www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security...
Submission: On November 30 via api (November 30th 2021, 11:23:46 am UTC) from US — Scanned from DE

Summary HTTP 274 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 50 IPs in 5 countries across 39 domains to perform 274 HTTP transactions. The main IP is 2a04:4e42:4c::666, located in United States and belongs to FASTLY, US. The main domain is www.zdnet.com.
TLS certificate: Issued by R3 on October 26th 2021. Valid for: 3 months.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
52	2a04:4e42:4c:... 2a04:4e42:4c::666	54113 (FASTLY) (FASTLY)
4	2606:4700:303... 2606:4700:3037::6815:2b8a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
2	34.199.156.235 34.199.156.235	14618 (AMAZON-AES) (AMAZON-AES)
3	151.101.130.154 151.101.130.154	54113 (FASTLY) (FASTLY)
1	34.120.203.121 34.120.203.121	15169 (GOOGLE) (GOOGLE)
4	151.101.65.194 151.101.65.194	54113 (FASTLY) (FASTLY)
30	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
8	2a04:4e42:62:... 2a04:4e42:62::760	54113 (FASTLY) (FASTLY)
22	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.120.195.249 34.120.195.249	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:5... 2600:1901:0:524d::	15169 (GOOGLE) (GOOGLE)
1	52.208.32.237 52.208.32.237	16509 (AMAZON-02) (AMAZON-02)
2	35.179.78.10 35.179.78.10	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:6c0... 2a02:26f0:6c00:287::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2600:1901:1:5... 2600:1901:1:5ca::	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
2	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.224.193.91 13.224.193.91	16509 (AMAZON-02) (AMAZON-02)
18	184.72.183.173 184.72.183.173	14618 (AMAZON-AES) (AMAZON-AES)
2	18.211.163.90 18.211.163.90	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:20e... 2600:9000:20eb:0:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
2	54.174.20.197 54.174.20.197	14618 (AMAZON-AES) (AMAZON-AES)
4	13.224.198.4 13.224.198.4	16509 (AMAZON-02) (AMAZON-02)
7	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.33.220.240 185.33.220.240	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	2602:803:c003... 2602:803:c003:200::51	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.211.168.6 35.211.168.6	19527 (GOOGLE-2) (GOOGLE-2)
2	104.75.88.194 104.75.88.194	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.6.232.190 52.6.232.190	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.193.85 13.224.193.85	16509 (AMAZON-02) (AMAZON-02)
1	13.225.77.75 13.225.77.75	16509 (AMAZON-02) (AMAZON-02)
1	35.227.208.151 35.227.208.151	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21f... 2600:9000:21f3:7e00:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
23	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
11	184.30.25.161 184.30.25.161	16625 (AKAMAI-AS) (AKAMAI-AS)
274	50

52 2a04:4e42:4c::666 (United States)

ASN54113 (FASTLY, US)

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3037::6815:2b8a (United States)

ASN13335 (CLOUDFLARENET, US)

static.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:1:c36:: (United States) 1 redirects

ASN15169 (GOOGLE, US)

open.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.199.156.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-156-235.compute-1.amazonaws.com

a.myfidevs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.130.154 (United States)

ASN54113 (FASTLY, US)

at.adtech.redventures.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.203.121 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 121.203.120.34.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.65.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)

open.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o22381.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:524d:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

apresolve.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.32.237 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-32-237.eu-west-1.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.179.78.10 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-179-78-10.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:287::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

684dd32b.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:1:5ca:: (United States)

ASN15169 (GOOGLE, US)

gew1-spclient.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.193.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-91.fra2.r.cloudfront.net

cdn.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 184.72.183.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-183-173.compute-1.amazonaws.com

ingest.make.rvapps.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.211.163.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-163-90.compute-1.amazonaws.com

taggy.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:0:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.174.20.197 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-20-197.compute-1.amazonaws.com

monarch.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.198.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-4.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.220.240 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

cnet-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.211.168.6 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 6.168.211.35.bc.googleusercontent.com

sofia.trustx.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.88.194 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-194.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.6.232.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-232-190.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-85.fra2.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.77.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-77-75.fra2.r.cloudfront.net

geo.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.208.151 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 151.208.227.35.bc.googleusercontent.com

web-sdk.urbanairship.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7caf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:7e00:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 184.30.25.161 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-161.deploy.static.akamaitechnologies.com

redventuresgamdisplay60805146916.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	zdnet.com www.zdnet.com urs.zdnet.com	961 KB
40	googlesyndication.com pagead2.googlesyndication.com e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com tpc.googlesyndication.com 9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com 30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com 26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com	203 KB
30	doubleclick.net securepubads.g.doubleclick.net	642 KB
25	moatads.com z.moatads.com mb.moatads.com geo.moatads.com px.moatads.com	873 KB
18	rvapps.io ingest.make.rvapps.io	2 KB
11	moatpixel.com redventuresgamdisplay60805146916.s.moatpixel.com	3 KB
9	google.com adservice.google.com www.google.com	4 KB
8	scdn.co open.scdn.co i.scdn.co	783 KB
8	spotify.com 1 redirects open.spotify.com apresolve.spotify.com gew1-spclient.spotify.com	11 KB
7	googletagservices.com www.googletagservices.com	255 KB
7	yahoo.com c2shb.ssp.yahoo.com	843 B
7	cohesionapps.com cdn.cohesionapps.com taggy.cohesionapps.com monarch.cohesionapps.com	32 KB
5	rubiconproject.com fastlane.rubiconproject.com	6 KB
4	google.de adservice.google.de	1 KB
4	amazon-adsystem.com c.amazon-adsystem.com	41 KB
4	fastly.net confiant-integrations.global.ssl.fastly.net	182 KB
4	go-mpulse.net c.go-mpulse.net	53 KB
4	myfinance.com static.myfinance.com www.myfinance.com	65 KB
3	redventures.io at.adtech.redventures.io	179 KB
2	unpkg.com 1 redirects unpkg.com	2 KB
2	tiqcdn.com tags.tiqcdn.com	41 KB
2	nr-data.net bam-cell.nr-data.net	1 KB
2	akstat.io 684dd32b.akstat.io	708 B
2	myfidevs.io a.myfidevs.io	166 B
1	imrworldwide.com cdn-gl.imrworldwide.com	5 KB
1	2mdn.net s0.2mdn.net	123 KB
1	urbanairship.com web-sdk.urbanairship.com	36 KB
1	privacymanager.io geo.privacymanager.io	594 B
1	rlcdn.com ats.rlcdn.com	61 KB
1	chartbeat.net ping.chartbeat.net	201 B
1	trustx.org sofia.trustx.org	307 B
1	pubmatic.com hbopenbid.pubmatic.com	115 B
1	sonobi.com apex.go.sonobi.com	829 B
1	openx.net cnet-d.openx.net	379 B
1	adnxs.com ib.adnxs.com	1 KB
1	casalemedia.com htlb.casalemedia.com	328 B
1	chartbeat.com static.chartbeat.com	23 KB
1	newrelic.com js-agent.newrelic.com	17 KB
1	sentry.io o22381.ingest.sentry.io	245 B
274	39

	Domain	Requested by
52	www.zdnet.com	www.zdnet.com
30	securepubads.g.doubleclick.net	www.zdnet.com securepubads.g.doubleclick.net www.googletagservices.com
22	pagead2.googlesyndication.com	www.zdnet.com securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
18	ingest.make.rvapps.io	www.zdnet.com
14	px.moatads.com
14	tpc.googlesyndication.com	www.zdnet.com securepubads.g.doubleclick.net tpc.googlesyndication.com
11	redventuresgamdisplay60805146916.s.moatpixel.com
8	z.moatads.com	www.zdnet.com securepubads.g.doubleclick.net
7	www.googletagservices.com	www.zdnet.com securepubads.g.doubleclick.net
7	c2shb.ssp.yahoo.com	www.zdnet.com
7	open.scdn.co	open.spotify.com
5	www.google.com	www.zdnet.com securepubads.g.doubleclick.net tpc.googlesyndication.com
5	fastlane.rubiconproject.com	www.zdnet.com
4	adservice.google.com	www.zdnet.com securepubads.g.doubleclick.net
4	adservice.google.de	www.zdnet.com securepubads.g.doubleclick.net
4	c.amazon-adsystem.com	www.zdnet.com
4	gew1-spclient.spotify.com	open.scdn.co
4	confiant-integrations.global.ssl.fastly.net	www.zdnet.com
4	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net
3	cdn.cohesionapps.com	www.zdnet.com cdn.cohesionapps.com
3	at.adtech.redventures.io	www.zdnet.com
3	open.spotify.com	1 redirects www.zdnet.com open.scdn.co
2	unpkg.com	1 redirects
2	tags.tiqcdn.com	www.zdnet.com
2	monarch.cohesionapps.com	www.zdnet.com
2	taggy.cohesionapps.com	www.zdnet.com
2	bam-cell.nr-data.net	www.zdnet.com
2	684dd32b.akstat.io	www.zdnet.com c.go-mpulse.net
2	geo.moatads.com	z.moatads.com
2	www.myfinance.com	www.zdnet.com
2	a.myfidevs.io	www.zdnet.com
2	static.myfinance.com	www.zdnet.com
1	26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com	www.zdnet.com
1	cdn-gl.imrworldwide.com	www.zdnet.com
1	s0.2mdn.net	www.zdnet.com
1	web-sdk.urbanairship.com	www.zdnet.com
1	geo.privacymanager.io	www.zdnet.com
1	ats.rlcdn.com	www.zdnet.com
1	ping.chartbeat.net
1	sofia.trustx.org	www.zdnet.com
1	hbopenbid.pubmatic.com	www.zdnet.com
1	apex.go.sonobi.com	www.zdnet.com
1	cnet-d.openx.net	www.zdnet.com
1	ib.adnxs.com	www.zdnet.com
1	htlb.casalemedia.com	www.zdnet.com
1	static.chartbeat.com	www.zdnet.com
1	js-agent.newrelic.com	www.zdnet.com
1	mb.moatads.com	z.moatads.com
1	apresolve.spotify.com	open.scdn.co
1	o22381.ingest.sentry.io	open.scdn.co
1	i.scdn.co	open.spotify.com
1	urs.zdnet.com	www.zdnet.com
274	55

This site contains links to these domains. Also see Links.

Domain
downloads.zdnet.com
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
www.threatfabric.com
threatfabric.com
redventures.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
narratives.zdnet.com
privacyportal.onetrust.com
support.zdnet.com
academy.zdnet.com

Subject Issuer	Validity	Valid
*.zdnet.com R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
*.spotify.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-03` - `2022-05-03`	a year	crt.sh
*.myfidevs.io Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
at.adtech.redventures.io R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.scdn.co DigiCert TLS RSA SHA256 2020 CA1	`2021-08-06` - `2022-09-02`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.ingest.sentry.io R3	`2021-10-24` - `2022-01-22`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
cdn.cohesionapps.com Amazon	`2021-01-17` - `2022-02-14`	a year	crt.sh
ingest.make.rvapps.io Amazon	`2021-09-26` - `2022-10-24`	a year	crt.sh
*.taggy.cohesionapps.com Amazon	`2021-02-27` - `2022-03-28`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.monarch.cohesionapps.com Amazon	`2021-10-11` - `2022-11-08`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
sofia.trustx.org Sectigo RSA Domain Validation Secure Server CA	`2020-12-15` - `2021-12-29`	a year	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2021-04-19` - `2022-04-27`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.privacymanager.io Amazon	`2021-09-25` - `2022-10-24`	a year	crt.sh
*.urbanairship.com DigiCert SHA2 Secure Server CA	`2020-06-09` - `2022-07-14`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 23 frames:

Primary Page: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Frame ID: FC07D3E40B3864CFC06C40BCECF88C3F
Requests: 158 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: BA49C6377C35DE2E5B2E844A434E75C7
Requests: 2 HTTP requests in this frame

Frame: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Frame ID: 8B268939D26FC2D3E3B14BEE122C52E4
Requests: 14 HTTP requests in this frame

Frame: https://cdn.cohesionapps.com/cohesion/xs2.html
Frame ID: 1D1E8AC012559CA23C7B060479C58FCD
Requests: 2 HTTP requests in this frame

Frame: https://e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2B5208A26B5D2CEFF7CC8754EB126F6B
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss-ou1-bpLzDODHXDL_5-bhicnWIwSsxFeMnlETA9WGv2buCyXmk1r_sg5vSdTBDFmvQ_gk6B8VtC27DzATo-rvRB0AEeo7Jb5l4IcCW8_Hdj0EFSR2eycZ2uY7egPf9ciwmQ51ZU6uJsPAzyCDRAzy5ntWgORff07d9hW3dXErKSxcPHmtu-s9F7Iaau6k7Fr1woyv85xsE7yXIUBHuCjULO6Day0mmosZYD_FxZYYp1ja--JIfv-eXbch-CFKq8oybcjpPWOYfj_xJlHHb7OltdB2zpHHJ0QNOWrgduAfD8wrNpxfhCSHnQsYOsuVCE7-&sai=AMfl-YTZD4OpnoEflcxUI417ixu87jJA-qk8OXBxkH5LazS9hQcWyeUlp0YNOyKzkLGj7tSzrqHhJms6SyKC27n15tV77H_bkFESUblgw1Mr3E5dJiAoLeXj42h1QsUyk4k&sig=Cg0ArKJSzMnOszsAxGbSEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 1C09BFAAEE7A442D5561F346F8809CF4
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvb2ygEvu0EeZ_X1fhdxOJEw2GQfCgZ6YIOcTwGWZZMBGgjIzJ1qAGVuK_Dgaow1S9DJ-36bzaAZEfafcj73ApcrfXa9od98HO2tEratiJHZ8HkMwawBSjgtNJPRF8qOBlKDOtIHfdw0dnKMM9rbWMPFhmSSPoosmkoksblYY3XlZSo_XGNCTVfhUAQniZS8eVGXLY1zxFE1LAk_aiqeAVJnQWQbspvAGoeSJpQ8Iaw37Kj2RIZLXMce3xOng9hpIgeRdtZocqNEBePam0ORrSs6Aodn9kslhdaqdv-P02-UF6adqjaN-8cx2ap1YLV&sai=AMfl-YQ4J2LAW-gUCkAIEw7QNlLq_O3ehXpVv6CjCZfxlJu3egw8y2SQM1HE5JuCnSYQK62udoRjEOpBY0-3FQkIXFUJiTr0IHujVRq6nkH2CJlVarcEc3aij9mgQeqFyhM&sig=Cg0ArKJSzKjO5J3X8A0wEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: FE990EAD3897A00D0B8942B463818FA5
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthxKWpaTk5uhQYQI_ahoQDobNgfr_QGydoEIifbtSIeTRjSe8oXMRkebhawHqMjcgjXWq2ZG5EQUQ0PLCn4pExykmML2oLkBGlzH0U-L2AjHmvdSZANk8KrfsVhYk9eVhd6IcP9H9bB-VE4GcjEg8Y_Ut97dSjF7lfbQPT0AXsKpfoikG0MiM2ySb1NpvlyB1cu1Jzuk3UUdU3XRa2S8ocXPOf9Hhdl1BXDjZouRsIRwjqSIgmELC1LcKkbztIAbgxUfWfGakZjQ4Lq5UkEwRURVyHz90ed09DLVUN9VoLv1Z0wijupgO4SLPpN_-w&sai=AMfl-YTQguv-3o0JcMwo_qXgmDkdpyQHVUusgY8Miy8fQwd0sv9f1PBSoku-tL-eUGLl8TyqjCTjtWdYsw9woe5tG3troZTK74_U3q3ylbTTAAo3OO0_pmmdTAThcx6VpSg&sig=Cg0ArKJSzG2iE5MLgV6pEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E202384B5C7F905A137614781F0DC440
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudVY2SDDV1bIEPATt9XRy7IoYjP9WXJ0-jxBTEYvZZOCHGugdxcMrW2J80yaSV2ReIAFkyKknjWU_8ncSNUb7KeYa3xjwwLLaNAJDbL3g87hVAHXY3hlA8zfBHNiBKjlfRI0ddRyFiX6fyY0AYrXgrdfODk1wxVSgnYTLdCWB66xu5lTl6nMajsKFtLJMGoLpgo0vNWHAXrqp3WbFCGZY4XkCb2HXCz5zsb9Ocq5bKUGt4QdKZTVK4fPtAKWe1TNPd6B1wU9F9Iv3BrEw_BDq00Rn99Z84h_k3ctcxjkAcwzFuYv7RUfuBz5Dn9Ohm&sai=AMfl-YQGYaezSgHGp6mWV-YFPBauoEirSKS-kBiGzujgsS0CLZbmdRYnbXxdPEdJkThiqwMFTFIJmG3B7VPyIlYfXFoPUyVfFMViBSUBK0F5QSox_Tii1eSbvtU9AT7kl4S1&sig=Cg0ArKJSzFL1v8J2Zut5EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: CFC59C3AE1A0A2FA66E89196176745A1
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 799024EF56012AB206FADAF8DD7B705D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DE54CE7001E7D95B1E71CCD6877BE4E8
Requests: 2 HTTP requests in this frame

Frame: https://9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3C329A57D29CF44E8728A56842EC085F
Requests: 1 HTTP requests in this frame

Frame: https://30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: FA9D9D25129AB40AD789B38A0757BC71
Requests: 1 HTTP requests in this frame

Frame: https://26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 251E47FB397A41E91F291811FB3EF7F9
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQKLNCEzuszl4F-q_SYPL0YKVcR6-mE0aGL2SRCeEv8q8LxceJQyUmZxMN_FaHgiZo222fqBgVzAoCSDrfHTY8ceasiSTPfzCVwMLFIuqFiWXwkCxLxqWvBDnTcYzwJaMrIghXHyrmg0Ye-xu6WQLU3e4Ojruzc5xUillNApehH_lCrGt18Kp-ZOltNG12fNVdgVYQRKmFYTWx-nvavFSBBLZTtHoNbKQoy1C7KWqkYNiU9zkhysqyUOk0m8MLAbXs-sBrYtEGUgjAOYtKqW8MRBXTaMLppo-Y4IeUHOtVi7p2a9HERg&sig=Cg0ArKJSzAW5N-wVWpLxEAE&uach_m=[UACH]&adurl=
Frame ID: EA189B36E8B677F1B4E6FC1972945351
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6u_kgGKXLisBeUlClsbSOT-b-GIHwrkw32ECIpeV6HCM-bEjzk1M9T8b4Pb0gJ2EcI8uE3nI-_0_qg1wx2uxVINQz1KTCRAfPmlJDORcUfTelAWsK2MO_UjxABM2HbHxBBi4v2s99Grlewdui4JkMX4UGs7bLboZTOacOokkRGy7E_ad5BmdYI-2QPc3BIY0XRTtjB94VUpwoDM4HdEMytCeMUY7M9YovvweV6LJH5CohZQE_HsvsUfz5eh-2L7Va7KQQdEH-R4XpDuyuJwEddEcOwr-ldZPwKSMRRamo4J1N4eTAxQ&sig=Cg0ArKJSzMW232lAN9SPEAE&uach_m=[UACH]&adurl=
Frame ID: DCC09047BB256D7F045D733EDB2AAB08
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-eVCgtoPwDCU7yEWVm5R3iOLX4hH6_p5YwZDgNn4v7-kZAc8OptPg7KcIdDkbzdM993x5FJ5m18X16beskzyuTGUcbHTt1tDFFbYczeYOSLiU3Uc7b1iu0eUlN0LFBQEol20KyW3FScm_hrOMWlj2SIecSZsbzgESakG-NBlZIcnGvVMg89yDMIDpFCcq8cj0OHmzF4Q595YprfKUy3wqYEOJB1BsApngWqiZoyxT3illEhoXvcodpqFG2nD4aQ3K7mT2Us8Gt129ih1Lug4dqMSDSoKoRPBeXObDDW_6BA3NNnBtcA&sig=Cg0ArKJSzPN8zQNNLcbKEAE&uach_m=[UACH]&adurl=
Frame ID: 68455722719651D626C3DE48E0FFDA5D
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 013B734957139888C20A7B23E8633951
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D95685C572D4BD33680EB6EF717A63F6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 10DEA0D723B4DC7B506733F18718C653
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 35E15FCE245B069E2897F91774B35F2C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 6D979A4A182475B120217F01947D988E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EBFC101B62D5205F402E7DA3E82AAA5A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Over 300,000 Android users have downloaded these banking trojan malware apps, say security researchers | ZDNet

