.zdnet.com/ Name: _ccmaid
Value: 5978151464575185692
.zdnet.com/ Name: fly_geo
Value: {"countryCode": "de"}
.zdnet.com/ Name: s_lv_zdnet
Value: 1552594857469
.zdnet.com/ Name: fly_device
Value: desktop
www.zdnet.com/ Name: LDCLGFbrowser
Value: 964495ec-94a9-4ab7-9f7f-0a3e79262799
.zdnet.com/ Name: ak_bmsc
Value: 806B80C66005040CCE560C47706DDDA60210BAB7CD700000A9B78A5CC4C73F24~plodMl0loa3tKfd0U23mIa36lQ9H3Ze8XwENeCkUr/VvEexpfVhzcPHB3Vkrpjkgqd3qVjh/QF6wRoFpU4UkrtUO6ke6HK7+1Egtv3es0tjQndSop8OmT9UFHtyvvq1IhtNS7JtStfiKe5ufX2l9bHFeqkL2r3hbNOdPJ+19pkyY/+L6UTHgvXrnIz/2CHN3maTHCjZ2LWfvZU4ri34cgm0r/E3LkOyXDElKGlFtUaa+k=
.zdnet.com/ Name: s_cc
Value: true
www.zdnet.com/ Name: _ccmsi
Value: 1552594857122_q95au7yio|1552594857123

51 Console Messages

Source Level URL
Text
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service pending (GDPR consent not granted): script_indexexchange
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service pending (GDPR consent not granted): script_mpulse
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service pending (GDPR consent not granted): script_sourcepoint
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service pending (GDPR consent not granted): script_gpt
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 743)
Message:
ADS: queuing nav-ad-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1213)
Message:
ADS: queuing intromercial-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1279)
Message:
ADS: queuing leader-plus-top-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1415)
Message:
ADS: queuing inpage-video-top-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1425)
Message:
ADS: queuing sharethrough-top-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1537)
Message:
ADS: queuing mpu-plus-top-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1647)
Message:
ADS: queuing dynamic-showcase-top-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1654)
Message:
ADS: queuing mpu-middle-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1903)
Message:
ADS: queuing mpu-bottom-5c8ab7a71abdf for display
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 1920)
Message:
ADS: queuing leader-plus-bottom-5c8ab7a71abdf for display
console-api log URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js(Line 1)
Message:
dom not ready, setting event
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service pending (GDPR consent not granted): script_sharethrough
console-api log URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js(Line 1)
Message:
dom ready, triggering load
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
GDPR consent granted
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent finally granted): script_indexexchange
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent finally granted): script_mpulse
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent finally granted): script_sourcepoint
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent finally granted): script_gpt
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent finally granted): script_sharethrough
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_mpulse
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): _injectQueryStringGCP
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 9)
Message:
Missing adCookieData!
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92)
Message:
zdnet
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_ad
console-api log (Line 2)
Message:
ADS: queuing mpu-bottom-5c8ab7a71abdf for display
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201902042326(Line 177)
Message:
Service: sitecatalyst
console-api error URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E(Line 16)
Message:
ads::trackingCookie::init
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92)
Message:
zdnet
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_sharebar
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_video
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_sharebar
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_recommendation
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_urban_airship
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_disqus_count
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_disqus_count
console-api log URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/CBSI-PLAYER.js(Line 20)
Message:
UVPJS 2.8.3 03/26/18 8:42:19 AM (PDT)
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_taboola
console-api log URL: https://www.zdnet.com/article/this-banking-malware-just-returned-with-new-sneaky-tricks-to-steal-you-data/?ftag=TRE49e8aa0&bhid=28479449993231099838979844348744(Line 103)
Message:
Service loading (GDPR consent already granted): script_medusa_async_load
console-api warning URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js(Line 8)
Message:
mPulse: Custom Timer 'video_ploaded' is not defined
console-api log URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92)
Message:
zdnet
console-api log URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js(Line 28)
Message:
[20:21:02 GMT+0000 (Coordinated Universal Time).244] [ERROR] [MediaHeartbeat] API call trackPlay is unsupported in the current state.
