www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/#ftag=...
Effective URL:
https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Submission: On April 04 via api (April 4th 2022, 4:16:51 pm UTC) from US — Scanned from DE

Summary HTTP 228 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 35 IPs in 5 countries across 25 domains to perform 228 HTTP transactions. The main IP is 2a04:4e42:4c::666, located in United States and belongs to FASTLY, US. The main domain is www.zdnet.com. The Cisco Umbrella rank of the primary domain is 48555.
TLS certificate: Issued by R3 on February 23rd 2022. Valid for: 3 months.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2a04:4e42:4c:... 2a04:4e42:4c::666	54113 (FASTLY) (FASTLY)
5	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:fb:... 2a02:26f0:fb:187::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.4.215.152 52.4.215.152	14618 (AMAZON-AES) (AMAZON-AES)
2	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.66.116 65.9.66.116	16509 (AMAZON-02) (AMAZON-02)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
3	151.101.194.154 151.101.194.154	54113 (FASTLY) (FASTLY)
1	34.120.203.121 34.120.203.121	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.193.194 151.101.193.194	54113 (FASTLY) (FASTLY)
6 24	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
19	2.20.157.238 2.20.157.238	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:170... 2a02:26f0:1700:59a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	18.135.183.184 18.135.183.184	16509 (AMAZON-02) (AMAZON-02)
2	18.170.11.184 18.170.11.184	16509 (AMAZON-02) (AMAZON-02)
2 5	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
4	3.124.27.150 3.124.27.150	16509 (AMAZON-02) (AMAZON-02)
16	23.35.229.151 23.35.229.151	16625 (AKAMAI-AS) (AKAMAI-AS)
6 10	2.20.157.55 2.20.157.55	16625 (AKAMAI-AS) (AKAMAI-AS)
6 8	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
28	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e033	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
228	35

31 2a04:4e42:4c::666 (United States)

ASN54113 (FASTLY, US)

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

static.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:fb:187::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.4.215.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-215-152.compute-1.amazonaws.com

a.myfidevs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-116.fra56.r.cloudfront.net

cdn.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.154 (United States)

ASN54113 (FASTLY, US)

at.adtech.redventures.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.203.121 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 121.203.120.34.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 142.250.181.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2.20.157.238 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-157-238.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:59a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

684dd325.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.135.183.184 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-135-183-184.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.170.11.184 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-11-184.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.124.27.150 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-27-150.eu-central-1.compute.amazonaws.com

protected-by.clarium.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 23.35.229.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-151.deploy.static.akamaitechnologies.com

redventuresgamheader644747280705.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.20.157.55 (Milan, Italy) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-157-55.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.221.13 (Amsterdam, Netherlands) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:f7::5c7b:e033 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125	295 KB
32	zdnet.com www.zdnet.com — Cisco Umbrella Rank: 48555 urs.zdnet.com — Cisco Umbrella Rank: 201982	431 KB
28	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	136 KB
28	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 ad.doubleclick.net — Cisco Umbrella Rank: 190 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	262 KB
22	moatads.com z.moatads.com — Cisco Umbrella Rank: 374 mb.moatads.com — Cisco Umbrella Rank: 581 geo.moatads.com — Cisco Umbrella Rank: 563 px.moatads.com — Cisco Umbrella Rank: 395	89 KB
16	moatpixel.com redventuresgamheader644747280705.s.moatpixel.com — Cisco Umbrella Rank: 49132	4 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568	9 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 344	223 KB
8	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 245	8 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	189 KB
7	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 76 www.google.com — Cisco Umbrella Rank: 7	2 KB
5	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 487	117 KB
4	clarium.io protected-by.clarium.io — Cisco Umbrella Rank: 1909	1 KB
4	myfinance.com static.myfinance.com — Cisco Umbrella Rank: 13610 www.myfinance.com — Cisco Umbrella Rank: 13019	54 KB
3	redventures.io at.adtech.redventures.io — Cisco Umbrella Rank: 27270	149 KB
3	go-mpulse.net c.go-mpulse.net — Cisco Umbrella Rank: 552	52 KB
2	createjs.com code.createjs.com — Cisco Umbrella Rank: 1360	125 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8069	914 B
2	fastly.net confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 1571	95 KB
2	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 367	1 KB
2	myfidevs.io a.myfidevs.io — Cisco Umbrella Rank: 14657	166 B
1	akstat.io 684dd325.akstat.io — Cisco Umbrella Rank: 63486	354 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 396	18 KB
1	cohesionapps.com cdn.cohesionapps.com — Cisco Umbrella Rank: 11503	23 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 788	457 B
228	25