Page Statistics

274
Requests

100 %
HTTPS

41 %
IPv6

39
Domains

55
Subdomains

50
IPs

5
Countries

4610 kB
Transfer

14345 kB
Size

42
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://downloads.zdnet.com/
Title: Downloads

Search URL Search Domain Scan URL

URL: http://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: http://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: http://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: http://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html
Title: cybersecurity researchers at ThreatFabric

Search URL Search Domain Scan URL

URL: https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
Title: an Android banking trojan

Search URL Search Domain Scan URL

URL: https://threatfabric.com/blogs/ermac-another-cerberus-reborn.html
Title: Ermac,

Search URL Search Domain Scan URL

URL: https://redventures.com/CMG-terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://redventures.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ZDNet/

Search URL Search Domain Scan URL

URL: https://twitter.com/zdnet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/79ba7c84-ebc2-4740-8d11-bf1cc4501e59/ae88e03f-2b16-4276-9980-27124ba4b2c1
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://support.zdnet.com/
Title: Site Assistance

Search URL Search Domain Scan URL

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://open.spotify.com/embed/episode/7frpbXo4jPvnk0N3gBGpo6 HTTP 302
https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6

Request Chain 141

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.iife.js

274 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/ 258 KB
98 KB 486ms
449ms Document
text/html 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ee9ed73d5a19232516cf046bf720d02b6f8ab4a3abaf08069a6879ec2e2e576a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-type: text/html; charset=UTF-8
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
last-modified: Tue, 30 Nov 2021 11:23:38 GMT
link: <https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css>; rel="preload"; as="style"; nopush
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: 0878451e-3d3a-43ba-9b85-34865c08cff9
x-xss-protection: 1; mode=block
date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
cache-control: max-age=5400, private
expires: Tue, 30 Nov 2021 12:53:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
content-length: 99639

GET
H2 200 main-18d06c4f4a-rev.css
www.zdnet.com/a/fly/css/core/ 318 KB
54 KB 11ms
11ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

aca7d1a59ffc28087ff2e504cdeb2bd10fa3b1135cd6964c1c0b7d1690b5cf33

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 54520
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:39 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "77ea0fc9e4305e5aed98b11edb794a97"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Dec 2021 18:24:16 GMT

GET
H2 200 inlineMedia_core.js Show response
static.myfinance.com/widget/ 184 KB
63 KB 53ms
25ms Script
application/javascript 2606:4700:3037::6815:2b8a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia_core.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2b8a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

829c410a6b21a34e4127e1ae45f244189a83493c13712d9e5d98f1d2dc19c3f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6508
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: PPE0TCCX8MS56HQ2
x-amz-id-2: ijmYvxrIQL9dPGG5er9wWMBSTgjdDuWZ1d9ZySmq5ugYeCB1xVv7t7sAfK1LYRkd3ima/wQsaYA=
last-modified: Tue, 16 Nov 2021 19:32:09 GMT
server: cloudflare
etag: W/"72763a8104cb9ae82dfbd403a0e82253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9syRN9pxRkte9oMrZSf4Rvs9iP9cuACSzrL5zhk5VuJ5Mt7RT5uior%2FXhaRZt73vFJaNJrD2%2FADh2Lk46NlPpd7HhUGLlMU3kPMUYYOD5cjzLMsp8HoxbDW5DB3LrmCS1lLxyY2k%2BeYb37vJ%2FVUnoJstQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6b63b4716b982b95-FRA

GET
H2 200 optanon-v1.1.0.js Show response
www.zdnet.com/a/privacy/optanon/ 36 KB
10 KB 7ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/privacy/optanon/optanon-v1.1.0.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 10444
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Mar 2021 19:22:21 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "46e2aa30cbebb708b5fc468d57d56d8b"
strict-transport-security: max-age=31536000
content-language: en
via: 1.1 varnish
cache-control: public, max-age=86400
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 18 Nov 2021 07:05:01 GMT

GET
H2 200 controls-9907033ccd-rev.css
www.zdnet.com/a/fly/css/video/htmlPlayerControls/ 25 KB
4 KB 6ms
6ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-9907033ccd-rev.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7a9aa5ececdb05df914b3b0570b632620d5de5241ba6ad392b419930e5d7339e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 4314
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:39 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "1011ad574498b9142eca19b78c8c7069"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Dec 2021 18:24:17 GMT

GET
H2 200 inlineMedia.css
static.myfinance.com/widget/ 3 KB
2 KB 31ms
20ms Stylesheet
text/css 2606:4700:3037::6815:2b8a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2b8a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6029
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: RM9EMK8GHMB7NW7G
x-amz-id-2: rO4/tb/v63P6c/qJxa0JBYiRUj2pmFCIHFUoYyKlU+xVn/UKNLDsHpQEB0iQ2jT47cP+krHxRTQ=
last-modified: Mon, 12 Jul 2021 14:22:18 GMT
server: cloudflare
etag: W/"528a38ce39fc58a866c1226253bbb189"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFgOu7QJzMAsvoISLiPnwblMJhjBdEz78QGrkaS1wzC8VRjAZfQRQggqdR%2FpBSTxy2RtLpgaalNTo3Dv7QPEsYX2bpAEd3qXsEeJa5oIuggttG%2FTWdzZX4qL5wahM1vN%2BpIIM1Q7fO7WdJek42N7otVwgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6b63b4716b9b2b95-FRA

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame BA49 205 KB
50 KB 35ms
12ms Script
application/javascript 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: br
Last-Modified: Thu, 14 Oct 2021 03:09:47 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50393

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dp-zdnet-headshot-feb-20201.jpg
www.zdnet.com/a/img/resize/9259eca9a8f834cb7b14643148e61e3b39577a61/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/ 716 B
1016 B 7ms
6ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/9259eca9a8f834cb7b14643148e61e3b39577a61/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/dp-zdnet-headshot-feb-20201.jpg?width=40&height=40&fit=crop&auto=webp

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fbd386a534a28e9d0f78937d580f5a4dbe30977c8ba1add018490c736055513

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=32909 idim=685x644 ifmt=jpeg ofsz=716 odim=40x40 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085488055452
fastly-stats: io=1
content-length: 716
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "OwAW3yvt++heYB8h65SwvwfxWmlVQV7J+CMlYbmiqeY"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 16 Nov 2021 16:01:49 GMT

GET
H2 200 20201123-wisniewski-danny.jpg
www.zdnet.com/a/img/resize/18c1665e6d8dcfd34fba608720b7ee52c42aeee2/2020/11/23/98be45f4-31a4-4c45-bd04-4cb95c7a39b5/ 20 KB
20 KB 7ms
7ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/18c1665e6d8dcfd34fba608720b7ee52c42aeee2/2020/11/23/98be45f4-31a4-4c45-bd04-4cb95c7a39b5/20201123-wisniewski-danny.jpg?width=570&height=322&fit=crop&auto=webp

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0e34a1f8b89711313e93713b9857ea849baf24c0984b9ac82feab9d8f68d9969

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=114068 idim=1920x1080 ifmt=jpeg ofsz=20292 odim=570x322 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1606158754164390
fastly-stats: io=1
content-length: 20292
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "Lz1x9hO6tJMqrELedfa8tgtd0ponqpj6fyDZvY55KzM"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 21 Nov 2021 20:12:09 GMT

GET
H2

200

7frpbXo4jPvnk0N3gBGpo6 Show response
open.spotify.com/embed-podcast/episode/ Frame 8B26
Redirect Chain

https://open.spotify.com/embed/episode/7frpbXo4jPvnk0N3gBGpo6
https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6

38 KB
10 KB

248ms
248ms

Document
text/html

2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

5b4a0c5cc220db63da25bd2ec9c5813ff9d3d01e13512b60aae63a43727c0773

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
spotify-request-id: 81a3399a-ea67-47bb-9e4f-738fb48a2973
content-encoding: br
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: 78b6d42b125bed18
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

Redirect headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-type: text/html
location: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: b881111fa239742a
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 require-2.1.2.js Show response
www.zdnet.com/a/fly/js/libs/ 16 KB
6 KB 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/require-2.1.2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 6169
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3345dfd23470c3ecbb5fba75e9cb6bad"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:58 GMT

GET
H2 200 mag-white01.png
www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/ 1 KB
1 KB 7ms
6ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/mag-white01.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://*.zdnet.com:*
via: 1.1 varnish
last-modified: Wed, 24 Nov 2021 18:22:43 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
date: Tue, 30 Nov 2021 11:23:39 GMT
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1265
x-xss-protection: 1; mode=block
expires: Wed, 01 Dec 2021 18:24:29 GMT

GET
H2 200 ring-animated.svg
www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/video/ 704 B
864 B 6ms
6ms Image
image/svg+xml 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/video/ring-animated.svg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-9907033ccd-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-9907033ccd-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 704
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:42 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5f87ac7f571b5a0b1cdc101b49cdc8de"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Dec 2021 18:24:18 GMT

GET
H2 200 logo.png
www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/ 4 KB
4 KB 7ms
6ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/logo.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://*.zdnet.com:*
via: 1.1 varnish
last-modified: Wed, 24 Nov 2021 18:22:43 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
date: Tue, 30 Nov 2021 11:23:39 GMT
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 4105
x-xss-protection: 1; mode=block
expires: Wed, 01 Dec 2021 18:23:25 GMT

GET
H2 200 Regular.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 7ms
7ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20256
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Nov 2021 15:35:30 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2d636d9395b2da27ce67040250333ca4"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 18:20:56 GMT

GET
H2 200 Semibold.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 9ms
8ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20344
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Nov 2021 15:35:29 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 18:20:56 GMT

OPTIONS
H2 204 record
a.myfidevs.io/ Frame 0
0 313ms
102ms Preflight 34.199.156.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.156.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-156-235.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: *
server: Python/3.7 aiohttp/3.7.4.post0

OPTIONS
H2 200 v1.5
www.myfinance.com/api/au/ Frame 0
0 155ms
123ms Preflight
text/html 2606:4700:3037::6815:2b8a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvb3Zlci0zMDAwMDAtYW5kcm9pZC11c2Vycy1oYXZlLWRvd25sb2FkZWQtdGhlc2UtYmFua2luZy10cm9qYW4tbWFsd2FyZS1hcHBzLXNheS1zZWN1cml0eS1yZXNlYXJjaGVycy8=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2b8a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-type: text/html; charset=utf-8
vary: Origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken, x-api-key, Access-Control-Allow-Origin
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-max-age: 86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RfzlR5SWxGSgI8pOXqhh9Q4TuRUNZC%2FmJ3oevR8P9Nt4alMcEevJ%2BMDE3jP0zgsX2ddLSAS9773hPwAr8bM%2FwUI7eIYMnI0x%2F%2FN0E%2FBlgtdYLzpHH10axFCCdTug8EkePuP5AQJAGqWKERihNjViCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6b63b4721946692b-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 204 record Show response
a.myfidevs.io/ 0
166 B 133ms
133ms XHR
text/plain 34.199.156.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.156.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-156-235.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-api-key: yuH27H1QId6afXAojow6Tafi7Vw9v1spaLD5Yznw
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:39 GMT
access-control-allow-credentials: true
server: Python/3.7 aiohttp/3.7.4.post0
access-control-allow-headers: *
access-control-allow-methods: POST

POST
H2 200 v1.5 Show response
www.myfinance.com/api/au/ 1 KB
1 KB 1094ms
1093ms XHR
application/json 2606:4700:3037::6815:2b8a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2b8a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c19548fb1418854d2e42c1e7271785b813fb4d52a33bed0202291415d91d9b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-type: application/json
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
allow: POST, GET
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJlqj3P2zU0x2YKQUg%2BBLuCp5f6OnVK3Lyppd4aAQNewfx4noaKWLA2qF7zNzWZtsl7C8Gny4WNyhXA5qwElq3XeffFRIoqKBM1OKULfIDKj%2BS6rx3Rx3EuAMvQPV%2F4frhqXpd4pQCThCInwfwci0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language: en-us
access-control-allow-origin: https://www.zdnet.com
vary: Accept, Accept-Language, Origin, Cookie
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b63b472eaf7692b-FRA
expires: Tue, 30 Nov 2021 11:23:40 GMT

GET
H2 200 main.default.js Show response
www.zdnet.com/a/fly/f20691-fly/js/ 223 KB
70 KB 10ms
9ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7985d5ce5be24a80a61822dd20c9cb939daa6a64a0bd19e17b2461225e687bf6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 71797
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:30 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a6aaf309c2ba87beaabe7a12214d9521"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Dec 2021 18:24:19 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame BA49 2 KB
1 KB 41ms
28ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5460905&v=1.720.0&if=&sl=0&si=62e45f17-777d-46e2-b4af-bf14cab22527-r3dubf&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 21c23ed772215912ad01ed0e5d98e99f681b525c93d4ee7bfedb8dbd2c062729

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 799

GET
H2 200 bidbarrel-zdnet-rv.min.js Show response
at.adtech.redventures.io/lib/dist/prod/ 607 KB
177 KB 35ms
12ms Script
application/javascript 151.101.130.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://at.adtech.redventures.io/lib/dist/prod/bidbarrel-zdnet-rv.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 eab88762658052b4a1e386f8521a38cf.cloudfront.net (CloudFront), 1.1 varnish
age: 266
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 180330
x-served-by: cache-fra19179-FRA
last-modified: Thu, 28 Oct 2021 17:15:17 GMT
server: AmazonS3
x-timer: S1638271419.259951,VS0,VE1
etag: "873be44731952ce6844f825d0be702dd"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=900, public, must-revalidate
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: gv7jA5SKLkIh87wtSEuBMY8y2vNSOQphgN8UdlC4fal_7VBVMbQ_SQ==
x-cache-hits: 1

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 145ms
113ms Script
application/javascript 34.120.203.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://urs.zdnet.com/sdk/urs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.203.121 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

121.203.120.34.bc.googleusercontent.com

Software

Resource Hash

fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 google
last-modified: Tue, 12 Jan 2021 17:00:48 GMT
etag: "5ffdd5c0-c803"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
alt-svc: clear
content-length: 51203

GET
H2 200 mpulse-1.0.2.js Show response
www.zdnet.com/a/fly/js/libs/ 61 KB
12 KB 7ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/mpulse-1.0.2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 12449
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:38 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "c7d1617e6b23b337a7f06b223b439559"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Dec 2021 05:39:10 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 27ms
27ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1638271419271&s=dbf9d174576b48436f8a5608dc6fc9cac18fa6d26c20e882d26187691525b8e6
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a1481a869c209a23e9b7a546ba1389db943c5f0677485eae3d0321613b582d21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 875

OPTIONS
H2 200 diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ Frame 0
0 141ms
127ms Preflight
text/html 151.101.130.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cat,content-type,variant,version
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: *
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-cloud-trace-context: 546d7718436466c2a546fb965eb31fd6
server: Google Frontend
accept-ranges: bytes
date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 varnish
x-served-by: cache-fra19143-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1638271419.351054,VS0,VE121
vary: Accept-Encoding, Origin
content-length: 8

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 153 KB
31 KB 29ms
7ms Script
text/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 720219db365c2769d66e4d0a970470534fea9ba1eda692673c6d11891f289420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Age: 2672
X-Cache: HIT
Connection: keep-alive
Content-Length: 30681
x-amz-id-2: rK+WapPPyA4cs54AqHRra+Q49E/ksQKJaNYAPpZ0KMtMgIU5wSyKjy9FeaEqqsGZud4fZWAxN/c=
X-Served-By: cache-hhn4079-HHN
Last-Modified: Tue, 30 Nov 2021 10:28:31 GMT
Server: AmazonS3
X-Timer: S1638271419.339137,VS0,VE0
ETag: "acbcfd8ef431be643eaa1a5b6eba4610"
x-amz-request-id: 0E9GMM2GRN9ZP492
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 122

GET
H2 200 diff Show response
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ 25 KB
3 KB 7ms
7ms Fetch
application/json 151.101.130.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

fe0474b15e84ea1b35c66376a24e4dc66075254bc58fcc1d8f93bae21453ee8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

cat: 5zTciER5s
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
variant: core
version: rv2.25.6

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
age: 121
x-dns-prefetch-control: off
x-cache: HIT
ttl: 900s
content-length: 2639
x-xss-protection: 1; mode=block
x-served-by: cache-fra19143-FRA
access-control-allow-origin: *
server: Google Frontend
x-timer: S1638271419.479831,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 30 Nov 2021 11:23:39 GMT
x-download-options: noopen
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: a10181a56a9925dc36643979b8e8d023
cache-control: max-age=900
etag: W/5e127206efa274c08db2b67950cf57af2af27796
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 42ms
20ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c02cae5b2de27b0f12598ab23cf91b1e0e99dda2821e2d17510497e23093cbe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1059 / 590 of 1000 / last-modified: 1637708807"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26862
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:39 GMT

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/ 189 KB
60 KB 6ms
6ms Script
application/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Age: 666
X-Cache: HIT
Connection: keep-alive
Content-Length: 61293
x-amz-id-2: +rWc6eufU5jOidbpbNf5nmNWOido4rIxQv3uw12a/d3yxJRo1iZ3OEwmGrZLUFynrCrg65zOrg4=
X-Served-By: cache-hhn4079-HHN
Last-Modified: Wed, 17 Nov 2021 21:29:49 GMT
Server: AmazonS3
X-Timer: S1638271419.361700,VS0,VE0
ETag: "cb7589d017ac65aecf6dc6f5ec17c4b7"
x-amz-request-id: 06PEXESX9KBETWN5
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1087

GET
H2 200 article-86184d81e5-rev.js Show response
www.zdnet.com/a/fly/js/pages/ 104 KB
27 KB 13ms
13ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/pages/article-86184d81e5-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

364e9fa8e5ebd2723bceb6ad16241c713dbf20df34f4694041995de5b499eca3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 27159
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "f9400dddd9df36d13ec7455e50015b28"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:55 GMT

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 28ms
14ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js?31063798

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:39 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 217 B
153 B 29ms
15ms XHR
application/json 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdnet.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128
x-xss-protection: 0
expires: Tue, 30 Nov 2021 11:23:39 GMT

GET
H/1.1 200
OK CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ Frame 8B26 71 KB
72 KB 38ms
8ms Font
application/octet-stream 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Referer: https://open.spotify.com/
Origin: https://open.spotify.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Last-Modified: Thu, 28 Oct 2021 13:16:22 GMT
Age: 2844114
ETag: "c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By: cache-ord1730-ORD, cache-hhn11533-HHN
X-Cache: HIT, HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 72840
X-Cache-Hits: 1, 547306

GET
H/1.1 200
OK spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ Frame 8B26 56 KB
56 KB 37ms
7ms Font
application/octet-stream 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Referer: https://open.spotify.com/
Origin: https://open.spotify.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Last-Modified: Tue, 02 Nov 2021 15:32:22 GMT
Age: 2260599
ETag: "3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By: cache-ord1743-ORD, cache-hhn11581-HHN
X-Cache: HIT, HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 56996
X-Cache-Hits: 1, 260413

GET
H/1.1 200
OK retargeting-pixels.1fa1ceda.js Show response
open.scdn.co/cdn/js/ Frame 8B26 615 B
820 B 30ms
6ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/js/retargeting-pixels.1fa1ceda.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c038ca53e8ede27d00975dcc66bb4d0250c2ff45e999b235c147d712b9c26835

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 06 Oct 2021 11:05:31 GMT
Age: 4098358
ETag: "bd5ed1d370de5966253b1e7b0976effc"
X-Served-By: cache-ord1746-ORD, cache-hhn11544-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 341
X-Cache-Hits: 1, 15661

GET
H/1.1 200
OK embed-podcast.3a62f418.css
open.scdn.co/cdn/build/embed-podcast/ Frame 8B26 9 KB
2 KB 37ms
7ms Stylesheet
text/css 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.3a62f418.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 379b0b87a8d5f2d6ab3e2d641c6ac0ab7cbaf49ba1b83a8ab610c66879240263

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Last-Modified: Tue, 02 Nov 2021 15:32:21 GMT
Age: 1675866
ETag: "82441682fbcee55c81482f2265c33858"
X-Served-By: cache-ord1720-ORD, cache-hhn11563-HHN
X-Cache: HIT, HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1201
X-Cache-Hits: 1, 124703

GET
H/1.1 200
OK vendor~embed-podcast.c7c578e8.js Show response
open.scdn.co/cdn/build/embed-podcast/ Frame 8B26 2 MB
384 KB 31ms
8ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.c7c578e8.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1c4a81fe737f9dc2e300131170c78240f861b4fd2453fad280494aa856719220

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Nov 2021 10:28:24 GMT
Age: 3086
ETag: "6776f6a29dd207d98c2cac4f109a867f"
X-Served-By: cache-ord1723-ORD, cache-hhn11547-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 392394
X-Cache-Hits: 1, 884