console-api log URL: https://vidtech.cbsinteractive.com/uvpjs/2.8.3/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js(Line 28)
Message:
[20:21:07 GMT+0000 (Coordinated Universal Time).958] [ERROR] [MediaHeartbeat] API call trackPlay is unsupported in the current state.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5f651e72.akstat.io
ad.doubleclick.net
ad.yieldmanager.com
adservice.google.com
adservice.google.de
api.viglink.com
beacon.tru.am
c.evidon.com
c.go-mpulse.net
cbsadsales-a.akamaihd.net
cbsi.demdex.net
cbsinteractive.hb.omtrdc.net
cdn-gl.imrworldwide.com
cdn.taboola.com
cdn.viglink.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
creatives.techrepublic.com
csi.gstatic.com
d.agkn.com
dpm.demdex.net
dw.cbsi.com
googleads.g.doubleclick.net
idsync.rlcdn.com
iicbsi-a.akamaihd.net
images.taboola.com
imasdk.googleapis.com
in.ml314.com
inqlnfvog763mmf771rou737u.litix.io
js-sec.indexww.com
js.agkn.com
l.betrad.com
lightboxapi2.azurewebsites.net
match.adsrvr.org
ml314.com
native.sharethrough.com
pagead2.googlesyndication.com
pixel.everesttech.net
pixel.mathtag.com
ps.eyeota.net
px.moatads.com
s0.2mdn.net
saa.cbsi.com
sb.scorecardresearch.com
secure-us.imrworldwide.com
securepubads.g.doubleclick.net
som.cbsi.com
sync.crwdcntrl.net
tags.bluekai.com
tags.tiqcdn.com
techrepublicmedia.akamaized.net
track.adlumin.com
trc.taboola.com
tru.am
vidtech.cbsinteractive.com
web-sdk.urbanairship.com
widget.perfectmarket.com
www.everestjs.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagservices.com
www.lightboxcdn.com
www.summerhamster.com
www.zdnet.com
z.moatads.com
zdnet-1.disqus.com
zdnet1.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
creatives.techrepublic.com
secure-us.imrworldwide.com
zdnet2.cbsistatic.com
104.109.87.166
104.111.214.229
104.111.241.32
107.23.70.147
13.35.253.126
13.35.253.127
151.101.1.181
151.101.120.134
151.101.122.133
151.101.2.2
172.217.16.166
172.217.18.162
172.217.21.194
18.195.58.242
184.30.221.232
2.16.186.24
2.16.186.8
2.18.162.235
2.18.232.206
2.18.233.143
2.18.233.149
2.18.233.201
2.18.234.21
2.18.235.40
216.58.208.34
23.99.128.52
2600:9000:2047:600:15:efbc:e300:93a1
2606:4700:20::6819:a222
2606:4700::6810:51a5
2606:4700::6810:a30d
2a00:1288:110:833::4000
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:815::2002
2a00:1450:4001:816::200e
2a00:1450:4001:820::2003
2a00:1450:4001:820::200a
2a00:1450:4001:821::2002
2a00:1450:4001:821::2006
2a00:1450:4001:824::2002
2a00:1450:4001:824::2004
2a00:1450:4019:802::2003
2a02:26f0:6b:280::e3d
2a02:26f0:6c00::210:ba1b
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.120.224.89
3.122.36.177
3.83.62.79
34.235.206.33
34.250.76.236
34.250.96.102
45.79.174.133
52.204.17.14
52.31.192.216
52.44.156.47
54.154.175.204
54.171.224.12
54.175.221.100
54.72.142.23
54.77.130.155
63.140.43.34
63.140.43.37
64.30.230.22
66.117.28.68