	Domain	Requested by
31	www.zdnet.com	www.zdnet.com
28	s0.2mdn.net	ad.doubleclick.net s0.2mdn.net code.createjs.com
21	tpc.googlesyndication.com	www.zdnet.com f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com ad.doubleclick.net tpc.googlesyndication.com
19	pagead2.googlesyndication.com	www.zdnet.com tpc.googlesyndication.com f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com ad.doubleclick.net
18	px.moatads.com
16	redventuresgamheader644747280705.s.moatpixel.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
10	cdn.ampproject.org	confiant-integrations.global.ssl.fastly.net
8	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
8	www.googletagservices.com	f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com www.zdnet.com s0.2mdn.net
8	securepubads.g.doubleclick.net	www.zdnet.com
6	googleads.g.doubleclick.net	f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com www.zdnet.com
5	www.google.com	2 redirects www.zdnet.com f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
5	cdn.cookielaw.org	www.zdnet.com
4	googleads4.g.doubleclick.net	ad.doubleclick.net
4	protected-by.clarium.io	f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
3	f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com	www.zdnet.com
3	at.adtech.redventures.io	www.zdnet.com
3	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net
2	code.createjs.com	s0.2mdn.net
2	ad.doubleclick.net	www.zdnet.com
2	geo.moatads.com	z.moatads.com
2	adservice.google.com	www.zdnet.com
2	adservice.google.de	www.zdnet.com
2	confiant-integrations.global.ssl.fastly.net	www.zdnet.com
2	bam-cell.nr-data.net	www.zdnet.com
2	www.myfinance.com	www.zdnet.com
2	a.myfidevs.io	www.zdnet.com
2	static.myfinance.com	www.zdnet.com
1	mb.moatads.com	z.moatads.com
1	684dd325.akstat.io	www.zdnet.com c.go-mpulse.net
1	z.moatads.com	www.zdnet.com
1	urs.zdnet.com	www.zdnet.com
1	js-agent.newrelic.com	www.zdnet.com
1	cdn.cohesionapps.com	www.zdnet.com
1	geolocation.onetrust.com	www.zdnet.com
228	37

This site contains links to these domains. Also see Links.

Domain
academy.zdnet.com
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
news.sophos.com
www.trendmicro.com
redventures.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
narratives.zdnet.com
privacyportal.onetrust.com
support.zdnet.com

Subject Issuer	Validity	Valid
*.zdnet.com R3	`2022-02-23` - `2022-05-24`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.myfidevs.io Amazon	`2021-12-07` - `2023-01-04`	a year	crt.sh
cdn.cohesionapps.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
at.adtech.redventures.io R3	`2022-04-03` - `2022-07-02`	3 months	crt.sh
rv-urs.zdnet.com GTS CA 1D4	`2022-03-11` - `2022-06-09`	3 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
protected-by.clarium.io Gandi Standard SSL CA 2	`2020-04-03` - `2022-04-26`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh

This page contains 19 frames:

Primary Page: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Frame ID: D58AA8CA9850D9D1919C998BAA0710AA
Requests: 110 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: BC8334D935B5F1AC950C4C0325B7A3B7
Requests: 2 HTTP requests in this frame

Frame: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 466C48F8836B049F0B8724438D6C28CD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: ACE3761FF17A7BE05247D89443C3C74D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 58CF3C52A72CF834E4F9012F31F29B89
Requests: 2 HTTP requests in this frame

Frame: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 28680794385BAFA2691571ABB9E7E680
Requests: 12 HTTP requests in this frame