GET
H/1.1 200
OK embed-podcast.83431d2a.js Show response
open.scdn.co/cdn/build/embed-podcast/ Frame 8B26 827 KB
187 KB 42ms
9ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.83431d2a.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: bba0abd7e4635a4a4510ccc58c1d61ff5c7a00a73767ca0c2f73be71bbdff311

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Nov 2021 10:28:24 GMT
Age: 3086
ETag: "75c13e1ef85f62ecf3c3ca6731260410"
X-Served-By: cache-ord1731-ORD, cache-hhn11528-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 191437
X-Cache-Hits: 1, 786

GET
H2 200 moatheader.js Show response
z.moatads.com/redventuresgamheader644747280705/ 240 KB
82 KB 44ms
9ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5d44d3b24d8b2e108b687663364c97645d9975ff390dfbfe0d7ed1f22270a2c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
last-modified: Tue, 23 Nov 2021 00:50:09 GMT
server: AmazonS3
x-amz-request-id: QWQTNKA9EDH1J42X
etag: "74a126c5ca44a1637421099dcdbf91a3"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=5674
accept-ranges: bytes
content-length: 83685
x-amz-id-2: FwSR1Tw4J2DRG96ttncGfz3BBSvTzgAWHtGJPEAjRyvg/XxDzzlKcUSz6Lbbq4hCr8AmpQVcd9o=

GET
H/1.1 200
OK ab67656300005f1fd9725a9a6e9d75a3693721f5
i.scdn.co/image/ Frame 8B26 13 KB
14 KB 29ms
7ms Image
image/jpeg 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.scdn.co/image/ab67656300005f1fd9725a9a6e9d75a3693721f5
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c6cc3bcc9535b59bf7e2c8cc47f9fc55b35627703e85cb423624ee0bf16ad82c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Last-Modified: Fri, 21 May 2021 16:03:01 GMT
Age: 78517
ETag: "5e8cd79c430899a519a31faa30b03781"
X-Served-By: cache-ord1725-ORD, cache-hhn11530-HHN
X-Cache: HIT, HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 13680
X-Cache-Hits: 1, 1

GET
H/1.1 200
OK CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ Frame 8B26 67 KB
68 KB 6ms
6ms Font
application/octet-stream 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Referer: https://open.spotify.com/
Origin: https://open.spotify.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:39 GMT
Last-Modified: Wed, 08 Sep 2021 15:56:05 GMT
Age: 7154007
ETag: "6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By: cache-ord1734-ORD, cache-hhn11533-HHN
X-Cache: HIT, HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 68852
X-Cache-Hits: 1, 357570

POST
H2 200 / Show response
o22381.ingest.sentry.io/api/1409086/envelope/ Frame 8B26 2 B
245 B 139ms
116ms Fetch
application/json 34.120.195.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://o22381.ingest.sentry.io/api/1409086/envelope/?sentry_key=80341f4271be4aec89050e48a0e4553e&sentry_version=7

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.c7c578e8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://open.spotify.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: application/json
access-control-allow-origin: https://open.spotify.com
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: clear
content-length: 2

GET
H2 200 / Show response
apresolve.spotify.com/ Frame 8B26 273 B
231 B 37ms
16ms Fetch
application/json 2600:1901:0:524d::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.c7c578e8.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0f1dc28a388e9bfb6757d2167be08207fc50492ee5bb5f41e8e818b30adbb58a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: clear
content-length: 103
via: 1.1 google

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 289 B
464 B 191ms
105ms Script
text/html 52.208.32.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&callback=MoatNadoAllJsonpRequest_72072739
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.32.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-32-237.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: a1efbf7e81aeaad7acf27abce0c865dc65d97fadf83d75ffd1f9cd6e0e13a413

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "57cc4562aa8aced9dd9b49a235743a7a6de12914"
content-length: 289
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 83 B
257 B 111ms
25ms Script
text/html 35.179.78.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1638271419806&de=78759957249&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=1&cb=0&cu=1638271419806&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A585%3A585%3A0%3A545&jk=-1&jm=-1&fs=195814&na=978674610&cs=0&ord=1638271419806&jv=1952338079&callback=DOMlessLLDcallback_72072739
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.78.10 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-179-78-10.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: c313ba70bdeaf3bd6d49770ca5a6ad0e14e9d12d45b09d3fdcc73321786f5ccc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "12da5b86c1e1b4b7a057bfa67fec29c064c3deec"
content-length: 83
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 86 B
259 B 112ms
26ms Script
text/html 35.179.78.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1638271419806&de=78759957249&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=2&cb=0&cu=1638271419806&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A585%3A585%3A0%3A545&jk=-1&jm=-1&fs=195814&na=2026249357&cs=0&callback=MoatDataJsonpRequest_72072739
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.78.10 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-179-78-10.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: a0326869074ca9534f7ee8970d46ef036172b85efe39101476c036c83b232607

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:39 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "e8a902724a88321d39ecaded76523c7f80608ad3"
content-length: 86
content-type: text/html; charset=UTF-8

GET
H/1.1 204
No Content / Show response
684dd32b.akstat.io/ 0
354 B 213ms
175ms XHR
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32b.akstat.io/?h.pg=article&when=1638271419797&cdim.Site_View=desktop&t_other=custom4%7C491&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=e99d5aef007ea4a5071fa9a29bb61316ff928de7-a7787067-2192eff8&h.t=1638271419286&http.initiator=api&rt.start=api&rt.si=4be081e1-9ad6-477c-a905-8077585ba8ae&rt.ss=1638271419971&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Tue, 30 Nov 2021 11:23:40 GMT

GET
H2 200 get_access_token Show response
open.spotify.com/ Frame 8B26 188 B
438 B 39ms
39ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/get_access_token?reason=transport&productType=embed_podcast

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.c7c578e8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

92a235291ecea5639cc3c617876d115db8f6bba7e83065bb091db644cef24b66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

sp-trace-id: ddf849edfc7b217f
date: Tue, 30 Nov 2021 11:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
spotify-request-id: 15185df8-72b0-4296-97a2-b5e03b92b689
vary: Accept-Encoding,Accept-Encoding
content-type: application/json; charset=utf-8
via: HTTP/2 edgeproxy, 1.1 google
strict-transport-security: max-age=31536000
alt-svc: clear
server: envoy
x-join-the-band: https://www.spotify.com/jobs/

POST
H2 200 events Show response
gew1-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 8B26 13 B
139 B 102ms
101ms Fetch
application/json 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.c7c578e8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date: Tue, 30 Nov 2021 11:23:39 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=0
access-control-allow-credentials: true
alt-svc: clear
content-length: 39
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H2 200 events
gew1-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 45ms
18ms Preflight 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/public/v3/events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://open.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 30 Nov 2021 11:23:39 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

POST
H2 200 events Show response
gew1-spclient.spotify.com/gabo-receiver-service/v3/ Frame 8B26 13 B
106 B 213ms
213ms Fetch
application/json 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/v3/events

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.c7c578e8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://open.spotify.com/
Accept-Language: de-DE,de;q=0.9
authorization: Bearer BQC_PAW6dlmJhTVZbfhgwakB_WH77bl4aFnnjjoLNF9shwMhZo4kCz7tDxGS8Iim81ZSAavjZiCCAOdq-Wc
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date: Tue, 30 Nov 2021 11:23:39 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=0
access-control-allow-credentials: true
alt-svc: clear
content-length: 39
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H2 200 events
gew1-spclient.spotify.com/gabo-receiver-service/v3/ Frame 0
0 20ms
19ms Preflight 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/v3/events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://open.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Tue, 30 Nov 2021 11:23:39 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 28ms
6ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: VG6YBKXNYMJ05RRS
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: CN/OtP3A9z0ShcwSC84Dp2716OPSVqHtXjTa3tL4kDFfrY9FTweTMDz1ynWsKHz8NETzizCEpEw=
x-served-by: cache-fra19168-FRA
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1638271420.068405,VS0,VE0
date: Tue, 30 Nov 2021 11:23:40 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2059

GET
H2 200 / Show response
www.zdnet.com/components/breaking-news/xhr/ 1 KB
1 KB 117ms
116ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d638a6892627a112015d134adc38859ab5e319013e9460b5e195b0ddff535be6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-06b6b423b83467fa----1638271420062
traceparent: 00-5fb05e922f6e2edb5781ba309f0ac6a0-06b6b423b83467fa-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiMDZiNmI0MjNiODM0NjdmYSIsInRyIjoiNWZiMDVlOTIyZjZlMmVkYjU3ODFiYTMwOWYwYWM2YTAiLCJ0aSI6MTYzODI3MTQyMDA2MiwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Nov 2021 11:06:44 GMT
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFtcXRQODFJfQzkGQ1NSCQ8NBW8MXRVLGhgCHVUJUQFRH1JKBgNWU1cUHgFIQ1dTB1QHVFIBVgNTVgNRVAFAFF5VXkAAZA==
x-frame-options: SAMEORIGIN
date: Tue, 30 Nov 2021 11:23:40 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: e3803d11-b4b4-4972-98c7-926a8964d3b1
content-type: application/json
via: 1.1 varnish
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Tue, 30 Nov 2021 12:36:44 GMT

GET
H2 200 track-cwv-72dfb3ae38-rev.js Show response
www.zdnet.com/a/fly/js/components/ 239 B
335 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/track-cwv-72dfb3ae38-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 199
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:43 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "abc110bf9cfcef4ef9258a0e97109c3d"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Dec 2021 06:24:17 GMT

GET
H2 200 zdnet-video-ea6f24fc09-rev.js Show response
www.zdnet.com/a/fly/js/components/ 31 KB
10 KB 7ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/zdnet-video-ea6f24fc09-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 9744
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:24 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "82e8241da31ef0c9bca0cdc3c2aae5ea"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:21:10 GMT

GET
H2 200 disqus-loader-891338aca1-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
801 B 7ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/disqus-loader-891338aca1-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

bb852945d8e9ae2dddadccfbce542830d5e86adf940a29239fa2742d6e79e2fb

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 685
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "6d7b6df2d13d78b5a3112ab2a52eab9c"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H2 200 front-door-carousel-dcdcc78ebc-rev.js Show response
www.zdnet.com/a/fly/js/components/ 5 KB
2 KB 7ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/front-door-carousel-dcdcc78ebc-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 1651
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "b7d4a8f2cfb4a354ee8023e103659757"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H2 200 power-supply.png
www.zdnet.com/a/img/resize/0cf5f8da2af3f996d01edf20ebc2fa8aedf5d43f/2021/11/29/bab95eda-eab0-41d6-b692-d97ed32212dd/ 28 KB
28 KB 11ms
6ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/0cf5f8da2af3f996d01edf20ebc2fa8aedf5d43f/2021/11/29/bab95eda-eab0-41d6-b692-d97ed32212dd/power-supply.png?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

31363ce08d6a5d830fe68f7abcef889394cbbf97e61cad7e68226558584d6df6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=2521378 idim=1600x1069 ifmt=png ofsz=28312 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 28312
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "qZQEvGfTNvAprJHNk9Cry0hFvvpj6iimFiSg0m3CKpg"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 13:34:43 GMT

GET
H2 200 eftpos-digital-payments.png
www.zdnet.com/a/img/resize/bc905c0c39052cd98d1518ae7027ed51a9cb9e75/2020/07/23/efe90b89-2b6b-47e1-9f81-7e4faaf12094/ 27 KB
27 KB 14ms
9ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/bc905c0c39052cd98d1518ae7027ed51a9cb9e75/2020/07/23/efe90b89-2b6b-47e1-9f81-7e4faaf12094/eftpos-digital-payments.png?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

afab56eae30bfdc7b2c4d05121276ccb7d3758fda8f4c0cd133bba81dc73096a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=355019 idim=1196x700 ifmt=png ofsz=27928 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085402737084
fastly-stats: io=1
content-length: 27928
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "yDPPBrWU0KkaG72P3HdrZfGw6Id+pEpY3FQlO0kT2QM"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 05:40:31 GMT

GET
H2 200 how-panasonic-watches-hackers-to-help-bo-5dee24fb9184870001a151ea-1-dec-10-2019-12-54-11-poster.jpg
www.zdnet.com/a/img/resize/055c74055a953101ea5a09505de7f076d62d2d68/2019/12/10/6344a07b-82b6-4d2e-b344-acbb528c2d0c/ 4 KB
4 KB 12ms
7ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/055c74055a953101ea5a09505de7f076d62d2d68/2019/12/10/6344a07b-82b6-4d2e-b344-acbb528c2d0c/how-panasonic-watches-hackers-to-help-bo-5dee24fb9184870001a151ea-1-dec-10-2019-12-54-11-poster.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

4ace5c6fb0e4a05282c76103aced95a1673d9b57d6e7f736c51134c00b0c0b10

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
fastly-io-info: ifsz=63259 idim=960x540 ifmt=jpeg ofsz=4266 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1588638241267725
fastly-stats: io=1
content-length: 4266
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "V27uoSVaNDyVYPLlx3zVehcmStbCBNMmsQWAB5lBKag"
vary: Accept-Encoding, Accept
strict-transport-security: max-age=31536000
content-language: en
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/webp
expires: Mon, 29 Nov 2021 12:43:20 GMT

GET
H2 200 shutterstock-1095422036.jpg
www.zdnet.com/a/img/resize/0652ae519f1c8a47b0d7c8772496072c8ac586e6/2021/08/11/0edc5f03-6119-49b2-8f5f-d0bde9cdc02b/ 4 KB
5 KB 12ms
7ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/0652ae519f1c8a47b0d7c8772496072c8ac586e6/2021/08/11/0edc5f03-6119-49b2-8f5f-d0bde9cdc02b/shutterstock-1095422036.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

c3285404c6803ecd87582939552813e2db6e9ceb8a3fa4a38d860ed04fdb9640

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1905233 idim=5422x4004 ifmt=jpeg ofsz=4498 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 4498
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "El9rk704JAec/NURmPixvUFqBENY+DzcjeIQYTAd8I8"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 28 Nov 2021 22:31:58 GMT

GET
H2 200 women-developers-pay-euqality-coding-programmers-gender-pay-gap.jpg
www.zdnet.com/a/img/resize/fbae9e96a5993aff13b0a46ab64290b9129ac5a0/2021/09/15/9be6a646-a50d-4bb8-a55d-60ed5acfc871/ 6 KB
6 KB 13ms
9ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/fbae9e96a5993aff13b0a46ab64290b9129ac5a0/2021/09/15/9be6a646-a50d-4bb8-a55d-60ed5acfc871/women-developers-pay-euqality-coding-programmers-gender-pay-gap.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b74cbe5a75020259c59a539a6b13519270282a4ce0c140b3ecaf123142856797

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=66369 idim=900x600 ifmt=jpeg ofsz=6358 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 6358
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "GW0mwxCf7ZmWWFxDJ5PLaMunYLsrr7ZTjRiqlTTyCgU"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 06:52:42 GMT

GET
H2 200 gettyimages-1232298161.jpg
www.zdnet.com/a/img/resize/d1bce0461ed1e2da83e065939b1b875d733e79ed/2021/10/27/433dd231-c3be-42ad-a56a-48a97e7384d8/ 2 KB
3 KB 11ms
8ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/d1bce0461ed1e2da83e065939b1b875d733e79ed/2021/10/27/433dd231-c3be-42ad-a56a-48a97e7384d8/gettyimages-1232298161.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

02a6ec5d410ab5d622724b17959edbc7238bab81038f5ee21dd7d18083c742ed

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1745738 idim=4288x2848 ifmt=jpeg ofsz=2438 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2438
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "RV1iva6iHeuH38SAszH57Pv0w/TVnhZV/4rIQPTl/6U"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 28 Nov 2021 03:57:28 GMT

GET
H2 200 cybersecurity.jpg
www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/ 5 KB
5 KB 11ms
8ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/cybersecurity.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

af0cb5d1db950d9012fea87ca84c3d45515c6720c16668f9f1e0758526683d30

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=773296 idim=1600x1069 ifmt=jpeg ofsz=5266 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 5266
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "g/aRp7XkfZJ64Urm7jr+UqZmVL/+xTgrrZz6h5Mgdt4"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Fri, 26 Nov 2021 20:35:55 GMT

GET
H2 200 ecommerce-mobile-payments-online-shopping-generic-button.jpg
www.zdnet.com/a/img/resize/d24410d70b9a64e5321866420585b41371b3f65d/2021/11/02/1ef2e335-5093-4b9a-a788-c4ad85651f87/ 4 KB
4 KB 13ms
11ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/d24410d70b9a64e5321866420585b41371b3f65d/2021/11/02/1ef2e335-5093-4b9a-a788-c4ad85651f87/ecommerce-mobile-payments-online-shopping-generic-button.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

aa8705571f72656693e770b3e04c7fbf0ac0283985e42300bf88635c90914fa1

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=53307 idim=910x600 ifmt=jpeg ofsz=3780 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 3780
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "txAwY7zkqlWtKIUULZMumksGkGcncqhyXKr/h22Nv2I"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 21 Nov 2021 01:15:21 GMT

GET
H2 200 shutterstock-1714665730.jpg
www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/ 5 KB
5 KB 13ms
11ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/shutterstock-1714665730.jpg?width=170&height=128&fit=crop&auto=webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fda7e840870d183ad5e5f21d29b59d7b4fd743ba587f61673b44734e685bbe4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1282608 idim=6502x4335 ifmt=jpeg ofsz=4750 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 4750
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "l98SXh+Ctrpsxw+qkr68oTy/uAELt9II4PCHAlHKj9Y"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Fri, 26 Nov 2021 13:04:14 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
1 KB 173ms
172ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

74c4f8bce89141598001b3f2a784b82f8c0b6b37690673a6df8fd5ab4d0e608a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-03bb6f3f30efa0bb----1638271420072
traceparent: 00-fbc052be0a5be7c8cf000c7def296870-03bb6f3f30efa0bb-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiMDNiYjZmM2YzMGVmYTBiYiIsInRyIjoiZmJjMDUyYmUwYTViZTdjOGNmMDAwYzdkZWYyOTY4NzAiLCJ0aSI6MTYzODI3MTQyMDA3MiwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IAAZQVU4aABtEAVNUAwNeVAECUwEGDwgDURFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Tue, 30 Nov 2021 11:23:40 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 3a8325f2-8f4a-4530-a910-2c8133c41009
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:40 GMT

GET
H2 200 core-web-vitals-16efe3ae21-rev.js Show response
www.zdnet.com/a/fly/js/managers/ 545 B
624 B 8ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/managers/core-web-vitals-16efe3ae21-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 366
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "e729958cde8ae774fc8a24db8fdb8165"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H2 200 video-58056d34a8-rev.js Show response
www.zdnet.com/a/fly/js/translations/ 704 B
644 B 7ms
4ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/translations/video-58056d34a8-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 452
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3ba921934828591397c7d5545062d75e"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:21:07 GMT

GET
H2 200 video-player.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/ 933 KB
248 KB 10ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/video-player.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 253770
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5c5fa9a5d2e282f0d520cd290ff4328d"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 23 Nov 2021 18:18:56 GMT

GET
H2 200 waypoints.inview.js Show response
www.zdnet.com/a/fly/js/libs/jquery/ 3 KB
924 B 8ms
5ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/jquery/waypoints.inview.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 829
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "116a2817a3efd12df0e719fea1508077"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/1/ 49 B
720 B 183ms
136ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=1517&ck=1&ref=https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/&ap=190&be=512&fe=1475&dc=545&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1638271418570,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:23,%22c%22:23,%22s%22:29,%22ce%22:38,%22rq%22:38,%22rp%22:487,%22rpe%22:502,%22dl%22:490,%22di%22:545,%22ds%22:545,%22de%22:545,%22dc%22:1474,%22l%22:1474,%22le%22:1484%7D,%22navigation%22:%7B%7D%7D&fp=585&fcp=585&at=GkEWQAhCSx5HAxIDThwe&jsonp=NREUM.setToken
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6b63b477db8edff7-FRA

GET
H2 200 show-hide-1.0-51cea9ac43-rev.js Show response
www.zdnet.com/a/fly/js/components/ 2 KB
785 B 13ms
13ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/show-hide-1.0-51cea9ac43-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 671
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:44 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "57b7b7618c440536be6e688b1949fa92"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Dec 2021 06:05:42 GMT

GET
H2 200 power-supply.png
www.zdnet.com/a/img/resize/0cf5f8da2af3f996d01edf20ebc2fa8aedf5d43f/2021/11/29/bab95eda-eab0-41d6-b692-d97ed32212dd/ 28 KB
28 KB 7ms
7ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/0cf5f8da2af3f996d01edf20ebc2fa8aedf5d43f/2021/11/29/bab95eda-eab0-41d6-b692-d97ed32212dd/power-supply.png?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