66.117.28.86
68.232.35.180
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
03178396aebd2b1e94e641d26da8d5b5ca23f9162b52b519ad37c88fc18de50d
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05810003dc685a05be39bb0dccf45f696dbf053bedff37512d8b0b016697df30
07b69027231d985f5bdcd4d5a539f120d26003feef6e9dc0a6b77a4b43a9b21f
081873caa83744b6d819ab294b08927e20b60841dd8f23a87c2a57e15f65591c
09e5e6ad9b3f811194f2c812a59944124cf34dae3c6d90cdc5f51dd61f9e4439
0d4df9578aa56eedd29a7487b9152cfba7a453422b35a623170f3d3bcb174ad8
0e13cd6845611f0c419398a75b85ba014a7fffb1b9e9575c2e1b4cfefebd0017
0e4e46fa1aa04c24e793912d7aabaa2f2b0f7dc03d73cf74fbe12cb84f062554
0f4176807e149be9c6cc0e583699fffe630cccb37e57242ce5a7b1f7d63d859d
0f91e664ba993207337dbd5b1ab9f156c5f579d99d9b2e1315706815deadd0ae
10113bad06fefd5698a45480ffaedd421c6e06f9dbd0d1c772b7128bbea0842d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
148f8f9551ce97ae7600a6606ab8f9574cdc77a71a3cbddc8e21d7ee62f820ea
1491a1594a4058a62ea4c08441cfcbbfe82a0916b4f26b55f3605af896766dd7
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c
189bac19ed72631b5d881ef5cd82042a1deb6f2e84ffcc2f09888db4581a14bc
198578f511d1fed81e0f63a3bc056ec5dc2b7865e4772b3897320171dd9c0e61
1b91058b5969c2319ee3f3efb2b91ccf388c64fe22f806e59b0edb43694150d4
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9
1c9936e889b081a50780b09336123729dfe611d241cdc08cd627061995e168f6
1d1eab2e9d5b36e1297db68599d3e9c3df71869a0863fb261972b93e919d7af1
1d4d518e1da495fb6d6d8b3d86bba79d7597b61b466e71c45cdb09ed79659c53
1f1cb9b91275aea0cd13311c52afbf93abfc9d9076ed5d91022f60bca35ae88c
235fe8e135d64dcfdab425bc75681b0890a7fc32f28fefd64b2d1c6242547630
23aa145b7c572abba67dd9a4221074ad4c53da05de592da1324f35c1b6235132
24c7bfbeecbd090529975795b4820f6136d3a49c6addb58329eb5bbb65fb9fd1
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
2629d7ebc824cd8f408efc722da1171ee3696002bfad416abc77b0b88d013160
27676ea482895bdddd3f3796f430a812e11364efc224227c86973a52398966c2
2f01b49a78ae39b72dd3166ebebdf7fe07957571b7d34bfe003b429e71c539e1
309e20d540054848c2bee4268a2ec8e37656da9e7d5f8084c6f66f4fd711aed6
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
35733dd71de077b039d2bac6614c78eb3ab7d3879cb307cc10cc1907d2f61eb6
3a80b900c538dce6ded080e90ee6a3e25c9264181192f962dc62959412020681
3ae5d0f70dfeb1308462aaaa19d8326a6bd2d41781323b07db04cccffc09cf5f
3aedaddba6f8d8620ca4df0ce07c6ec688675d124d82d6a3f6da0a618c9932c3
3c31b25dc848cfe8053919e877b12db4fc74a39a902c1bd1899cc43ecb0c0bcd
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3ff065de0d90b0510727a72c173d05652c30967c5e6561dbf1d82fa077cabb22
425355846cf962d3179d2a5675efec136193f260983e4a49b918c4f333bf430e
426d9c4e30db4842dfb3b5813d238bf05f9560b70ec68afa84ae2e96c2c716cf
45fd3260d9335d17504007cb23b3a142be18b0c1e88cc8ba0e242478b9dd897d
47df27d53a150e553c96eec9213fa3c3b3a4a07091e09e6cc672730e87c79bcd