31363ce08d6a5d830fe68f7abcef889394cbbf97e61cad7e68226558584d6df6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=2521378 idim=1600x1069 ifmt=png ofsz=28312 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 28312
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "qZQEvGfTNvAprJHNk9Cry0hFvvpj6iimFiSg0m3CKpg"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 13:34:43 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/0652ae519f1c8a47b0d7c8772496072c8ac586e6/2021/08/11/0edc5f03-6119-49b2-8f5f-d0bde9cdc02b/shutterstock-1095422036.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

c3285404c6803ecd87582939552813e2db6e9ceb8a3fa4a38d860ed04fdb9640

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1905233 idim=5422x4004 ifmt=jpeg ofsz=4498 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 4498
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "El9rk704JAec/NURmPixvUFqBENY+DzcjeIQYTAd8I8"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 28 Nov 2021 22:31:58 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

4ace5c6fb0e4a05282c76103aced95a1673d9b57d6e7f736c51134c00b0c0b10

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
fastly-io-info: ifsz=63259 idim=960x540 ifmt=jpeg ofsz=4266 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1588638241267725
fastly-stats: io=1
content-length: 4266
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "V27uoSVaNDyVYPLlx3zVehcmStbCBNMmsQWAB5lBKag"
vary: Accept-Encoding, Accept
strict-transport-security: max-age=31536000
content-language: en
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/webp
expires: Mon, 29 Nov 2021 12:43:20 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/d1bce0461ed1e2da83e065939b1b875d733e79ed/2021/10/27/433dd231-c3be-42ad-a56a-48a97e7384d8/gettyimages-1232298161.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

02a6ec5d410ab5d622724b17959edbc7238bab81038f5ee21dd7d18083c742ed

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1745738 idim=4288x2848 ifmt=jpeg ofsz=2438 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2438
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "RV1iva6iHeuH38SAszH57Pv0w/TVnhZV/4rIQPTl/6U"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 28 Nov 2021 03:57:28 GMT

GET
H2 200 cybersecurity.jpg
www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/ 5 KB
5 KB 9ms
9ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/cybersecurity.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

af0cb5d1db950d9012fea87ca84c3d45515c6720c16668f9f1e0758526683d30

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=773296 idim=1600x1069 ifmt=jpeg ofsz=5266 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 5266
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "g/aRp7XkfZJ64Urm7jr+UqZmVL/+xTgrrZz6h5Mgdt4"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Fri, 26 Nov 2021 20:35:55 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b74cbe5a75020259c59a539a6b13519270282a4ce0c140b3ecaf123142856797

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=66369 idim=900x600 ifmt=jpeg ofsz=6358 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 6358
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "GW0mwxCf7ZmWWFxDJ5PLaMunYLsrr7ZTjRiqlTTyCgU"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 06:52:42 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/bc905c0c39052cd98d1518ae7027ed51a9cb9e75/2020/07/23/efe90b89-2b6b-47e1-9f81-7e4faaf12094/eftpos-digital-payments.png?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

afab56eae30bfdc7b2c4d05121276ccb7d3758fda8f4c0cd133bba81dc73096a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=355019 idim=1196x700 ifmt=png ofsz=27928 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085402737084
fastly-stats: io=1
content-length: 27928
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "yDPPBrWU0KkaG72P3HdrZfGw6Id+pEpY3FQlO0kT2QM"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 05:40:31 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/shutterstock-1714665730.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fda7e840870d183ad5e5f21d29b59d7b4fd743ba587f61673b44734e685bbe4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=1282608 idim=6502x4335 ifmt=jpeg ofsz=4750 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 4750
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "l98SXh+Ctrpsxw+qkr68oTy/uAELt9II4PCHAlHKj9Y"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Fri, 26 Nov 2021 13:04:14 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

aa8705571f72656693e770b3e04c7fbf0ac0283985e42300bf88635c90914fa1

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=53307 idim=910x600 ifmt=jpeg ofsz=3780 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 3780
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "txAwY7zkqlWtKIUULZMumksGkGcncqhyXKr/h22Nv2I"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 21 Nov 2021 01:15:21 GMT

GET
H2 200 cohesion-latest.min.js Show response
cdn.cohesionapps.com/cohesion/ 77 KB
21 KB 38ms
10ms Script
text/javascript 13.224.193.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-91.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 15fc6da0c56525b38a69504e4d5e73d1126290aff814150c4468d303a73bc727

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: W/"237f1a86ca36f84a0eb06096a5a162f7"
last-modified: Thu, 18 Nov 2021 13:26:43 GMT
server: AmazonS3
age: 79008
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
date: Mon, 29 Nov 2021 13:26:52 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 5IoXXvWrGB2RbKxlK6XU2yI4BFCAUdelrkButSKyUkQ6oJa98Abo2A==

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 284ms
90ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 283ms
91ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 281ms
92ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 279ms
91ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 279ms
92ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 102ms
100ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: 835f345e31f8ed8bf25ecd6f63cfc3d15f65ad0e95abbcab64ba4031770a5bf0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 137 B
270 B 110ms
108ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: 021ccb0573dd01c5c3b9453f99f57f8bc9ec687526dbf7147dac0b7a919074a6

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 137
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 137 B
270 B 109ms
108ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: 05be29c8885c8595c7e2c73dbd660fe5d06a9ac7b46284d2729562b87dcc2832

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 137
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 105ms
103ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: adf9537ba6d976aaa119c62ef965d54d493546f284ebc2e68b162643509738f4

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 126ms
125ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: e315f971842f6e749df997cb7bfa4cf217259740e86ea5b2ef7ed5a93e54938a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

GET
H2 200 xs1.html Show response
cdn.cohesionapps.com/cohesion/ Frame 1D1E 2 KB
1 KB 7ms
7ms Document
text/html 13.224.193.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-91.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

content-type: text/html
last-modified: Thu, 18 Nov 2021 13:26:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: gzip
date: Mon, 29 Nov 2021 12:25:00 GMT
etag: W/"10b2c1751c2247b1aeccc91060f971cf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Ul78VFm9XSzdfq4-4NkIYxZdgBIDnEFBbuK-oKFsx4g82VC_42GYkA==
age: 82721

OPTIONS
H2 204 public
taggy.cohesionapps.com/implementations/ Frame 0
0 317ms
103ms Preflight 18.211.163.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://taggy.cohesionapps.com/implementations/public
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.163.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-163-90.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,page-url,source-key
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,page-url,source-key

GET
H2 200 public Show response
taggy.cohesionapps.com/implementations/ 8 KB
8 KB 104ms
104ms XHR
application/json 18.211.163.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://taggy.cohesionapps.com/implementations/public
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.163.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-163-90.compute-1.amazonaws.com
Software: / Express
Resource Hash: 1057d5fd733028374c07f587279e61230771eddfd056ce12fb75492fd1224ffd

Request headers

Source-Key: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Page-URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
x-powered-by: Express
etag: W/"202f-WDoQOp1rO0z7TI9x4+12ERK4udk"
content-length: 8239
content-type: application/json; charset=utf-8

GET
H2 200 xs2.html Show response
cdn.cohesionapps.com/cohesion/ Frame 1D1E 473 B
836 B 7ms
7ms Document
text/html 13.224.193.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs2.html
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-91.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cohesionapps.com/cohesion/xs1.html

Response headers

content-type: text/html
content-length: 473
date: Mon, 29 Nov 2021 19:55:10 GMT
last-modified: Thu, 18 Nov 2021 13:26:43 GMT
etag: "ffa03bed298484a7755ca23c5431cb28"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: C1_55jVEJHYMk23DWGBiPDHMx_pSM-4xxx3HvLD0IoqZQkGAFvU7Rg==
age: 55711

POST
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/events/1/ 24 B
501 B 138ms
138ms XHR
image/gif 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=1878&ck=1&ref=https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

Date: Tue, 30 Nov 2021 11:23:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6b63b479de09dff7-FRA
Content-Length: 24

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 69 KB
23 KB 27ms
9ms Script
application/x-javascript 2600:9000:20eb:0:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:0:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e916d6f3c9c316368f99463951a426d09d4ddd223e961652728b519efb11e772

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 10:39:34 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:28:27 GMT
server: nginx
age: 2646
etag: W/"6179eeab-11377"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Spu4sdD6pdIHp4y1-DXXjmfZ0vo_62kRnSrx4X77VL5HbviTfRMmqQ==
expires: Tue, 30 Nov 2021 12:39:34 GMT

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 231ms
92ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 137 B
270 B 113ms
113ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: 1a1bde2f042d4fe913f2a8d330f9ea45cc9921f41c20f6be9da0390ba286cedc

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 137
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 137 B
270 B 112ms
110ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: 2fe01363f669323289ff236c4c4656ff42abc4e227af87df44f23a0a63205ee6

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:40 GMT
access-control-allow-credentials: true
content-length: 137
vary: Origin
content-type: application/json

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 228ms
91ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 204 aad6e88a-21ea-4a4a-a557-410a874c392e
monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/ Frame 0
0 289ms
93ms Preflight 54.174.20.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/aad6e88a-21ea-4a4a-a557-410a874c392e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.174.20.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-174-20-197.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: segment-external-id,token
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: segment-external-id,token

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 27ms
9ms Script
application/javascript 13.224.198.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.198.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-198-4.fra2.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: KuXuY5mbG6yln5YsEdf9JaPJtFF6aIqm
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 258
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 05RN0ES1GMWQXF86F4KK
date: Tue, 30 Nov 2021 11:19:23 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: vtIUpXskkoMfbriqcOvOy2cfHAEw92cnjz1ISc3EUgYvfZ-q7u_gpw==

POST
H2 200 aad6e88a-21ea-4a4a-a557-410a874c392e Show response
monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/ 2 B
493 B 418ms
417ms Fetch
application/json 54.174.20.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/aad6e88a-21ea-4a4a-a557-410a874c392e

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.174.20.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-174-20-197.compute-1.amazonaws.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Segment-External-Id: cross_site_id:acc39f73-5d17-4db4-86bc-f51f9d5de766
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Token: 6e4d8710-04aa-4aba-8ea0-6436ce2e14c6
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
surrogate-control: no-store
x-dns-prefetch-control: off
content-length: 2
x-xss-protection: 1; mode=block
x-request-id: 8029ea4a-ef3b-487a-a580-8449ba6d79d2
x-response-time: 325.178ms
pragma: no-cache
x-frame-options: SAMEORIGIN
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options: noopen
strict-transport-security: max-age=15552000; includeSubDomains
content-type: application/json; charset=utf-8
monarch-request-id: 8029ea4a-ef3b-487a-a580-8449ba6d79d2
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
expires: 0

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 105ms
87ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_728x90_12&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 607996084c9ed5a392c8698d7ce471543b1f3998b76a24008b92f9f235d040f9

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 108ms
90ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x250_1&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 9ec297918e25a44610bf26094fa560ee645601a5405a68d3fce9dfccdf4a4a30

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 239ms
222ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x600&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 9984a7c2ae43af08d423e495e996e34fc484185d32bc7e747a96602ad14c0663

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 109ms
92ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x250_2&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 3252ce2a5ff29409a884dfe5fd649b64d2474f3b5eac5cc81b934aa386f38687

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 103ms
86ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x250_4&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: be8701036d7159343711bae6c11c029a054f89d373ea6325ccd823b9f60f2281

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 74ms
58ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_728x90_6&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 17136e0801a8b2d72b02c8899704a46faf5ee0a3c053ea0368dcd1b83e21cc29

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 128ms
112ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_970x250_5&cmd=bid&secure=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: ff6f892242e9fbff365ab31f947515610c8eef8f1798e5eaad6d1c05b4017000

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 35 B
328 B 121ms
100ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=684545&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22998827d839a2b%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5C%5Cu0026taid%3D61a5f627a5e4bc0001bdef58%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%225.5.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2210c1139e57fc05%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22684545%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A5%2C%22h%22%3A5%2C%22ext%22%3A%7B%22siteID%22%3A%22684545%22%2C%22sid%22%3A%225x5%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2211302260d3675ff%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684533%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22684534%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22136b04c6343afa3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684537%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22147aed24a1a429e%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684539%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22156b8bf8f4c4251%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22684540%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684541%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%7D%5D%7D
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5daf8cde692285b66fcc6aa80f3eab58bf7732bbd3d59c6614031fdeea3b0089

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:40 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[91.199.118.74], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 35
x-ak-client-geo: 12
expires: Tue, 30 Nov 2021 11:23:40 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 803 B
1 KB 86ms
52ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

26527d8492d0e7dc6b4f96f469198fbbfdda8cbcab6053004d6c70a2e01c37b6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 30 Nov 2021 11:23:40 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 91.199.118.74; 91.199.118.74; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0ce2bb32-6b80-43a7-bb16-cfeb04c70094
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
cnet-d.openx.net/w/1.0/ 73 B
379 B 49ms
19ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cnet-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=18e4e554-03c6-4ed0-b7c0-dc82c3085ca8%2Cd43ba7da-045c-47ca-be61-53f3cab86f4f%2Cd43ba7da-045c-47ca-be61-53f3cab86f4f%2C0f5b1612-8dee-47ce-af46-3a9a943b0554%2C21d87e4c-96ac-4be9-b010-67cfdd8e1ec1%2C2be39bd3-5bdf-48dc-9db8-803059d56447%2C2be39bd3-5bdf-48dc-9db8-803059d56447&nocache=1638271420583&aus=728x90%2C5x5%7C300x250%2C300x600%7C300x250%2C300x600%7C300x250%7C300x250%7C728x90%2C970x250%7C728x90%2C970x250&divids=nav-ad-plus-leader%2Cmpu-plus-top%2Cmpu-plus-top%2Cmpu-middle%2Cmpu-bottom%2Cleader-plus-bottom%2Cleader-plus-bottom&aucs=%2C%2C%2C%2C%2C%2C&auid=544099121%2C544099082%2C544099085%2C544099094%2C544099102%2C544099105%2C544099108
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 85a7c4bb0010ed89e7f303f73f8efc51dbb2a00d791763eafdbecfe6e1b8097f

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.zdnet.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 366 B
829 B 104ms
52ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22%2F22309610186%2Faw-zdnet%2Fnav-ad-plus-leader%7C347b13749d802bb%22%3A%22728x90%2C5x5%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fmpu-plus-top1%7C3570f4986761d27%22%3A%22300x250%2C300x600%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fmpu-middle1%7C36d3b003b0afd54%22%3A%22300x250%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fmpu-bottom1%7C375d3c19fcf1a77%22%3A%22300x250%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fleader-plus-bottom1%7C38b43b60756e7ad%22%3A%22728x90%2C970x250%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%7D&ref=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&s=3a8b6f71-af5f-40b7-9f39-fc7dae3a4bb8&pv=9ceb27a4-1821-4576-917f-9b42c5051e89&vp=desktop&lib_name=prebid&lib_v=5.5.0&us=5&ius=0&coppa=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

4d2e00affd59a7e7f31a350f613c8c886479ce60741712081a4fef93974849cc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 219
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 131ms
105ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.zdnet.com
date: Tue, 30 Nov 2021 11:23:40 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 122ms
65ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2099592&size_id=2&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&tk_flint=pbjs_lite_v5.5.0&x_source.tid=18e4e554-03c6-4ed0-b7c0-dc82c3085ca8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5373099650807587
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: cbdb54ec82e25c9b4da972a6e9809eee35faec542bb1de8db84bc2aa3878da2c

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
1 KB 153ms
96ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094900&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&tk_flint=pbjs_lite_v5.5.0&x_source.tid=d43ba7da-045c-47ca-be61-53f3cab86f4f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5215068091920705
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: b09a53620230e3a13b21aae60de7af155f588c0bedd68446f8d5854836e297c0

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 149ms
92ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094904&size_id=15&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&tk_flint=pbjs_lite_v5.5.0&x_source.tid=0f5b1612-8dee-47ce-af46-3a9a943b0554&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5440930758012719
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 70969985a45b44e91a7182f7a8ad52e7e3f2756fc45a5d678ce37e07c23e34dd

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 159ms
102ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094910&size_id=15&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&tk_flint=pbjs_lite_v5.5.0&x_source.tid=21d87e4c-96ac-4be9-b010-67cfdd8e1ec1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.02552211668863591
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 2bbb97d35d144a929d7d61765b4d29316c9cca29ef5578e4887240f4434711a0

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 260 B
1 KB 152ms
95ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094912&size_id=2&alt_size_ids=57&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&tk_flint=pbjs_lite_v5.5.0&x_source.tid=2be39bd3-5bdf-48dc-9db8-803059d56447&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.38386737532771154
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 6bb28713542b8341beca24014383cf539e8d29fc4006ae717073cb09af8654c4

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:40 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 260
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK hb Show response
sofia.trustx.org/ 2 B
307 B 1002ms
387ms XHR
application/json 35.211.168.6
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://sofia.trustx.org/hb?pt=net&auids=95444%2C78199%2C78192%2C78194%2C78190%2C78200%2C78202&sizes=728x90%2C5x5%2C300x250%2C300x600%2C970x250&r=534a8d1b963fbae&wrapperType=Prebid_js&wrapperVersion=5.5.0&u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&wtimeout=1000
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.211.168.6 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 6.168.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 30 Nov 2021 11:23:41 GMT
Server: nginx
Content-Type: application/json; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 2

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/redventures/zdnetglobalsite/prod/ 149 KB
41 KB 53ms
13ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/redventures/zdnetglobalsite/prod/utag.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1a8be5118caeda79b772973aca427a54f00983fdc7b3a14ce7bdc7edf60f975b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
content-encoding: gzip
last-modified: Mon, 08 Nov 2021 18:31:49 GMT
server: AkamaiNetStorage
etag: "5a70179d36f2a5ad95f774beafa8615f:1636396309.338354"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:28:40 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 278ms
90ms Image
image/gif 52.6.232.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=zdnet.com&p=%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F&u=BuGw3JDsyh7wCBtxjB&d=zdnet.com&g=66142&g0=security&g1=danny%20palmer&n=1&f=00001&c=0&x=0&m=0&y=4339&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1474&t=DkycfjZ2ZAGCcfgZ_DZxNYUCzhDJl&V=129&i=Over%20300%2C000%20Android%20users%20have%20downloaded%20these%20banking%20trojan%20malware%20apps%2C%20say%20security%20researche&tz=0&_acct=anon&sn=1&sv=6cL7NBr66qVBZ7uJZyPPq0DmUFDN&sd=1&im=067b2ef3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.6.232.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-232-190.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:40 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 951 B
1 KB 103ms
103ms XHR
application/json 13.224.198.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=5062&u=https%3A%2F%2Fwww.zdnet.com
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.198.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-198-4.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 2ac1abeb793e330db301dfbe8809ec90f32ebfed2e6c34896e6c26a6318be981

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 951
x-amz-cf-id: yMYdbZ1zbdCbapYYA_uHIs9d22slAGSg7RJM8BywG-27Vj9xbK04cA==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
489 B 50ms
49ms XHR
text/javascript 13.224.198.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=5062&u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pid=lUogevd2Pfh8L&cb=0&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22nav-ad-plus-leader%22%2C%22s%22%3A%5B%22728x90%22%2C%225x5%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fnav-ad-plus-leader%22%7D%2C%7B%22sd%22%3A%22mpu-plus-top%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fmpu-plus-top%22%7D%2C%7B%22sd%22%3A%22mpu-middle%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fmpu-middle%22%7D%2C%7B%22sd%22%3A%22mpu-bottom%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fmpu-bottom%22%7D%2C%7B%22sd%22%3A%22leader-plus-bottom%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fleader-plus-bottom%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.198.4 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-198-4.fra2.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: 1MX9FD5KZZ9NF3V3K32M
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: yofdTsoNbdwlw7l4HnIwAZO0sF1QrCX-HWEobm4e6gSrtn2F5ilrQQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 24ms
7ms XHR
application/javascript 13.224.198.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.198.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-198-4.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 32565
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Tue, 09 Nov 2021 22:55:20 GMT
server: AmazonS3
date: Tue, 30 Nov 2021 02:49:49 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: rgQLx7YNhyTrf_Y8gSs6jCQOmZJZ052_c30VBjkIIpbdN0ZvNc5YvQ==

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 9ms
9ms Script
application/x-javascript 104.75.88.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=redventures/zdnetglobalsite/202111081831&cb=1638271420687
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.75.88.194 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:40 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 30 Nov 2021 11:33:40 GMT