4959e2558fac8cacf637b3a2c3eb168904d82e17f14d367212b8d256fff15d8f
4974c54f5183f50fd1f3c3d49c496fd79602f8159b6d393d3fab09e4433555dd
4a7988c0dffba589852c0b1b907f1086bae4ae0f54aa9711ed487094c498fb0b
4b51cad50779921c134fe5f8a46df29da7bdedf5f643c331d192b6057af97992
4ba05e59fb9c0ab1c7c1d2291598d5794d0fcac2e202a82176afba5e2fd8c8cd
4f72e8df44e82a8066b16ca8ab2d59f8f9ef21fa52c07d8554972f48b5105f13
50178c2908dd13de5a387ee5e197029dd5aa0c24692fb2360c54b7484d03d75d
527c0c0c1a578554c4475a506762fb90fe7af774e9fa3aa12a8e46098971ab80
57e1e8e64fe95a0acc0822d690633b9450b26919fcedc32958ebcf7d39393181
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5ecc6a93ec2939faa8dbf80084346c7d940f5a2181ee69343810da52902eb92d
61c7775dd53bf4483c287392a1194232ed17a29eeec5f64896c57ff53c5e66ef
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
638528755e9e630423559752ffb1b9e22f730355d0e7ea5024281f9342c1ef56
63c54de58501e037de4ba5e087be2f77f0c0af9fcaebbb8e4f9b5decb96e13b9
65b32111ba6249c17070def5faa2ab03612a2bbad2de106cf53dc75176bc9825
66ef1b7581d8ef7b82bfe2ca363a612a479d89b808e2241f68d3e8c75f4f06d4
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
69ab1a2de27af9982ac383ba968b31150b40465eee67ccd2cb540397dd372c14
6a142062d341e21d360870b239bddfab464a522c17529a1a9fcfae37864be1ca
6bb981959d783d83df88b9aa48738948c9a8a22c1a31b8cb5305d3e338ebf9a7
6cbb103a9ffa9315f34bf691c00ce6552c74411c301bef75aba79c104e150b72
6de73873dd441f953668e77030299f082e0f3e6335bf944d88d44978162e6609
763fa0bd7eff816d0a5f8c3e4075f9173a5cebf51a1e2c0d1174f841de10b9dd
791b7ff5657f9c41e24adaa1f6f5a4dc51046d292b25b01a5a8d152ff4a951ac
7a1c6137f5ed3900e2b07d0c6785da9915da4e44dea8aabac8c3ddaad73b4ca2
7e9696aabfbb60803028b14636581f459404cea187d0c0c50b7d4d5cf8e1a3b1
7eae865fd7c820936603897a072b7ddd77b2c74e8022160fd19792291a63fac8
7f1555c5caec4e707678b569a1dd60bd8dd64293ff6e09d8b9027739cefa1d79
8212f3fc5847d92f1b425d22a60819634c3829a97235c744e1264981da57c35d
8238f5f25e0f6c79352684181f41e1f8fb226fbbeefe07cb21aa9c074b5141b2
83014628d299ac696df5be719890f75d2a762ae3e182ebe9383e0b87d95d2fc3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
868ab1704d7a6756d97ebde1b95aa0c54a0a676791bb445b80deb8a1f48c2cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a27fab6c5a0b1db438219c7d24ce2fff95e0910378fe4bdeb64b4f970eebccc
8a6984501b8a86b7f7edbd1fa3ce4ba6a27b04d360159f092d384761d863fa5c
8b5acce407d23bddf1034e28911490bad044010c1eae101467928b5def538ade
8d85e5d68321279f8a3a21adef645b9383a4f193de259e7837a453436fe12f9c
927048ad11de8981ab14882b0cac610a1c194aa991d07247cdbf875032dec422
9331d43a92a7b0bdadc0dd0f4323ecca3353cb588b4a4477c764c2643c68ac78
9337d4f2ef8a00759da573e178e302712fec944ac54cfd808f48c526b9816d3b
984a9c142400ed6a5f591f79a57ebbe8199a447466ff52720bc9033db8755759
9856212bc694c334a1cf96ddd308c8fcc14b91600d92ad438f046f8fcb9913f4
98a91b898a824dd0cf24f33ff1e83eed96b8846b34906a04d148d679ec76328a
98ac1d2bc316a4f5c7c0265d2d7f022c38d89270f320dfbabacd64b035f2a2d7
99c3e619b374e379e701e041c25b7b49a9ef5e54af7ec68ef448e541a24a96d0
99d71bfbd5b10b27442706ec707c0bb51976a9a43ee3ab6bf5d7888d4230e19c
9a6dbff4c8e28ee0dc73c2b59cf9d582479febda913405635129f5241b2ab3cb
9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9db8bd3e641dc88d54edf476a148e75e29b4e8ccd040cb340404d557578dcfbd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0dd0d42e82bfcc16e96fb72d732787a0edf0bc99b0a34f6f6eaaf1d1b32a8f9
a125ff36a366640891258dcd29a925de26081d914838e95c6e763fca15698218
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2a804abed27cf1276fba69a26f3da96befe05f5661af72545fc97a508c82e5e
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a2d59b3b3c072aacdb67f673eca51d073af38c24259557f2f956af2436b80ffe
a303793414b2123a2d9e5cb1c73cb6c778541ceb76c61edfa29d0eff84f784d2
a4616611e7b6cd068e161a91269a2506fcc45e2416e15a645ddf077ed7a504d2
a4d452555ef3c54319d8528439b6d27eea5e7cf579b89303b72a00e54c0dfbf5
a958258d13893fddd73b8d56084a3862f2bbbaf0ed3e49a39e7e0c953971d430
aac30469f689bc02880c5bf16bb0377b7c3c1e8ef82eb938c30e597112c87628
acc5ba8f384f65d231c25a30bb9624da59f42cfe1deccfcc7f58a9afe26ec50a
acf3b5b3ade1391096f23120b725a032dce430448ba8aff2a6f0c3f9c598b2a3
b0e1a7964305ee8883dfa3b8187e019a3c0fd53e76398e0f4ae65408a70f52ca
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b14e016720fd0d8e3d338716f29d0b33d19bfc93279d0309ba75925c8384f6e6
b2ab8784d5ca4bc5e4e1990ba55c6d9f041b8fe8cf41ad9afa37bc1c3dd12756
b3d64e3a17eaacb2473e6777e771930cf3aa692b1d976843857335cc978e1439
b3e9f98451a0066f4cca7c87696f9a8ae0d81a1387c7d9aec8ad74554b63dd8a
b887fd25d8144ed197b2c959b309295a611de8959119a06a0022da0cbd440d41
b8c15c61feffdfe68b168cf2ac8cf58867f38547da3b15d7971a75c44f16bc26
bd30ffd9618eaa423abb4c900f4af01cac18be85d75265ba08d87d5230bf85b8
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c09952aaaf246f650062530665461cce7cab3555769255823b8b600c220da939
c12cf227885335df96a62ce773d17c8dbd9eb0de199ce1ce1289c5ff802ae95c
c2c432e808e795014171d087ba8abd58d8337f59ad387c08d8a6c6b3c32106fb
c34da761727d7d301b12207d336e5b0486df63e2bb18fcf279769d519900b5a7
c40d49c6e0f8f2545f8324d09b1c89eade88481e1b2bbc4a6f325a66b45eef31
c480ce7d4d5f2fb023403c864eac3350b46fab68728482d625d4d4b45b049427
c4ceceaea5d9a726235bddb939d2d438396d9858e404b31c2d0e83d2085ab8bf
c5a479022fb04033a1cdeffbcb318920057c1b23609608780167e9158410ebf6
c5fc6ec2843194782f6e3b5e8a660aa1bd5fb9f13dd1a1aa13370f164f62513f
c6df1bf046eea1d51b9b30f72f87f5c6d13f4fea02b8efc48ac386557e8bb32a
c7061d9afd26edf53ac2f579d2eba69a428603cfa57f5b01b8080fa7dff7b5d8
c904304fd06e5bf1a7411400abf22540499f73c27d2ddf9e9524998a751844bd
cd1d44243c825f1c5b6fece79fb2f3605907af8e9948469e3be7fe265a74e6dc
cd5e6512fdbb698425174148dba05f72357a3b1944413f8812c55c4025d3d562
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf65e308f1c461e06038b45d5bfa27689e22241f6b673b7d540d35cdd0ca4c32