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 185 KB
61 KB 36ms
9ms Script
application/x-javascript 13.224.193.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cceefd476057bb3f36703d027ec405887d25d05311d491b9a203d4c60a2d75fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: TIXEr4j9ZaZJgKeoVZ8ehYwv1bF6gSxj
content-encoding: gzip
etag: W/"a8f24de78b4dc3ecbbff83b08aa9e411"
age: 16955
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:73702bf1-4472-485c-9bda-886a8f21cacd
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 6bc77264d69b4716594d8b5229cafdb9
last-modified: Wed, 17 Nov 2021 08:31:53 GMT
server: AmazonS3
date: Tue, 30 Nov 2021 06:41:06 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 67c429bc2e760b9ca91a98648469be411bfcccf8bfb6ea245b28e6585b1861aa
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=86400
x-amz-cf-pop: FRA2-C1
content-type: application/x-javascript
x-amz-cf-id: p8uJJx_vhYaB_sfjFoMkTbOzNGiuQ7_sIlOLAMeGkJSMO_YmSspdQA==

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 153 KB
31 KB 10ms
10ms Script
text/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 720219db365c2769d66e4d0a970470534fea9ba1eda692673c6d11891f289420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:40 GMT
Content-Encoding: gzip
Age: 2674
X-Cache: HIT
Connection: keep-alive
Content-Length: 30681
x-amz-id-2: rK+WapPPyA4cs54AqHRra+Q49E/ksQKJaNYAPpZ0KMtMgIU5wSyKjy9FeaEqqsGZud4fZWAxN/c=
X-Served-By: cache-hhn4079-HHN
Last-Modified: Tue, 30 Nov 2021 10:28:31 GMT
Server: AmazonS3
X-Timer: S1638271421.743042,VS0,VE0
ETag: "acbcfd8ef431be643eaa1a5b6eba4610"
x-amz-request-id: 0E9GMM2GRN9ZP492
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 123

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/ 189 KB
60 KB 7ms
6ms Script
application/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:40 GMT
Content-Encoding: gzip
Age: 667
X-Cache: HIT
Connection: keep-alive
Content-Length: 61293
x-amz-id-2: +rWc6eufU5jOidbpbNf5nmNWOido4rIxQv3uw12a/d3yxJRo1iZ3OEwmGrZLUFynrCrg65zOrg4=
X-Served-By: cache-hhn4079-HHN
Last-Modified: Wed, 17 Nov 2021 21:29:49 GMT
Server: AmazonS3
X-Timer: S1638271421.762267,VS0,VE0
ETag: "cb7589d017ac65aecf6dc6f5ec17c4b7"
x-amz-request-id: 06PEXESX9KBETWN5
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1089

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
594 B 34ms
8ms Fetch
application/json 13.225.77.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.77.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-77-75.fra2.r.cloudfront.net
Software: /
Resource Hash: e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 14:32:52 GMT
via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront), 1.1 e56e6732f380db727425bac2d6158761.cloudfront.net (CloudFront)
age: 75048
x-amzn-requestid: 0035ad88-6a15-4886-b681-75468265c26a
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-61a4e494-4163f1341b701de36367a844;Sampled=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA2-C1, FRA2-C2
x-amz-apigw-id: JkinRHAVDoEFh-Q=
content-length: 30
x-amz-cf-id: MMee7jJKZQ3ZGACakP2Fl73QBBuPlKbha4_CRkHbvRxP4lInCiv6qw==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 urban-airship-fc69ebbe99-rev.js Show response
www.zdnet.com/a/fly/js/components/ 2 KB
1 KB 7ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/urban-airship-fc69ebbe99-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

55b5da8c291fbf2194b2cf892c31e4d13a278a1c652f27b3222c0382cd41dd44

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 1207
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "93db6eb6bbc882adcd8d7cd7634da6ee"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:21:04 GMT

GET
H2 200 ua-sdk.min.js Show response
web-sdk.urbanairship.com/notify/v1/ 203 KB
36 KB 30ms
8ms Script
application/javascript 35.227.208.151
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://web-sdk.urbanairship.com/notify/v1/ua-sdk.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.208.151 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 151.208.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e5ab11b9756b1d55d9319049c61aeefffdbc7c9b96dfcb1e32ecb574b8750c7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:21:44 GMT
content-encoding: gzip
age: 117
x-guploader-uploadid: ADPycdszt1BukmexINaPsOI83RDoZAyl1isAEkad9yjH8ZQ2a5-dHGY5I64W7B9dj05TPcheo6w-wFbsBCzjJtTwx7Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 36677
last-modified: Wed, 17 Nov 2021 23:19:50 GMT
server: UploadServer
etag: "5739d69ebb4010007989b4ccbbab6bf2"
x-goog-hash: crc32c=QL5hlQ==, md5=VznWnrtAEAB5ibTMu6tr8g==
x-goog-generation: 1637191190146808
cache-control: public,max-age=300,no-transform
x-goog-stored-content-length: 36677
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 30 Nov 2021 11:26:44 GMT

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@2.1.2/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.iife.js

4 KB
2 KB

34ms
34ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.iife.js

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c60d2056c4b51601d6d6a1ddc4afe9fd561c415c0bf1e5e730a9a0fac78fb9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4278990
fly-request-id: 01FHRRKP43W0ER3DT1Y8RQBS2Q
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"112d-YY/3e/MWV7ik0HGTYz3nnz0WKp8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6b63b47e1c055c0e-FRA

Redirect headers

date: Tue, 30 Nov 2021 11:23:41 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01FNR8TNXY7AKQH8018DG952NC
server: cloudflare
age: 570
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /web-vitals@2.1.2/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b63b47ddb685c0e-FRA
access-control-allow-origin: *

GET
H2 200 comscore.streaming.6.1.1.171219.min.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/comscore/ 104 KB
18 KB 8ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/comscore/comscore.streaming.6.1.1.171219.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0d2078bf12beaaf3694eb02a46c6de631d4a5e4ba52b25d3d9a64c7c52626fad

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 18724
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "f4dcc437e891f84ae7d594f94bc63ded"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 25 Nov 2021 06:09:31 GMT

GET
H2 200 ima3.js Show response
s0.2mdn.net/instream/html5/ 368 KB
123 KB 70ms
19ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/html5/ima3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ccb64cb52eff9e8c10713a938a73ec2461b8b1e71acef86c52cd7242c3b0090

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125138
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 feature-disabled-dbcc4f5d9e-rev.js Show response
www.zdnet.com/a/fly/js/ 0
145 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/feature-disabled-dbcc4f5d9e-rev.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 32
x-xss-protection: 1; mode=block
last-modified: Wed, 24 Nov 2021 18:22:44 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "d8f264947e184dcddd82704f8638892e"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Dec 2021 10:00:20 GMT

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 104ms
104ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: f95d455b93ebe09067d7827f12d89599f6e113f9dcd3492b75d91f6a0f8b8a9e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 91ms
91ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 91ms
90ms Preflight 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 VideoHeartbeat-2.0.2.min.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/ 143 KB
28 KB 8ms
8ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

acc16a7acfdc37b4e11c49adba781c8f4192368865c64e4ab37483780952c91e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 28851
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2b585e259cd9455920d0df03c9bd3119"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 29 Nov 2021 00:18:55 GMT

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 99ms
99ms XHR
application/json 184.72.183.173
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.72.183.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-72-183-173.compute-1.amazonaws.com
Software: /
Resource Hash: 61d80a1c3ff7b6f8e6132ffea0bd57d91e6dba5f8da58141602d76556a70e5d5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 88ms
88ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1638271421217&s=2bce4b9db0cb8ecf792114597fa138d8dca27919e54ceb37e55cd7f5bf62d81d
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 748cf347e26c3b815ad969b5f600a2f243aadd723cc709b9eee878bb2697f48b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 30 Nov 2021 11:23:41 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 875

GET
H2 200 AppMeasurement-2.3.0.min.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/ 77 KB
27 KB 7ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/AppMeasurement-2.3.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

bcc0ac1b386e00fb3f5e5ec0f60682b3023399eff0f7405cb1601042a4d1bf2b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 27235
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "87d53823ac6fb4252ae6e24f8f2bbda9"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 25 Nov 2021 06:02:50 GMT

GET
H2 200 ggcmb510.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 12 KB
5 KB 44ms
7ms Script
application/javascript 2600:9000:21f3:7e00:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:7e00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: 2J3RA2RMi5eYAj7nmdbu3te_gb7jIgN9
content-encoding: gzip
etag: W/"afa0d379b1e6e0a61fad577d0043ff26"
last-modified: Mon, 15 Nov 2021 15:07:58 GMT
server: AmazonS3
age: 3186
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
cache-control: max-age=86400
date: Tue, 30 Nov 2021 11:05:55 GMT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: HhlitDu5PPE9-xjeRJ-ARFqhgY5G5ycY2isqYlzFmLYcyfAUIajULw==

GET
H2 200 mux.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/ 82 KB
25 KB 7ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/mux.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

36907f27970c8f2e5df0c6c5443a9283a8b49e7cdbef3c878a5a1e5b536b2065

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 25338
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "15f433dc84bc8786b796c045eccafd9f"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 23 Nov 2021 18:18:58 GMT

GET
H2 206 uvp_blank.mp4
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/video/ 11 KB
11 KB 14ms
14ms Media
video/mp4 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/video/uvp_blank.mp4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6227f18e898e5b7c708fc1eb1763bd1b2186bdecd6f8b81f4bc1bf84f4d7d4e6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
Content-Range: bytes 0-11246/11247
Content-Length: 11247
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "707bb2a4c9141aba1068d851f5be0409"
strict-transport-security: max-age=31536000
content-type: video/mp4
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 25 Nov 2021 05:36:16 GMT

GET
H2 200 default.css
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/css/ 75 KB
10 KB 6ms
6ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/css/default.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d84407005f8be6253de84d06aba3b98adf802ac9dc7e75169423298a4c772f26

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 9960
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "53f9ec8cbf72a4cf89092f94ae8b8d25"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 23 Nov 2021 18:19:34 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 38ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
18ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 58ms
57ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1438064017867750&correlator=3629090670768140&output=ldjh&impl=fifs&eid=31063798%2C21068031%2C31062931&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x66%7C5x5&prev_scp=pos%3Dnav%26sl%3Dnav-ad-plus-leader%253FT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dnav-ad-plus-leader%257Cvguid%253Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%252Cgs_tech_computing%252Cgs_tech_phones%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%252Candroid%252Cbanking%252Cphones%252Cmonitors%252Cscanners%252Ccybersecurity%252Cfitness%252Cgoogle%252Cblockchain%26mfr%3Dgoogle%26tag%3Dmalware%252Ccyber-security%252Cbanking%252Cgoogle%252Ctarget%252Cfitness%252Ccryptocurrency%26prodtype%3Dandroid%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dd%26pv%3D1%26ftag%3DCOS-05-10aaa0g%255Cu0026taid%253D61a5f627a5e4bc0001bdef58%26vguid%3Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638271418&dt=1638271421601&dlt=1638271419060&idt=407&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=50&adks=3846852823&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x100&msz=1600x100&ga_vid=663447686.1638271422&ga_sid=1638271422&ga_hid=1371110467&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

647103c43e880ecf7d07f82a23bf89e3ee92f3ecf779304330f6468661bff9a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9959
x-xss-protection: 0
google-lineitem-id: 5688542871
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349605378
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 50ms
20ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6bae11a90900c1fbbd7ca08765a4b488c26712e10aedcfb95a4508d09eb0090

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9160
x-xss-protection: 0

GET
H2 200 container.html Show response
e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2B52 6 KB
4 KB 51ms
14ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 30 Nov 2021 11:23:41 GMT
expires: Wed, 30 Nov 2022 11:23:41 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 57ms
56ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1438064017867750&correlator=3805254641743084&output=ldjh&impl=fifs&eid=31063798%2C21068031%2C31062931&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dtop%26sl%3Dmpu-plus-top%253FLL%257CT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dmpu-plus-top%257Cvguid%253Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%252Cgs_tech_computing%252Cgs_tech_phones%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%252Candroid%252Cbanking%252Cphones%252Cmonitors%252Cscanners%252Ccybersecurity%252Cfitness%252Cgoogle%252Cblockchain%26mfr%3Dgoogle%26tag%3Dmalware%252Ccyber-security%252Cbanking%252Cgoogle%252Ctarget%252Cfitness%252Ccryptocurrency%26prodtype%3Dandroid%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dd%26pv%3D1%26ftag%3DCOS-05-10aaa0g%255Cu0026taid%253D61a5f627a5e4bc0001bdef58%26vguid%3Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638271418&dt=1638271421626&dlt=1638271419060&idt=407&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=507&adks=36326968&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x280&msz=370x30&ga_vid=663447686.1638271422&ga_sid=1638271422&ga_hid=1371110467&ga_fc=false&fws=4&ohw=370&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

f2907924519c6bf045fdfbfc4c70cb19d10d26d96af9c10f1edd7c60e4e05b8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9373
x-xss-protection: 0
google-lineitem-id: 5688542871
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349983451
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 61ms
59ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1438064017867750&correlator=812786902589231&output=ldjh&impl=fifs&eid=31063798%2C21068031%2C31062931&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dmiddle%26sl%3Dmpu-middle%253FLL%257CT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dmpu-middle%257Cvguid%253Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%252Cgs_tech_computing%252Cgs_tech_phones%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%252Candroid%252Cbanking%252Cphones%252Cmonitors%252Cscanners%252Ccybersecurity%252Cfitness%252Cgoogle%252Cblockchain%26mfr%3Dgoogle%26tag%3Dmalware%252Ccyber-security%252Cbanking%252Cgoogle%252Ctarget%252Cfitness%252Ccryptocurrency%26prodtype%3Dandroid%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dd%26pv%3D1%26ftag%3DCOS-05-10aaa0g%255Cu0026taid%253D61a5f627a5e4bc0001bdef58%26vguid%3Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638271418&dt=1638271421628&dlt=1638271419060&idt=407&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=1213&adks=2638305364&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x30&msz=370x30&ga_vid=663447686.1638271422&ga_sid=1638271422&ga_hid=1371110467&ga_fc=false&fws=4&ohw=370&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

24ee4313325ee48b288771e37268bfeceff0747011a38c34b8756420b02f9f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9421
x-xss-protection: 0
google-lineitem-id: 5688542871
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349983448
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 69ms
67ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1438064017867750&correlator=2678992524461278&output=ldjh&impl=fifs&eid=31063798%2C21068031%2C31062931&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dbottom%26sl%3Dmpu-bottom%253FLL%257CT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dmpu-bottom%257Cvguid%253Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgv_crime%252Cmoat_unsafe%252Cgs_tech_computing%252Cgs_tech_phones%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%252Candroid%252Cbanking%252Cphones%252Cmonitors%252Cscanners%252Ccybersecurity%252Cfitness%252Cgoogle%252Cblockchain%26mfr%3Dgoogle%26tag%3Dmalware%252Ccyber-security%252Cbanking%252Cgoogle%252Ctarget%252Cfitness%252Ccryptocurrency%26prodtype%3Dandroid%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Dd%26pv%3D1%26ftag%3DCOS-05-10aaa0g%255Cu0026taid%253D61a5f627a5e4bc0001bdef58%26vguid%3Df7e17ce2-36bc-409b-bfaf-8fcbca056ace%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638271418&dt=1638271421630&dlt=1638271419060&idt=407&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=1533&adks=3625754864&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x250&msz=370x30&ga_vid=663447686.1638271422&ga_sid=1638271422&ga_hid=1371110467&ga_fc=false&fws=4&ohw=370&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ab0b2582f61322a666f811a1dacbec5d56ae2af8d29f312dae6439e262ac0e4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9391
x-xss-protection: 0
google-lineitem-id: 5688542871
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349983454
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 48ms
26ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1C09 0
0 41ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss-ou1-bpLzDODHXDL_5-bhicnWIwSsxFeMnlETA9WGv2buCyXmk1r_sg5vSdTBDFmvQ_gk6B8VtC27DzATo-rvRB0AEeo7Jb5l4IcCW8_Hdj0EFSR2eycZ2uY7egPf9ciwmQ51ZU6uJsPAzyCDRAzy5ntWgORff07d9hW3dXErKSxcPHmtu-s9F7Iaau6k7Fr1woyv85xsE7yXIUBHuCjULO6Day0mmosZYD_FxZYYp1ja--JIfv-eXbch-CFKq8oybcjpPWOYfj_xJlHHb7OltdB2zpHHJ0QNOWrgduAfD8wrNpxfhCSHnQsYOsuVCE7-&sai=AMfl-YTZD4OpnoEflcxUI417ixu87jJA-qk8OXBxkH5LazS9hQcWyeUlp0YNOyKzkLGj7tSzrqHhJms6SyKC27n15tV77H_bkFESUblgw1Mr3E5dJiAoLeXj42h1QsUyk4k&sig=Cg0ArKJSzMnOszsAxGbSEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1C09 119 KB
36 KB 83ms
54ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame 1C09 335 KB
112 KB 8ms
7ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47536
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FE99 0
0 42ms
42ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvb2ygEvu0EeZ_X1fhdxOJEw2GQfCgZ6YIOcTwGWZZMBGgjIzJ1qAGVuK_Dgaow1S9DJ-36bzaAZEfafcj73ApcrfXa9od98HO2tEratiJHZ8HkMwawBSjgtNJPRF8qOBlKDOtIHfdw0dnKMM9rbWMPFhmSSPoosmkoksblYY3XlZSo_XGNCTVfhUAQniZS8eVGXLY1zxFE1LAk_aiqeAVJnQWQbspvAGoeSJpQ8Iaw37Kj2RIZLXMce3xOng9hpIgeRdtZocqNEBePam0ORrSs6Aodn9kslhdaqdv-P02-UF6adqjaN-8cx2ap1YLV&sai=AMfl-YQ4J2LAW-gUCkAIEw7QNlLq_O3ehXpVv6CjCZfxlJu3egw8y2SQM1HE5JuCnSYQK62udoRjEOpBY0-3FQkIXFUJiTr0IHujVRq6nkH2CJlVarcEc3aij9mgQeqFyhM&sig=Cg0ArKJSzKjO5J3X8A0wEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame FE99 77 KB
26 KB 16ms
16ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1059 / 831 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26861
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE99 119 KB
36 KB 66ms
60ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame FE99 335 KB
112 KB 7ms
7ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47536
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E202 0
0 43ms
42ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthxKWpaTk5uhQYQI_ahoQDobNgfr_QGydoEIifbtSIeTRjSe8oXMRkebhawHqMjcgjXWq2ZG5EQUQ0PLCn4pExykmML2oLkBGlzH0U-L2AjHmvdSZANk8KrfsVhYk9eVhd6IcP9H9bB-VE4GcjEg8Y_Ut97dSjF7lfbQPT0AXsKpfoikG0MiM2ySb1NpvlyB1cu1Jzuk3UUdU3XRa2S8ocXPOf9Hhdl1BXDjZouRsIRwjqSIgmELC1LcKkbztIAbgxUfWfGakZjQ4Lq5UkEwRURVyHz90ed09DLVUN9VoLv1Z0wijupgO4SLPpN_-w&sai=AMfl-YTQguv-3o0JcMwo_qXgmDkdpyQHVUusgY8Miy8fQwd0sv9f1PBSoku-tL-eUGLl8TyqjCTjtWdYsw9woe5tG3troZTK74_U3q3ylbTTAAo3OO0_pmmdTAThcx6VpSg&sig=Cg0ArKJSzG2iE5MLgV6pEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame E202 77 KB
26 KB 19ms
18ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1059 / 996 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26861
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E202 119 KB
37 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame E202 335 KB
112 KB 8ms
8ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47536
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CFC5 0
0 41ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudVY2SDDV1bIEPATt9XRy7IoYjP9WXJ0-jxBTEYvZZOCHGugdxcMrW2J80yaSV2ReIAFkyKknjWU_8ncSNUb7KeYa3xjwwLLaNAJDbL3g87hVAHXY3hlA8zfBHNiBKjlfRI0ddRyFiX6fyY0AYrXgrdfODk1wxVSgnYTLdCWB66xu5lTl6nMajsKFtLJMGoLpgo0vNWHAXrqp3WbFCGZY4XkCb2HXCz5zsb9Ocq5bKUGt4QdKZTVK4fPtAKWe1TNPd6B1wU9F9Iv3BrEw_BDq00Rn99Z84h_k3ctcxjkAcwzFuYv7RUfuBz5Dn9Ohm&sai=AMfl-YQGYaezSgHGp6mWV-YFPBauoEirSKS-kBiGzujgsS0CLZbmdRYnbXxdPEdJkThiqwMFTFIJmG3B7VPyIlYfXFoPUyVfFMViBSUBK0F5QSox_Tii1eSbvtU9AT7kl4S1&sig=Cg0ArKJSzFL1v8J2Zut5EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame CFC5 77 KB
26 KB 34ms
34ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1059 / 841 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26861
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CFC5 119 KB
36 KB 37ms
35ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame CFC5 335 KB
112 KB 9ms
8ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47536
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7990 12 KB
5 KB 25ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 30 Nov 2021 10:50:56 GMT
expires: Wed, 30 Nov 2022 10:50:56 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1965
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DE54 783 B
1 KB 40ms
18ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