d0aba2bb05aedffa1a8e809703e9e7f08d8aab76d5fb35bbf3e9ac9f9c1c9902
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d2274e5c8aabf16aa49182097e33b459d538a190e7f5396d61e3a36baaab98ce
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41
d48e0904f1b40972f1fc6dac3f358719e080fab3291d13d2ca4a60405707a88b
d4ccc0936dea09d1846d5bb1487dd533738e598752d8215cd883f77b3cd91d4b
d5e9dfd6066c2872be4f85c25aa0186402b124ea3f80152e2e2b767906793284
d696da403b0169c2191d0ec0b0fcdaa85487b21b19fd58f4b1fb5b9edf40b153
d6f28c2ecc7e7b603cead026b3febaa53ef60ef1ee17095ccaa5bfd465565e5e
d91a3b560607304ef4cf46a9a3c36cecfddf2a803f9f3d513ebc46ffe92b7870
da32e2ed8ad42c030011ae24f19d9a83b5970c15050fd605dc0c2e4a0106b93e
dabf73474662398f4f686a1b3103542f53384dd6241e6ac13f8ba535c6372aff
dba4ac7ec7dcf0d3cba97021cc666289374678f7ceb8a177da1dc6a285465a63
de4b8c1882f3c5f3e8d7ed920d1f4f31865ee05228fa7c60800656f3b279287d
de749bdbeeb7bb7f79cb31ff00fe6830004064419f73fe9a6ec982e9de8bf19d
de958ea30c103771b4b4aa8acae8c4a5063c965fc1594e6315737fd079e731b3
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e08209b44a15fd9f6b9977d2580034e8d3da36542235802c2722ff8db4c0a461
e08f7f02be50f559acd7166c57472078d9277ad251cb71b446cff681f92f74dd
e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41f9d0fb2d51a0375967a0ef23dac71eabde665b7ad3af7cf65e2f5f0cb784a
e482ba089d973ca257acfd70b2d7541447d5d333449b106d5c3dffebe322566a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6b7af9cebec6e08f0d84046a51912d2e7dac2070a46d3d4ecf42673432f76ac
e7a0ad47bdec44cb474f1e35424943c6c49c71fff04d7bdd0d7b8b9ca319a536
e97496cd876136ac77e9c28c1a067f7fb2d7b788b34c3159def1d579d89b75b0
e9b3eb7f022396e969766ad5e908b21df0b646c943e149902c64de590e9549d9
e9c7cb8be27d51672066ff8810d58097845ea52672d72ec7e3e1002f9337727a
ea46af0c4a4d24a8177ab02f0060171ac4b16dd24145977d08c9360f50c5da5c
eac05fbf31e37d9466cbc2573bff2558572160be01cb562108aadf4cc11cf1e8
ec9f56ef0154dce0ffa688179baaba303b09a4283f993527adae077d1d57e8b7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05f427c0a3425f17ce1b199296557b22f8b385c963696f80d588f692364abca
f23379300204f6842f470f37980e4d56bc6150548d46bc390a736918b0ef1cf2
f27c0c9f284c6959dd7db1e768c6e43a518ea650afc69d7a60383f3a963cde7b
f427f9cedff0bcab55939c58498e44458a4112ecfe95db63fca701c1d7beb739
f4a21231c33148c4a2f96e28fb7cb4dcd1c247cdc0347755cd7c78bdef22c161
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
f8ab8275ebbd6c97cef0cecf565e9da2d8cbce31b37916251422d2fcbfa63de0
f92514f4e39c16da9037f964148a09a79419744b77d611860ffc81c86aeace0a
f96f203f5605c9f56e7f6f97caf6ea84f122872ec3c5ac1f9037a1b508c706ee
f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473
fa33d1db535d783b0baf4e74bdc7ce9e54633f87a03669b2803e567088d64ccb
fb9007c254c493be4a067de535b19a30f5e5aef3d5b19f58b1c72d2c65a04f79
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097