424d6d82635065fbe41bceb5e786fa6c1c569e975c15647a58f80376399a07a5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zsUiiLL3YBBwbx2OT8owbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 30 Nov 2021 11:23:41 GMT
date: Tue, 30 Nov 2021 11:23:41 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-zsUiiLL3YBBwbx2OT8owbQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame FE99 344 KB
116 KB 14ms
14ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E202 344 KB
116 KB 22ms
21ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
DATA 200
OK truncated
/ Frame E202 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8154fa903676375a7a5c26e77d98bf625c900976b7dbd0b23cd1a85ee2b064b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 21ms
13ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=middle&zMoatSZPS=300x250%20%7C%20middle&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271421830&de=644656152925&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=6&cb=0&ym=0&cu=1638271421830&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983448&zMoatW=300&zMoatH=250&zMoatVGUID=f7e17ce2-36bc-409b-bfaf-8fcbca056ace&zMoatSN=d&zMoatSL=mpu-middle%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=449165839&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:41 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1C09 0
0 42ms
42ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssoYbr4iaEX-E90KmfRdy8-1TXjvdDZO1yClvYn6WN_CoW5MTOtxO2hnk8eU4BeaZUpn4ESmtH2dgK36bDzCdxFIuRuJPLxacGYDDLhZY_hw_j6cWfv6XyaCftpTHAO1tiqS-E4YYpqXUMy6ghTF33hCwvHK-fYkVJxfFSIX6Evm3UffMizjeYZXc7dBip63pyeC5AQGnZNQk0OKaDO0aGK_LJH-x0wqcaJesI9BuzaH6CALj3z8-OE2pixYGr5zcl0AODPg03Nob-8UgqF9OWv6fTH_RN7q8YF9jdjMF-1s_uzM_FAQDZZgCZdWF8wSzpOBvQ&sai=AMfl-YSak_HAOaud-sdkr4lJ1BJsj94gh8_m41Y6ftqGwl61LPa8R2ZFpt7vBGaHaFYL57FRWcn0QXnfR1JspC-QQqqa5TiGAW-SoxyhThJ_e244px454oluRylGpbz9l_I&sig=Cg0ArKJSzCPZrkWXD0lqEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
DATA 200
OK truncated
/ Frame FE99 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fcdb15f4d562071dc245282ec4a2bc7de2d32724dddf951840bcf6ed3df2a4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame CFC5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa7f0bfe56920958bb5a29f3de9ed7040df1a55841f5abc7b161b237e5d29564

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame CFC5 344 KB
116 KB 18ms
18ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame FE99 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame FE99 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE99 0
20 B 54ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=227670071999734&lenfreqs=570%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&eid=31063810%2C44752540%2C31063247&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame FE99 29 KB
12 KB 56ms
55ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=227670071999734&correlator=3800607608633855&output=ldjh&impl=fif&eid=31063810%2C44752540%2C31063247&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvkT8CxvWc_3AMZxYk--J3d2bI69zSs3cB639JuAQIlnSBJp97AmeFfNo5fHWM7fAeudDLis3uzL_OsGFzZxUEjWEhpP0KtQ8eGML14CW-OoqIllb5VxwHStu3m4qiqpEK74Zk7Q7dwpa6mHGeCy5PH3s1b8r9dE-ctXGvmXnh60y1_x4Xd1YaU8Vs1vl-5ZO9yjOXLsok4bB20S_Mu3I6vcLkGI2asXsQeZOrhkFDnibjolqHpzkpqyCZb2U3dos0_DjovuTz8eFTFyu5cFYWmpzeNcqhM4glNGrRkKyud7UgdET1hL7UqFudP%26sai%3DAMfl-YT1Y1sL7PnixEYBFMtdFfJKtXaBMwD-co4x8q-XtbZ3Elo5CaZIq01GVO3bhr_4gRImoW_CK5dSPGXzOJJwpSdHZ6YX7QJkSys-zTy0jsC9ShcCqMoKp5Pjthuq2AE%26sig%3DCg0ArKJSzJ6Uwr7GqhylEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3Df19e19dd68e184ef-22e842d31bcc00e1%3AT%3D1638271421%3AS%3DALNI_Mb01YwTvBBeNxFe-v7FIpga5G0bHA&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638271421&dt=1638271421970&dlt=1638271421707&idt=245&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=407&adks=1319207525&ucis=b486qxn68gr6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=917781862.1638271422&ga_sid=1638271422&ga_hid=1430545041&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e79ac7c73051979cc6307359ada486667c4708828e6eef9fb0bdb75435afde0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12168
x-xss-protection: 0
google-lineitem-id: 5677026463
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138355023537
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3C32 6 KB
3 KB 42ms
15ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 30 Nov 2021 11:23:42 GMT
expires: Wed, 30 Nov 2022 11:23:42 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271421875&de=478611083692&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=10&cb=0&ym=0&cu=1638271421875&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349605378&zMoatW=5&zMoatH=5&zMoatVGUID=f7e17ce2-36bc-409b-bfaf-8fcbca056ace&zMoatSN=d&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=535994228&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:41 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:41 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame E202 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame E202 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E202 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=3630641733233557&lenfreqs=570%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E202 28 KB
12 KB 55ms
55ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3630641733233557&correlator=3880747341417717&output=ldjh&impl=fif&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuwA4AH2AjvaVQPpbXLG5zdK6xhT07OnsYsSZmqlF1hGZunDYVHn8ksqafePuuMEIQgpsBZdaQf_3wKvrgYni8N5f6hQBhW4tEGUu7OtBJRwzfdQrciYbIZO_XvxRsSEjfhtouR0IO04smyMjaZzx5QVoIFvEuYY0IVgrue0SMzRdgJTvFRBDEUeL3rEaCx5CXHI1jISsWORhokKiD9kvoHJ1JCeWQhtoeRyKs5UM79Serhc5XaGG0rDgfJTp481AG3498Xle6HAqrM7EJTCSxfqufFaczw_mU0iKP5gg-mPtHCY6mjEaU3B-gk%26sai%3DAMfl-YQy3Mdc82r6XBWljInCodD-tRJpzZTPzDt_Az-iOGIKEeSOs6Yp80M2TERU67OECHSN7dgd3p3nlTWiWR_FkH8e41EFwfhHm5r2RizgvV6qi1L0ffvEvo4rGi6fhmQ%26sig%3DCg0ArKJSzBxMU7eXDZ5jEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3Df19e19dd68e184ef-22e842d31bcc00e1%3AT%3D1638271421%3AS%3DALNI_Mb01YwTvBBeNxFe-v7FIpga5G0bHA&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638271422&dt=1638271422007&dlt=1638271421723&idt=268&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=1113&adks=1319207525&ucis=idl49jgfw7n8&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=80979463.1638271422&ga_sid=1638271422&ga_hid=504423859&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9fa71e1ae9d4794bc2457dc50d5cf696559e8ead71d61bc229e8daa1993899d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12036
x-xss-protection: 0
google-lineitem-id: 5677026463
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138355023537
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FA9D 6 KB
3 KB 29ms
14ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 30 Nov 2021 11:23:42 GMT
expires: Wed, 30 Nov 2022 11:23:42 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271421894&de=774574387026&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=14&cb=0&ym=0&cu=1638271421894&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983451&zMoatW=300&zMoatH=250&zMoatVGUID=f7e17ce2-36bc-409b-bfaf-8fcbca056ace&zMoatSN=d&zMoatSL=mpu-plus-top%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=1462540918&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame CFC5 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame CFC5 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CFC5 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=484839914100777&lenfreqs=571%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&eid=31063706&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CFC5 28 KB
12 KB 58ms
58ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=484839914100777&correlator=3363876605797255&output=ldjh&impl=fif&eid=31063706&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211130&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstIo0L2bKz836lZsvWns5-lPDDlmSrlO2ut4on8q9ZOOVTtEMfYxlrKZdkuY7-caCyI3RHvzxATjMhLK4HWs2Nhrb-DhdTzIVf20xH6P8S05H1FCELzeh0rWLLpuJ6q0kV-B_PUN_wKjyVbfJh9zJKon11cjB--XjtxsmX89jWEWbh4xQNLVMaD7WUg5ZT6RdLw6mA7cBijBMFeap6bzT2o7VurVz5SCcw-4F8CooO1sYo2wF4Ji3xAp6NZz4YOzp2dDJSuv0cW4KYRem4D2HVRei4E9MtOTKeVCPv8HLhb_kjNNFQ2S0rAtIBI%26sai%3DAMfl-YSkXc4V61JrCZJK7lG4ubOrtOpAOA8dEImhUUomTq6IBmVjABQ48028ccN6syb1M4iBHfqw_Jx0h6pyXeINsVfbR8sD-jacTHpCKW6YXtbtytY1Vd0Wyw6GfllfaLQ9%26sig%3DCg0ArKJSzIr23Msq_PqsEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3Df19e19dd68e184ef-22e842d31bcc00e1%3AT%3D1638271421%3AS%3DALNI_Mb01YwTvBBeNxFe-v7FIpga5G0bHA&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638271422&dt=1638271422042&dlt=1638271421741&idt=284&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=1683&adks=1319207525&ucis=7tft58pvcles&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=1012094214.1638271422&ga_sid=1638271422&ga_hid=1581981583&ga_fc=false&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

c3a05c043f477a5b5e637ee1edf47226e6aca7daedb7f474c8df92cfd8a0ed0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12029
x-xss-protection: 0
google-lineitem-id: 5677026463
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138355023537
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 251E 6 KB
3 KB 29ms
14ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 30 Nov 2021 11:23:42 GMT
expires: Wed, 30 Nov 2022 11:23:42 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DE54 0
0 59ms
59ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=1438064017867750&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE99 0
0 40ms
40ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_whirs&c=sd&s=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EA18 0
0 42ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQKLNCEzuszl4F-q_SYPL0YKVcR6-mE0aGL2SRCeEv8q8LxceJQyUmZxMN_FaHgiZo222fqBgVzAoCSDrfHTY8ceasiSTPfzCVwMLFIuqFiWXwkCxLxqWvBDnTcYzwJaMrIghXHyrmg0Ye-xu6WQLU3e4Ojruzc5xUillNApehH_lCrGt18Kp-ZOltNG12fNVdgVYQRKmFYTWx-nvavFSBBLZTtHoNbKQoy1C7KWqkYNiU9zkhysqyUOk0m8MLAbXs-sBrYtEGUgjAOYtKqW8MRBXTaMLppo-Y4IeUHOtVi7p2a9HERg&sig=Cg0ArKJSzAW5N-wVWpLxEAE&uach_m=[UACH]&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EA18 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Dec 2021 11:21:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EA18 119 KB
36 KB 32ms
15ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EA18 0
0 35ms
16ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQV4fx7vkc7qha0dW2SYN6kWZlo8jky0TGg3oz3kMCwdaKYChStBwQ9i9Y3RT-r46gjfX6FWylhCobUrdjph2Llgv59pw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame EA18 335 KB
112 KB 9ms
7ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47535
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 16181266791146063110
tpc.googlesyndication.com/simgad/ Frame EA18 17 KB
17 KB 8ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16181266791146063110

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 11:18:04 GMT
x-content-type-options: nosniff
age: 518738
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17729
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:34:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Nov 2022 11:18:04 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 10ms
10ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271421911&de=87564516495&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=18&cb=0&ym=0&cu=1638271421911&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983454&zMoatW=300&zMoatH=250&zMoatVGUID=f7e17ce2-36bc-409b-bfaf-8fcbca056ace&zMoatSN=d&zMoatSL=mpu-bottom%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=275666412&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DCC0 0
0 41ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv6u_kgGKXLisBeUlClsbSOT-b-GIHwrkw32ECIpeV6HCM-bEjzk1M9T8b4Pb0gJ2EcI8uE3nI-_0_qg1wx2uxVINQz1KTCRAfPmlJDORcUfTelAWsK2MO_UjxABM2HbHxBBi4v2s99Grlewdui4JkMX4UGs7bLboZTOacOokkRGy7E_ad5BmdYI-2QPc3BIY0XRTtjB94VUpwoDM4HdEMytCeMUY7M9YovvweV6LJH5CohZQE_HsvsUfz5eh-2L7Va7KQQdEH-R4XpDuyuJwEddEcOwr-ldZPwKSMRRamo4J1N4eTAxQ&sig=Cg0ArKJSzMW232lAN9SPEAE&uach_m=[UACH]&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 16181266791146063110
tpc.googlesyndication.com/simgad/ Frame DCC0 17 KB
17 KB 7ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16181266791146063110

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 11:18:04 GMT
x-content-type-options: nosniff
age: 518738
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17729
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:34:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Nov 2022 11:18:04 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame DCC0 2 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Dec 2021 11:21:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DCC0 119 KB
36 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame DCC0 335 KB
112 KB 8ms
8ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47535
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7990 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:18:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 11:18:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6845 0
0 42ms
42ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-eVCgtoPwDCU7yEWVm5R3iOLX4hH6_p5YwZDgNn4v7-kZAc8OptPg7KcIdDkbzdM993x5FJ5m18X16beskzyuTGUcbHTt1tDFFbYczeYOSLiU3Uc7b1iu0eUlN0LFBQEol20KyW3FScm_hrOMWlj2SIecSZsbzgESakG-NBlZIcnGvVMg89yDMIDpFCcq8cj0OHmzF4Q595YprfKUy3wqYEOJB1BsApngWqiZoyxT3illEhoXvcodpqFG2nD4aQ3K7mT2Us8Gt129ih1Lug4dqMSDSoKoRPBeXObDDW_6BA3NNnBtcA&sig=Cg0ArKJSzPN8zQNNLcbKEAE&uach_m=[UACH]&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 16181266791146063110
tpc.googlesyndication.com/simgad/ Frame 6845 17 KB
17 KB 8ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16181266791146063110

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 11:18:04 GMT
x-content-type-options: nosniff
age: 518738
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17729
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:34:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Nov 2022 11:18:04 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 6845 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Dec 2021 11:21:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6845 119 KB
36 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame 6845 335 KB
112 KB 8ms
7ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: 0YXEKRETNSDAW5KG
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47535
accept-ranges: bytes
content-length: 114431
x-amz-id-2: C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EA18 0
0 43ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstpKblyZunqA2L_QePROJb5gSIOToOt60O90VU2oM1DFeVRyQnYTHF10fAdaHuScOwwAky7T08pCqRX-TZ2aBQMnwhhCnaKtv-maFof4cWnXtArGBgQAh8VQbdXNgqKDa9F1R3gbcXlGkZhN6nXZs5pO9CA112yl5ZPhGhk2PZaZB130YKIwBBmEvxtw7ljQiRwsYJxRSXgH6ZoQFmhSUkcXCgkXIQ9Pj9hK_NAYcB62FjKvFMBSxWLU9Is9foicULNuRLfpSPAwdLbdzWslXebX4Byv9ZgJWxg-rt6-ZIzDdhPfFHJ0hVt&sig=Cg0ArKJSzIR_v8q0nEU2EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
DATA 200
OK truncated
/ Frame EA18 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 616df8472fe04237b6523fef0027368713c30655742fb2454e14383b0f3ad204

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271422156&de=916909635658&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=22&cb=0&ym=0&cu=1638271422156&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=686473028&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 40ms
9ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422156&r=916909635658&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 41ms
10ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422156&r=916909635658&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 43ms
12ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422156&r=916909635658&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FE99 0
0 41ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv3hjZU_kRzWTDrwJnkD7_-oZgJxUQpM0VcAOiVSxzZIXnwgXhI7kQEhRvdTytzgA-jd_5xyPzdLxSsVzzn_XgcSsjfqKgXFDMEytvpik0XIB_R7Q8zLP7Jp3S_S3lJ2L1MHt4gsL-0vGzrZyhu2wnfXNO4qNIDfGdnrSvGLWu1jL5qqhUva8RZf6jO2xSu1D2GQgkKSiA3En5mUAAG-gF8H9ABpkbB5To8KPqJkKHhlKEsP7WvwcXgMDE9GKYB5N8B9Ags77JQDPBHsg4EqHMtpgENrqgjlu_bMi3nJ_7OZ3FSn5-IPoS8uucs1WOc8Qk&sai=AMfl-YRz8RD-z6pWocJfyf3CNDC8zvYA9N4enG08gcVaFGO4KoAY8RWXQ55y_epXMg21mzoEj0KbAYdTHRiabT3FQ39EX2VNIK6YtTtvcrNb2mAicah6RpK9n6j_uZZIlr8&sig=Cg0ArKJSzPZ7VCTg_jgmEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame FE99 12 KB
9 KB 34ms
20ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c8d39326700314c4ed6e2eddd8ee115bb112d1616e5928329bd44251ed92baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9186
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame DCC0 0
0 42ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRZybGP5Sn4imZTCIz1rNmK_j792m3YZjYK-f6-IveEAsPi_ogXo8xoUbAlfLyh6oljzBzKgwWX_k-b31z5WHarpjB1fxauVuATo84-Ma8El5dE6heG7XyiuIYRwT12mRuN_gMuPH3gjOsAZkvLfWZX13Rbs604XrmeRbX0418T8CgqEZMxs9oFMcU_QPUpIf687_EFLa-MHCQhvSKZQLdbK3om71zLydT3GCeyIX1qaStDNnKMso6gRkne_4ABl0eksySG5BdmO7ABQZxe4s_Gxfklm9a9toPlD23sEhYIZufjEVVl48p&sig=Cg0ArKJSzJieo-WhEDaMEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
DATA 200
OK truncated
/ Frame DCC0 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29a7af37131ffd439761478850f234c61ad2853268e5e49419de2ef5934b4de4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 9ms
8ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422208&r=245272086288&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 10ms
10ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422208&r=245272086288&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E202 0
0 41ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaVYSX5QwIG7WPtmREhVzejPXzmT97ACCFLHqp2G2FT3DyQsPN7td8XWIBKaQgXq4BpWAEur_1YMxTYnhw6cP1yKRVPTMkdtUPNPctTFa7AlVA_uuy7uQ6sXp4GpWBfLLtqHR5VnrcVq_1F7bZcSk4vdqcxcOPW3R5dZWNS5pqusft0hfWZni_SkkoToMb7iFRlfIJY5NwgoNrC2lUWHIJu-oFMJqnL6QOB7Twt_srkhF_NmjtL020d8B9gvC8IONyDCgtQCAvY7y75nT0Fve0NaHgNLC-xW5MFj6GcXiBdUP86iIkYmOwAqwye7GywdM&sai=AMfl-YQMzEFObkfeOD1WHoSEycrRLcCnTHh9oyDPr_Lb54tzIE-wVB3gqyRAVSkKGLZhZ_aFfg7bt2OOQQEQ93C_MrArMGThzjR46ObHi5dmQqFetkQgy46FqB4FdlAIoo4&sig=Cg0ArKJSzM0FfOulLeyYEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E202 12 KB
9 KB 25ms
25ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2e64e6c0573790dd1b75396cba77a001bc60c030a15da96ca2d129a226277e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9259
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6845 0
0 41ms
41ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssREcx8Eqohz4zWBQW7i3zOjPAtasvpSCO-IYqOw54G4sV5_IGccACqsN7jHt3EWUsJd6fuaezC0I_ZdxYfttu1oUTguhbQ58AnGfYamkUk5jwtPVP6oDNrT8THjry6k-cmEI9E9VwF5r5cugQ_2UjZ7WNCuEq5Dl_ANg2kEOf-N9C4VBVV5cGpZ_Hs-6AXZ2siHVHsqx4KNh39WFHXWrgp-C0Sd7sfKSIhrRFKrCWmPpTb5qQva7Xy2XpRZFt3uPE7HOLUWcPda2rYITYtG-6J6fZc-rJODX409MTaQO4hUH4047C1xePS&sig=Cg0ArKJSzLSnYT5PvatxEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
DATA 200
OK truncated
/ Frame 6845 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd6596b0da9faf82fc2f21e62744abdd3be2df9a4f363abd942c952d9c41b093

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 9ms
9ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422255&r=507848864122&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 11ms
10ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422255&r=507848864122&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CFC5 0
0 42ms
42ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst9luNMw0M_W7pf9KGyIO1_1yMexS5O_HYj_KmgAGoSatV1X5yA2oM9JSMPDRrBg5UC_AcXaC15S0YE3AOY-y8e8aK-r7LMGfN33qrTLc4chC6MLJFr5y9fY_FU38cs2cvmqAqxiRVP1nwNCCZie_VuraLGEEJZyYI9BobXF1j59mwfzqv_lVi0UAOmmZ_3OqYZHPMsy2LX-JdQWm5XYDRn3jvfQiDMSEsO2ie3vzFULhI438eY4ysjaAKvc9KYrce-rlbRbYgbAJ15Dbp8X0gGTU2UCin9Mp4zS94T3GenGoP05PgLH7Tow9zIkbil5-0&sai=AMfl-YSVO7x3zympFlAm9_PEqnLZ6Xyi-ZKgyYo0O6At1UsxvSrHujFtRUw-1EHyfEydD428c4KyKu_55-jrKvAJdNCHLJLgwEkruaZy0tcwE7Qcl82waXeLOSB8SBzw_JlH&sig=Cg0ArKJSzPlCtbdFsGBSEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CFC5 12 KB
9 KB 21ms
21ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

351d1b78336bf58f166a8619792ed9e1d358483ab2fd1a2900a0c262a12d4443

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9187
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame FE99 17 KB
6 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 10ms
9ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422156&de=916909635658&cu=1638271422156&m=16&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A585%3A585%3A1483%3A545&as=0&ag=3&an=0&gf=3&gg=0&ix=3&ic=3&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=3&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5&cd=0&ah=5&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=3&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1892672026&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E202 17 KB
6 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CFC5 17 KB
6 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271422208&de=245272086288&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=26&cb=0&ym=0&cu=1638271422208&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=1405879039&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 013B 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 30 Nov 2021 10:50:56 GMT
expires: Wed, 30 Nov 2022 10:50:56 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D956 783 B
535 B 17ms
16ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4e2715bb6805fe0600e01c69a6840ec978f91eec9276381dfafd1cf84b605188

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-JaTw5JgKqhpGHGzWazPtOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 30 Nov 2021 11:23:42 GMT
date: Tue, 30 Nov 2021 11:23:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-JaTw5JgKqhpGHGzWazPtOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422208&de=245272086288&cu=1638271422208&m=11&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=35&vx=35%3A-%3A-&pe=1%3A585%3A585%3A1483%3A545&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&ez=1&pg=35&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3&cd=0&ah=3&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-middle&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-middle&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=1&jk=2&jm=-1&tz=mpu-middle&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1754243209&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 10DE 12 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 30 Nov 2021 10:50:56 GMT
expires: Wed, 30 Nov 2022 10:50:56 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 35E1 783 B
535 B 25ms
24ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

95331b9bfdd7d763901dcced5596ec9681e4d3d43421b790da741bd2faff0542

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jt7cpIz2SlTWJ0UaGe8ZBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 30 Nov 2021 11:23:42 GMT
date: Tue, 30 Nov 2021 11:23:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-jt7cpIz2SlTWJ0UaGe8ZBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 6D97 12 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Tue, 30 Nov 2021 10:50:56 GMT
expires: Wed, 30 Nov 2022 10:50:56 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EBFC 783 B
536 B 21ms
21ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e07b3e96a19c49c775eb51c33d1f7a9063c8ea1bcb4e2524f9358691f46e191f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MP0dTmdiG8BfjgR95ziPKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 30 Nov 2021 11:23:42 GMT
date: Tue, 30 Nov 2021 11:23:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-MP0dTmdiG8BfjgR95ziPKA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 9ms
9ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638271422255&de=507848864122&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=30&cb=0&ym=0&cu=1638271422255&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A585%3A585%3A1483%3A545&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=1229163147&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 13ms
12ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=215&fi=1&apd=217&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422156&r=916909635658&t=hdn&os=1&fi2=0&div1=0&ait=106&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422255&de=507848864122&cu=1638271422255&m=8&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A585%3A585%3A1483%3A545&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3&cd=0&ah=3&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-bottom&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-bottom&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jk=2&jm=-1&tz=mpu-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1851218359&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D956 0
0 59ms
59ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=227670071999734&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 35E1 0
0 61ms
60ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=3630641733233557&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EBFC 0
0 59ms
59ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=484839914100777&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 8ms
8ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=200&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422208&r=245272086288&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 013B 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:18:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 11:18:22 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 10DE 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:18:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 11:18:22 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6D97 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 11:18:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 320
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 11:18:22 GMT

POST
H/1.1 204
No Content /
684dd32b.akstat.io/ 0
354 B 61ms
46ms Ping
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32b.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 30 Nov 2021 11:23:42 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 8ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=230&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422255&r=507848864122&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:42 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=1438064017867750&bg=!Dg2lDUnNAAZQLpa_UC47ACkAdvg8WkpwiwXi-kEZCNjNbUrmmelL-RzKfBvHmoBKN9ch3lM0Vc-fmgIAAADcUgAAABVoAQcKAKfNypjRw1jf_lGAjVwAJC_QTVJG3Vmzj_0vwEdZD-yCDOOyWZE880nXQfsKQUXsFM2UzZKnl7-0iYJvPE2EalDMJ0-C-sNvGYnoEDIVA2k_I8mhsTRMkbMEiswyRr112WcSIsrr33ZHR6l_ta3xswmhQNXbhaT-ccJYWvU287mgFqo95yvjcoyUyuVRPn3ks3dsiMUg0MfpgvgC0sExU9PH01QFhqs9kJkCbeXY5vJnaqlsLP_7Vq509rhcHMjyZqBvAnKUraXDWYw_nMRVijd_xKa6lwjlh9Cp1zr7KQRq1etJu40-tPOyr1Ie3vGyGq0Gc6kr88HIk9cnKGAj-22E8a4MPax7rBw7aIHsSWlQbxcVzetixCGhVwCja80C95Ir3O36VG_DUIgggUVtxXLHsTcG91rE-Nj0prnmECcd3j3wzJvfaFB3cmb2nyWjmAJdwCFuLbkgxi1162OnF4jkQtjQjKtSIAmxx3fgjslqyzXzsbNaqbDzKKBw7AHX0jRk-mtUy4RqQdVCz6eDw4csfvoi4Ik3SkA8zJaatZoZlzIE1wHgFk1dcP2edH59xMEbKu07ThlEhoKTUsR3sw833yogXls2PLZf3PmEfocmCbBWAVFz9nqnki9EsppDFeJSTsVOskY42NnPfoIn5Gsqmogbyck87EIpzU4OslQ0nvyuuiDbSHBjmjaBWElOYvCnQ6k23PVpDNpK7dsrBg7b0GU-FNycXzXXA9BFRcJ7H_g43vyPhENdzBEnkLxh1ZybChzOIe5zXH8gj3tsrQFIkD3VdAqeMlrp1mEI1J0CyNmu1ePNFT3pnvxeBX4x5NXIAR_HvPP6TlRYBcO0DvX8pFq7db4YxGMgScj57YYn3gZCnV9fypx2B_0qVFp005hHS6o5vBZX9v6K-COP-n4mltQRNRGbSZvK5uFZvEbzHb5VUBNVDe9gVfT6ICVB0BzU67Y5H6T0lROBj1NqjuD1tjbVmipfHHHTV09LkEN3_qeh9kxwtDmppJ6s0i5-WLNiEac39VGSyifNC44s7qdwndPP5n8Wzg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE99 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=227670071999734&bg=!p6SlpODNAAZQLpa_UC47ACkAdvg8WmduYEKcnDEE-tCnpoUCcUQo3mEEjb2-BDPkxjZSCr_S-M6o4AIAAACXUgAAACJoAQcKABrrpeC3VCBjKZKfnW604_j-vGesiM0io9BHgZkCn_oPsldV5tlkt4J9iFcn9TuKtMXzBYPXjWvseXV-SnePL4ekiBViQGMTfWqQ3u5nxuUvsoHvN9lWTdsHsUk9OGapKnVNFgFkfZjElO6vd_u6bm5O8fnp_WpOigMgli3j59fBEorssmfq1JTKOZzOPeI5YXJ3EcRDuDmOaaefcMbY4Ogljud8Ho8HI5nJ_3YflfYhUzFFdxoE6TCaOFaEjBoQoYJnuG42N9mi5O0nqHRiZhShJ4ETBW7BqkuIaGP0Ywd8Btum3so27AvgJWrTwCSw-rR7m9lEwwuxmmd2Q4AYRSgJYbuz3xoRcqZtcLySxA5UI1EKY7S3puDoHNoyMSp0VN8jkUbgYVE25-1b2PEIrd7cLdY1aHlM4z3NUDAFVhODKEyw1OXS90xAXnrZzzu_8W6r8wI2mvpk9_3hBdGJyAeNcfNLpCnON5kOkW2PChiTPlHNKq9BldGD-rmw5_LuH2-bohkEYuObn9qgD4eFpzwBrF8jSdo5kMXrvbvUUMZkTvkCpEYn92e0IGiqsRFQooBLqu1hfokECN4yYBDtCKtWmxfGhwaEB5v-T9O055LbRCNHIylpEKTDYnPsiTAo3vXGpvbIyWEQ_vXFhuG1CB2WMv3ftg7TLbrLj8fG6yiC4E7XJDr9l4SkySmoOg--2MnrJHw-SrZH5te0B4whg_diO_wk8FyaXiT5HDr2SxqTrL6tMxYVX_rs2D_bDmILZnLGN6WsaClW-45PZpKVBFK0Q9BlIgqAGX51ZEnQ0DMueAJSUAbiUayYr3-9Hx8ZNRmoCDm8kUA1PBy8kfHOsHHpCqqp1yJ7EdMW7tCawcsuyAi7-GqoPZXDdf4bbQ3FgItREbuv5xK356yadyN9VqzH-6mw6KoxKgZ95T2T

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E202 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=3630641733233557&bg=!hoWlhcHNAAZQLpa_UC47ACkAdvg8Wo4kcEJCee1sfHKr9kGlbEy803UCuR1LEHfaB1jI1eFYH-TbSgIAAAC2UgAAAApoAQcKAQ_4cD6Xi2n0rDonylHRMYRQb8HyO4Pqvg2yVQBdxgIKYrFZGwtefpiD387n0GHyX7GXdmbCAyjCBw8qKYDvZBPA3NRuAMrrm77B31qJYdN0_SNx0Yb6che68h6kqtXGXr8KSeXJupwEFbHqB2qglo84RWaV5_f9cZlHMgAE0v47WcFGPrOQ0FOjJxo_pUuPkYEitGJYyeReS5lifrLJqRxL4FxCu-iKNLUvyjoOYqlTFJ9XEVCGu14t6ASTzL_kz0xfzpHr69gWOnp3A5-_G_1XZ704O7_e6-tmvrJYH2NhW5r8m9mtpNXld6HQ4_ubWYG8sBr-188yF61p2Mt--N25TxFuiX62esQ7d6bhfSFMmQKKT-Xu2s5s-7Nwon0GI6zggSoLQjQ1h3IDPyayTz_m9Zyxp2tI0BC_xjzYVMYSCONSBPo5lB_pblBlPAP67qZO8cmd-GduV_FGXaP5VuOGV2cS0m0xE0gRNGojd1FK2fWcucwuLX-l6YgFMU-pBvuzAvamCLcj2RSop9lavEmcbrcSCnn8ohQlcsmAyRLMyaLQKetN8CDLgGTxjpq1Z5nXeRzTl_FfTo0qIuqeShiw0XuIoeZ2JpTExtn8GF2xNCO2uW6awXRlVIRfHfKCFfny6Q37zLUP_UEy7uD7OfLe65C4urXrv7EKjdgZccAjh93sgNqHOzHpHcIHmnOlqd6uvEHZsxMbRI5ZhC02DMpFlExslisoNb7NavV3MBT0ePUbr8_W95hwbv-EyCge9g2gGQwG8v7ZZzNt3-g2UFG-eOo7_z4VycJZZUyn6z3EbDNq8LbKDT8OZzalDMgginn00vjMXCJz6vFZNMbD7OLWhQdLh7WBLtkGR_UIFcArlDdECrcCxblO9bGkzZTfwZ_2CpMzJfwv6967v-gLvAmh9y-zDgCAFkvyn7xvBOgvyTnOzHMm4E9GesqN8jWFKhE9g2QZmmj1PrKPaznNRqyjRssavSo-JtryozhXJ_LcxYAJPEoD0bIAWXyWRdRdlL3-Ye9-vtvB2I43snxQ31aOzKcBRv6oIygDghVdbX6kpJipWC4vB81knauDerYOPVUs7uvuKseNejq509ob5aLRajee08KF1VoezjAHUEeVtK-pYidTB9jsPBKggrCOpg5Foj3nvuzSObcYQCoXohDj1W1Wy-3MJ9G4N2DfjZ3fX8Ue65_4J_gIrhEhyEEykgiu4GSohc27ljaKYCg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CFC5 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=484839914100777&bg=!ycqlyo7NAAZQLpa_UC47ACkAdvg8WhnwvurkfAGh3_3baKlQNcnrbkPgofLx7De6mchZKjRwv3SHpgIAAACoUgAAAAtoAQcKANSM2QAoXnirXmUPscFoYprMNKRqoa_m1lFsp995CJziLnGOOCl8WC75ngSvr2Iw00_6T6CRmBoQPBco56mHzZOUMdry7LaOfvm8VXNaqU7y-9OUXrq2aQZsrBIoIHroFWkrEJ1gTMP9Uc--ij5cMY0uXd-NmwT3qbH5Vx57QrKjDwjrajsoPN70RKlJ8uiWPArTy2B_IRHv2QcFOoBR_FNv7XbM1TBx_nj3DL15o-kYsHQOOhx3DBl3lHnexOXUMm2O6flsnWkN0CasTPfRxkuk0ElpH5kCj8kuY6bn3qhloCPKbnaiSi1LT5n3Rv07deVpZ0u1fh26rxOypQu11eXsKQ5jCN_-2UnqM2pt72mUzr1ymHz5YM7TXz9DOYL1p2Ct59jtM5w4qM76SZDgsA-zHRvSZEOCLpLYkiGLvZuV8-pINpjL9fWZg3niDwcd0aQZmNwz0Gi-uUZ_srUplGJz8rVTKX1MDEiv06QcYNZE8SSHJNAD5EhZKZfU-b8I1Bpz_4Lf2cYSbQJE1dPLgl0quEoCE-CBcpOR6JkoG2arqHEveBrWw5-8xMqDkseVMf_RmnuRXbvBN-WIqPv34nsNuxKW8rKZ0Sn4C7IJS8bV-cVS57LYgUCA8ryhzZzy_HG9ASxr2f6k9NxLaBWTuDg4anMIl0F8F7pe4oQxBaC7xdzYfHw758XBzcMSrGK9eIs-Bodzko_4J-kuJlCmaof2xi_Cs-qiGGuqHBrLBBgoneiFOv4BN3XJjmXfacNGSSaPTL-leZr739YDBdPSK6vt8BcgbDIpRA3w_dxV8AvUl1fW23OAAjRcON04kOnn3tCGuVrphiZv-Qz0bwDKiULtjxCqOeqmuq-H7kKyb7fzM2THuS8EG_PxKEwMh-ovSKPGYfIxDMdr6DpA_F99mbG57GBm2RqultX13QQa7RHqf_4xNEzqRC6dPqRx_PXM7rr2DmT0nfjaJOudpWxkwwCGuQ_nOAt8PVyI2bgS69aCbU2z2q-_8eTvL031rj37l62it93Vzr2CJnVOaMvDqObIr-S9MbvWqm9Df4v9C9cPEdN1_dgBQydvEzDiveTasAGt9COacUaGlWxS6qEnGyWk3MdY2G2RKBWZ3Z96CY55Xe9M6q7r0yj-Z3TXPTdu2yUUDUl8PEw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EA18 42 B
64 B 29ms
28ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssKUl-VrR9-1gz_LsaHEwmKBJ4Nh3xOgympcELXW7dz_1QkxUtKAOZOOj21nxlaPGxjvpkjvxAC4W1Y_c2s0Pocc4LN3oSBRi0FDCWSTNcrzRXBmWbM&sig=Cg0ArKJSzK5ugqRKa4WuEAE&id=lidar2&mcvt=1000&p=407,1050,657,1350&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=1319207525&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638271422066&rpt=77&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FE99 42 B
64 B 28ms
28ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss8wnuNxXvR87czjSQ6nwt8XxGMNitUfxtoaC4-xx8FMsXCri72vVsXDEKuYPSe7J57boMPQ-1v7sIYvhOrS_vo2ZzZ4QMIn-DuAacUG1eYiUBtGkSP&sig=Cg0ArKJSzAticUqLJmM8EAE&id=lidar2&mcvt=1000&p=407,1050,657,1350&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=36326968&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638271421707&rpt=469&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
8ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422156&de=916909635658&cu=1638271422156&m=1041&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&lh=67&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A585%3A585%3A1483%3A545&as=1&ag=1034&an=3&gi=1&gf=1034&gg=3&ix=1034&ic=1034&ez=1&ck=1034&kw=834&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1034&bx=3&ci=1034&jz=834&dj=1&aa=0&ad=925&cn=0&gk=925&gl=0&ik=925&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=834&cd=5&ah=834&am=5&xd=00&rf=0&re=1&ft=925&fv=0&fw=925&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1687969003&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:43 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 7ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=834&tet=1034&fi=1&apd=1036&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638271422156&r=916909635658&t=iv&os=1&fi2=0&div1=1&ait=925&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:43 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422156&de=916909635658&cu=1638271422156&m=1042&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&lh=67&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A585%3A585%3A1483%3A545&as=1&ag=1034&an=1034&gi=1&gf=1034&gg=1034&ix=1034&ic=1034&ez=1&ck=1034&kw=834&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1034&bx=1034&ci=1034&jz=834&dj=1&aa=0&ad=925&cn=925&gk=925&gl=925&ik=925&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=834&cd=834&ah=834&am=834&xd=00&rf=0&re=1&ft=925&fv=925&fw=925&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1500583377&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:43 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
8ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422156&de=916909635658&cu=1638271422156&m=1044&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&lh=67&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A585%3A585%3A1483%3A545&as=1&ag=1034&an=1034&gi=1&gf=1034&gg=1034&ix=1034&ic=1034&ez=1&ck=1034&kw=834&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1034&bx=1034&ci=1034&jz=834&dj=1&aa=0&ad=925&cn=925&gk=925&gl=925&ik=925&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=834&cd=834&ah=834&am=834&xd=00&rf=0&re=1&ft=925&fv=925&fw=925&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=68418764&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:43 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-bAz9O0QsCUp3NAjXwwClNhIVsVBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-U21WeGF%2FRhwnGA%3D%3D&sc=1&os=1-kw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&pcode=redventuresgamheader644747280705&rx=484769739324&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers%2F%3Fftag%3DCOS-05-10aaa0g%5Cu0026taid%3D61a5f627a5e4bc0001bdef58&id=1&ii=4&f=0&j=&t=1638271422156&de=916909635658&cu=1638271422156&m=1247&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4239&le=1&lf=0&lg=1&lh=67&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A585%3A585%3A1483%3A545&as=1&ag=1241&an=1034&gi=1&gf=1241&gg=1034&ix=1241&ic=1241&ez=1&ck=1034&kw=834&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1241&bx=1034&ci=1034&jz=834&dj=1&aa=1&ad=1132&cn=925&gn=1&gk=1132&gl=925&ik=1132&co=1132&cp=1036&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1036&cd=834&ah=1036&am=834&xd=00&rf=0&re=1&ft=1132&fv=925&fw=925&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fover-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=461514870&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Nov 2021 11:23:43 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 30 Nov 2021 11:23:43 GMT

Verdicts & Comments Add Verdict or Comment

191 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers	1970-01-19 23:05:34	Name: pv Value: 1
www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers	1969-12-31 23:59:59	Name: zdnet_ad Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22aw%22%2C%22subses%22%3A%225%22%2C%22session%22%3A%22d%22%7D
www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers	1969-12-31 23:59:59	Name: zdnet_ad_ftag Value: COS-05-10aaa0g%5Cu0026taid
www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers	1969-12-31 23:59:59	Name: OptanonAlertBoxClosed Value: 0000-00-00T00:00:00.000Z
.zdnet.com/	1970-01-19 23:14:36	Name: fly_geo Value: {"countryCode": "de"}
.zdnet.com/	1970-01-19 23:14:36	Name: fly_device Value: desktop
.zdnet.com/	1969-12-31 23:59:59	Name: fly_preferred_edition Value: eu
.zdnet.com/	1969-12-31 23:59:59	Name: fly_default_edition Value: eu
www.zdnet.com/	1970-01-20 07:50:07	Name: _mfuuid_ Value: b44eba8c-a62c-49c2-8655-ee4e389ca604
.spotify.com/	1970-01-20 07:50:07	Name: sp_t Value: ad81b521e6fe1dc793c95a37b1058123
.spotify.com/	1970-01-19 23:05:57	Name: sp_landing Value: https%3A%2F%2Fopen.spotify.com%2Fembed-podcast%2Fepisode%2F7frpbXo4jPvnk0N3gBGpo6
.zdnet.com/	1970-01-19 23:47:43	Name: arrowImp Value: true
.zdnet.com/	1970-01-19 23:47:43	Name: arrowImpCnt Value: 1
.zdnet.com/	1969-12-31 23:59:59	Name: zdnetSessionStarted Value: true
.zdnet.com/	1970-01-19 23:47:43	Name: zdnetSessionCount Value: 1
www.zdnet.com/	1969-12-31 23:59:59	Name: viewGuid Value: f7e17ce2-36bc-409b-bfaf-8fcbca056ace
.zdnet.com/	1969-12-31 23:59:59	Name: fly_session Value: c2f1149bc1a4ea8ea3e424d52ca14d60
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: a4bd7193c54c679d
.www.zdnet.com/	1970-01-20 16:35:43	Name: chsn_cnsnt Value: tglr_ref%2Ctglr_req%2Ctglr_sess_id%2Ctglr_sess_count%2Ctglr_anon_id%2Ctglr_tenant_id%2Ctglr_virtual_ref%2Ctglr_transit_id%2Cchsn_dcsn_cache%2Cpmpdid%2Cpmpredirected%2Cpmpredir%2Cfuseid%2Ccohsn_xs_id%2Cchsn_auth_id%2ChashID%2CetagID%2CreinforcedID%2ChttpOnlyID%2CfpID%2CflID%2Ctglr_smpl%2Ctglr_reinforce%2Ctglr_gpc_sess_id%2Ctglr_hash_id
.www.zdnet.com/	1970-01-20 16:35:43	Name: tglr_tenant_id Value: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
.www.zdnet.com/	1970-01-19 23:04:33	Name: tglr_transit_id Value: 3df5e68a-a459-46b6-8abf-a09622e361e5
.www.zdnet.com/	1970-01-19 23:04:33	Name: tglr_sess_id Value: cd0024fa-f7fa-47b6-9847-2ea43f2b7037
.www.zdnet.com/	1970-01-20 16:35:43	Name: tglr_sess_count Value: 1
.www.zdnet.com/	1970-01-19 23:04:33	Name: tglr_req Value: https://www.zdnet.com/article/over-300000-android-users-have-downloaded-these-banking-trojan-malware-apps-say-security-researchers/?ftag=COS-05-10aaa0g\u0026taid=61a5f627a5e4bc0001bdef58
.www.zdnet.com/	1970-01-20 16:35:43	Name: tglr_anon_id Value: 4ff06abd-617a-4d20-adf9-8933b4ae4848
.cohesionapps.com/	1970-01-20 16:35:43	Name: cohsn_xs_id Value: acc39f73-5d17-4db4-86bc-f51f9d5de766
.www.zdnet.com/	1970-01-20 16:35:43	Name: cohsn_xs_id Value: acc39f73-5d17-4db4-86bc-f51f9d5de766
www.zdnet.com/	1970-01-20 08:33:19	Name: _cb_ls Value: 1
www.zdnet.com/	1970-01-20 08:33:19	Name: _cb Value: BuGw3JDsyh7wCBtxjB
www.zdnet.com/	1970-01-20 08:33:19	Name: _chartbeat2 Value: .1638271420609.1638271420609.1.6cL7NBr66qVBZ7uJZyPPq0DmUFDN.1
www.zdnet.com/	1970-01-19 23:04:33	Name: _cb_svref Value: null
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5A Value: s5610\|YaYJv
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|A9CsNFoQ5K/DWCet2ogsIBP0vIhaOOWfliBRT/qkfmAh+urPaQTjRsKcZLjliObLRXOqtD6qDAuneV3IXSeRTVvE8QI6g1Y1yk4Vad3QREh28zX8YKRfI6r+JKnHMVn/BdTLwVQPPUDx
.rubiconproject.com/	1970-01-20 07:50:07	Name: khaos Value: KWM0I6EW-19-EDGN
.rubiconproject.com/	1970-01-20 07:50:07	Name: audit Value: 1\|naVuGyos1qrHDr6Tj2KKc6Q/Fn9jJ2Tlph+Ceuqbr/ebi+2Td/xv7XOGqOvPnmoToQqGyDb68UlymPvo8plePxU0X4QtZmieLOO6pTeYsdc=
www.zdnet.com/	1970-01-19 23:05:57	Name: _lr_geo_location Value: DE
.zdnet.com/	1970-01-20 07:50:07	Name: utag_main Value: v_id:017d709609010023ddbfc94e00b40307200ba06a00b08$_sn:1$_se:2$_ss:0$_st:1638273221078$ses_id:1638271420674%3Bexp-session$_pn:1%3Bexp-session$linktag:notification%3Bexp-session
.zdnet.com/	1970-01-19 23:14:36	Name: RT Value: "z=1&dm=zdnet.com&si=4be081e1-9ad6-477c-a905-8077585ba8ae&ss=kwm0i4sq&sl=1&tt=181&bcn=%2F%2F684dd32b.akstat.io%2F&ld=205"
.www.zdnet.com/	1970-01-19 23:04:33	Name: tglr_ref Value: null
www.zdnet.com/	1970-01-19 23:05:31	Name: _BB.enr Value:
.doubleclick.net/	1970-01-20 08:26:07	Name: IDE Value: AHWqTUk7N6y4wmyA-mFiOMA8KhwTJAshilDMeo5MCAq-By16sJjWwEeG6YH2zky-N1M
.zdnet.com/	1970-01-20 08:26:07	Name: __gads Value: ID=f19e19dd68e184ef:T=1638271421:S=ALNI_MYPv1CMjsr0adl8lLZiyCYhbVq6Jg

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.83431d2a.js Message: It is recommended that a robustness level be specified. Not specifying the robustness level could result in unexpected behavior.
javascript	warning	URL: https://open.spotify.com/embed-podcast/episode/7frpbXo4jPvnk0N3gBGpo6 Message: The resource https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

26145460e77c4a9b57bf07308a9a08c2.safeframe.googlesyndication.com
30c4817bc22173d9ad7f6311b9620aaf.safeframe.googlesyndication.com
684dd32b.akstat.io
9f3da3cf603ac9e83b6f3241dd12f2da.safeframe.googlesyndication.com
a.myfidevs.io
adservice.google.com
adservice.google.de
apex.go.sonobi.com
apresolve.spotify.com
at.adtech.redventures.io
ats.rlcdn.com
bam-cell.nr-data.net
c.amazon-adsystem.com
c.go-mpulse.net
c2shb.ssp.yahoo.com
cdn-gl.imrworldwide.com
cdn.cohesionapps.com
cnet-d.openx.net
confiant-integrations.global.ssl.fastly.net
e137ac64f37f077f7b71438054b6df84.safeframe.googlesyndication.com
fastlane.rubiconproject.com
geo.moatads.com
geo.privacymanager.io
gew1-spclient.spotify.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.scdn.co
ib.adnxs.com
ingest.make.rvapps.io
js-agent.newrelic.com
mb.moatads.com
monarch.cohesionapps.com
o22381.ingest.sentry.io
open.scdn.co
open.spotify.com
pagead2.googlesyndication.com
ping.chartbeat.net
px.moatads.com
redventuresgamdisplay60805146916.s.moatpixel.com
s0.2mdn.net
securepubads.g.doubleclick.net
sofia.trustx.org
static.chartbeat.com
static.myfinance.com
taggy.cohesionapps.com
tags.tiqcdn.com
tpc.googlesyndication.com
unpkg.com
urs.zdnet.com
web-sdk.urbanairship.com
www.google.com
www.googletagservices.com
www.myfinance.com
www.zdnet.com
z.moatads.com
104.75.88.194
13.224.193.85
13.224.193.91
13.224.198.4
13.225.77.75
142.250.186.34
151.101.130.137
151.101.130.154
151.101.65.194
162.247.243.146
178.162.133.150
18.156.195.47
18.211.163.90
184.30.25.161
184.72.183.173
185.33.220.240
185.64.189.112
2.18.235.40
23.37.38.181
2600:1901:0:524d::
2600:1901:1:5ca::
2600:1901:1:c36::
2600:9000:20eb:0:18:1fcd:34f:cdc1
2600:9000:21f3:7e00:2:42d9:3100:93a1
2602:803:c003:200::51
2606:4700:3037::6815:2b8a
2606:4700::6810:7caf
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2006
2a00:1450:4001:812::2004
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82f::2002
2a02:26f0:6c00:1bb::11a6
2a02:26f0:6c00:287::11a6
2a04:4e42:4c::666
2a04:4e42:62::760
34.120.195.249
34.120.203.121
34.199.156.235
35.179.78.10
35.211.168.6
35.227.208.151
35.244.159.8
52.208.32.237
52.6.232.190
54.174.20.197
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
021ccb0573dd01c5c3b9453f99f57f8bc9ec687526dbf7147dac0b7a919074a6
02a6ec5d410ab5d622724b17959edbc7238bab81038f5ee21dd7d18083c742ed
05be29c8885c8595c7e2c73dbd660fe5d06a9ac7b46284d2729562b87dcc2832
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d2078bf12beaaf3694eb02a46c6de631d4a5e4ba52b25d3d9a64c7c52626fad
0e34a1f8b89711313e93713b9857ea849baf24c0984b9ac82feab9d8f68d9969
0f1dc28a388e9bfb6757d2167be08207fc50492ee5bb5f41e8e818b30adbb58a
0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe
1057d5fd733028374c07f587279e61230771eddfd056ce12fb75492fd1224ffd
12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb
15fc6da0c56525b38a69504e4d5e73d1126290aff814150c4468d303a73bc727
17136e0801a8b2d72b02c8899704a46faf5ee0a3c053ea0368dcd1b83e21cc29
1a1bde2f042d4fe913f2a8d330f9ea45cc9921f41c20f6be9da0390ba286cedc
1a8be5118caeda79b772973aca427a54f00983fdc7b3a14ce7bdc7edf60f975b
1c4a81fe737f9dc2e300131170c78240f861b4fd2453fad280494aa856719220
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
21c23ed772215912ad01ed0e5d98e99f681b525c93d4ee7bfedb8dbd2c062729
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
24ee4313325ee48b288771e37268bfeceff0747011a38c34b8756420b02f9f01
26527d8492d0e7dc6b4f96f469198fbbfdda8cbcab6053004d6c70a2e01c37b6
29a7af37131ffd439761478850f234c61ad2853268e5e49419de2ef5934b4de4
2ac1abeb793e330db301dfbe8809ec90f32ebfed2e6c34896e6c26a6318be981
2bbb97d35d144a929d7d61765b4d29316c9cca29ef5578e4887240f4434711a0
2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1
2fe01363f669323289ff236c4c4656ff42abc4e227af87df44f23a0a63205ee6
31363ce08d6a5d830fe68f7abcef889394cbbf97e61cad7e68226558584d6df6
3252ce2a5ff29409a884dfe5fd649b64d2474f3b5eac5cc81b934aa386f38687
351d1b78336bf58f166a8619792ed9e1d358483ab2fd1a2900a0c262a12d4443
364e9fa8e5ebd2723bceb6ad16241c713dbf20df34f4694041995de5b499eca3
36907f27970c8f2e5df0c6c5443a9283a8b49e7cdbef3c878a5a1e5b536b2065
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
379b0b87a8d5f2d6ab3e2d641c6ac0ab7cbaf49ba1b83a8ab610c66879240263
3c19548fb1418854d2e42c1e7271785b813fb4d52a33bed0202291415d91d9b1
3c60d2056c4b51601d6d6a1ddc4afe9fd561c415c0bf1e5e730a9a0fac78fb9d
3c8d39326700314c4ed6e2eddd8ee115bb112d1616e5928329bd44251ed92baf
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
424d6d82635065fbe41bceb5e786fa6c1c569e975c15647a58f80376399a07a5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4ace5c6fb0e4a05282c76103aced95a1673d9b57d6e7f736c51134c00b0c0b10
4ccb64cb52eff9e8c10713a938a73ec2461b8b1e71acef86c52cd7242c3b0090
4d2e00affd59a7e7f31a350f613c8c886479ce60741712081a4fef93974849cc
4e2715bb6805fe0600e01c69a6840ec978f91eec9276381dfafd1cf84b605188
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7
55b5da8c291fbf2194b2cf892c31e4d13a278a1c652f27b3222c0382cd41dd44
5b4a0c5cc220db63da25bd2ec9c5813ff9d3d01e13512b60aae63a43727c0773
5d44d3b24d8b2e108b687663364c97645d9975ff390dfbfe0d7ed1f22270a2c0
5daf8cde692285b66fcc6aa80f3eab58bf7732bbd3d59c6614031fdeea3b0089
607996084c9ed5a392c8698d7ce471543b1f3998b76a24008b92f9f235d040f9
616df8472fe04237b6523fef0027368713c30655742fb2454e14383b0f3ad204
61d80a1c3ff7b6f8e6132ffea0bd57d91e6dba5f8da58141602d76556a70e5d5
6227f18e898e5b7c708fc1eb1763bd1b2186bdecd6f8b81f4bc1bf84f4d7d4e6
647103c43e880ecf7d07f82a23bf89e3ee92f3ecf779304330f6468661bff9a7
6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6bb28713542b8341beca24014383cf539e8d29fc4006ae717073cb09af8654c4
6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03
6fcdb15f4d562071dc245282ec4a2bc7de2d32724dddf951840bcf6ed3df2a4d
70969985a45b44e91a7182f7a8ad52e7e3f2756fc45a5d678ce37e07c23e34dd
720219db365c2769d66e4d0a970470534fea9ba1eda692673c6d11891f289420
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
748cf347e26c3b815ad969b5f600a2f243aadd723cc709b9eee878bb2697f48b
74c4f8bce89141598001b3f2a784b82f8c0b6b37690673a6df8fd5ab4d0e608a
7985d5ce5be24a80a61822dd20c9cb939daa6a64a0bd19e17b2461225e687bf6
7a9aa5ececdb05df914b3b0570b632620d5de5241ba6ad392b419930e5d7339e
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
7fbd386a534a28e9d0f78937d580f5a4dbe30977c8ba1add018490c736055513
7fda7e840870d183ad5e5f21d29b59d7b4fd743ba587f61673b44734e685bbe4
8154fa903676375a7a5c26e77d98bf625c900976b7dbd0b23cd1a85ee2b064b8
829c410a6b21a34e4127e1ae45f244189a83493c13712d9e5d98f1d2dc19c3f7
82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd
835f345e31f8ed8bf25ecd6f63cfc3d15f65ad0e95abbcab64ba4031770a5bf0
85a7c4bb0010ed89e7f303f73f8efc51dbb2a00d791763eafdbecfe6e1b8097f
88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
92a235291ecea5639cc3c617876d115db8f6bba7e83065bb091db644cef24b66
95331b9bfdd7d763901dcced5596ec9681e4d3d43421b790da741bd2faff0542
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
9984a7c2ae43af08d423e495e996e34fc484185d32bc7e747a96602ad14c0663
9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71
9ec297918e25a44610bf26094fa560ee645601a5405a68d3fce9dfccdf4a4a30
9fa71e1ae9d4794bc2457dc50d5cf696559e8ead71d61bc229e8daa1993899d2
a0326869074ca9534f7ee8970d46ef036172b85efe39101476c036c83b232607
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a1481a869c209a23e9b7a546ba1389db943c5f0677485eae3d0321613b582d21
a1efbf7e81aeaad7acf27abce0c865dc65d97fadf83d75ffd1f9cd6e0e13a413
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa7f0bfe56920958bb5a29f3de9ed7040df1a55841f5abc7b161b237e5d29564
aa8705571f72656693e770b3e04c7fbf0ac0283985e42300bf88635c90914fa1
ab0b2582f61322a666f811a1dacbec5d56ae2af8d29f312dae6439e262ac0e4b
aca7d1a59ffc28087ff2e504cdeb2bd10fa3b1135cd6964c1c0b7d1690b5cf33
acc16a7acfdc37b4e11c49adba781c8f4192368865c64e4ab37483780952c91e
adf9537ba6d976aaa119c62ef965d54d493546f284ebc2e68b162643509738f4
af0cb5d1db950d9012fea87ca84c3d45515c6720c16668f9f1e0758526683d30
afab56eae30bfdc7b2c4d05121276ccb7d3758fda8f4c0cd133bba81dc73096a
afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9
b09a53620230e3a13b21aae60de7af155f588c0bedd68446f8d5854836e297c0
b74cbe5a75020259c59a539a6b13519270282a4ce0c140b3ecaf123142856797
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
bb852945d8e9ae2dddadccfbce542830d5e86adf940a29239fa2742d6e79e2fb
bba0abd7e4635a4a4510ccc58c1d61ff5c7a00a73767ca0c2f73be71bbdff311
bcc0ac1b386e00fb3f5e5ec0f60682b3023399eff0f7405cb1601042a4d1bf2b
bd6596b0da9faf82fc2f21e62744abdd3be2df9a4f363abd942c952d9c41b093
be8701036d7159343711bae6c11c029a054f89d373ea6325ccd823b9f60f2281
c02cae5b2de27b0f12598ab23cf91b1e0e99dda2821e2d17510497e23093cbe7
c038ca53e8ede27d00975dcc66bb4d0250c2ff45e999b235c147d712b9c26835
c313ba70bdeaf3bd6d49770ca5a6ad0e14e9d12d45b09d3fdcc73321786f5ccc
c3285404c6803ecd87582939552813e2db6e9ceb8a3fa4a38d860ed04fdb9640
c3a05c043f477a5b5e637ee1edf47226e6aca7daedb7f474c8df92cfd8a0ed0e
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2
c6cc3bcc9535b59bf7e2c8cc47f9fc55b35627703e85cb423624ee0bf16ad82c
cbdb54ec82e25c9b4da972a6e9809eee35faec542bb1de8db84bc2aa3878da2c
cceefd476057bb3f36703d027ec405887d25d05311d491b9a203d4c60a2d75fb
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d638a6892627a112015d134adc38859ab5e319013e9460b5e195b0ddff535be6
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
d84407005f8be6253de84d06aba3b98adf802ac9dc7e75169423298a4c772f26
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e07b3e96a19c49c775eb51c33d1f7a9063c8ea1bcb4e2524f9358691f46e191f
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250
e315f971842f6e749df997cb7bfa4cf217259740e86ea5b2ef7ed5a93e54938a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ab11b9756b1d55d9319049c61aeefffdbc7c9b96dfcb1e32ecb574b8750c7f
e79ac7c73051979cc6307359ada486667c4708828e6eef9fb0bdb75435afde0f
e916d6f3c9c316368f99463951a426d09d4ddd223e961652728b519efb11e772
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
ee9ed73d5a19232516cf046bf720d02b6f8ab4a3abaf08069a6879ec2e2e576a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2907924519c6bf045fdfbfc4c70cb19d10d26d96af9c10f1edd7c60e4e05b8d
f2e64e6c0573790dd1b75396cba77a001bc60c030a15da96ca2d129a226277e6
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
f6bae11a90900c1fbbd7ca08765a4b488c26712e10aedcfb95a4508d09eb0090
f95d455b93ebe09067d7827f12d89599f6e113f9dcd3492b75d91f6a0f8b8a9e
f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
fe0474b15e84ea1b35c66376a24e4dc66075254bc58fcc1d8f93bae21453ee8f
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
ff6f892242e9fbff365ab31f947515610c8eef8f1798e5eaad6d1c05b4017000

www.zdnet.com Open in urlscan Pro 2a04:4e42:4c::666 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

274 Requests

100 %HTTPS

41 %IPv6

39 Domains

55 Subdomains

50 IPs

5 Countries

4610 kBTransfer

14345 kBSize

42 Cookies

18 Outgoing links

Redirected requests

274 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Screenshot
Live screenshot

Full Image

274
Requests

100 %
HTTPS

41 %
IPv6

39
Domains

55
Subdomains

50
IPs

5
Countries

4610 kB
Transfer

14345 kB
Size

42
Cookies

274 HTTP transactions
9 data transactions