Frame: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3069C08F0AB0D74D43C64859E10FAB0F
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: FAF9B0C9D5288103BFE62617124C0CE9
Requests: 12 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: 5228D527EC90087539D32C74526ADFD7
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXStzmmfRWAylL9jEmLiy8cZ1_93P0TWxmv3jGl-lPAjwBxAPz7C_Id0Kjzx_dcTpGZ_42m7ERGjJAFUjQORmkiIzS2wSO8WAs0-wYfyN6laVsy6CewE13PvgaxUn900obvalgLqqkfOFQVHJRm8_KjB78xzQ
Frame ID: 7632F542F5CD116FEA1D4509812005F9
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXzcOZHUiKZnqLCt4jDDO7MPZT--8zPb-TYEdtr7coaCAvL2Ez3Rg0QufGPM-A157E-rd9sMyDAlnCVyFWFLkK70hdxWMPo0Gkn4TDrSVN1ivFpFQJEw52GumBDiugsn7MMTb9xksG-tI7XKvOzM-cOwPEl5w
Frame ID: 15270FE57C500C8D4959815D603A69F4
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 66C74CE403F86FBDD8DECE11B8071F93
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C71B7F0AFE77B7EF79696F83AEFECB17
Requests: 3 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s
Frame ID: 43341271BCEFA5C2042596E050732B48
Requests: 7 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=3013400686;ord=adsy5o;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9yFn7RlLYp7_E_bM7_UP9em76AuN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QqC5EJPL0sJQp-upLbj0okmKn2k-FdrF7djskV6VPMFV7kUKjL44lSz1OnnFbHdXZJWznsoWjKSibfXMNBGgFxMijLVh5myrp5xXsmBwhMreyeQupfdeVrMg8Zlcp81vgyk6IlYHMtJAaPxchurVxwrlNUYxgWbXFqMj3h8TLMUHp-ozj7QgO6vezAvaYwoSfXy8wgHqVanrwPa-Q4bZf_wTm0LEdJ6fnUN9ocOvKbbOrrPyKFyyuTTVU4Wz6WNWawNUAkZEOhykZwxk1Bijk1l4Ax6fsB-q7PbY243irgRA2CebcW5TuNmMY8zrABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoTYifdg0t8du-q8-9PlTKRtGIKTd3VLWMn5puzeG40StJ7hErTw%26sig%3DAOD64_1sDfE4V9szf6zdBdiACodHptNPnw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-DSuwxNWwfrRlfUxqy3S8cpvp_8FcnxlnrpuY6-VGx0Nn0PiBsNlkJCc1-6psOTOQNxCqtZ2u_ZE6bSSjJxWr81jf9jgK6a8wAzYS7SSs3eKCVsrgdX9n3ESIOU1-comqmkItevZA9K4HWyU5oEdl6PNRtqTA%26cry%3D1%26dbm_d%3DAKAmf-DWZpa4CP6UAtYB1t7gH1jaO4VkNyFmTY60j0n7RC4rkUL2YwB8faCH_1D9Z5CyvgjLGAeShnnbIbqC0m5alJOpDUNf9o5m9CS04AnEiL_QWQ_RMh9VdrcWFccPxI9kN5DB6KToUaVjlGsPEbhBrhALEMd7cLYHkKUXbzyfXz2SZt1SB2H6SNvT6Ne8p4PzoPE7DKJnGx0g3Q0oKBKmmrgUiOCGokADTR6r46eChEPwqklOFHbBL8SuwNiClcdpBeBLT_sXeT0jwyYaEQi7szK-pKqx6OGH-ObyegsgWaEwHchPMWm9Tn2B6vcBEyraXc0RzQkAC-n__Rj7TzjEtBmYLvvZ5H3iImvEPKSpdICNRbX2Wn5fjeXYitvX-GRwH5I4c4CFbjNAq2oxUM3p1fUV5rfH6V465h2BcyagxxtYMd1_qmaAzgNEolXwy2ms09npceMNUexQBrUGGDwdM6-9vEmP12iFJBwhMF1ZzsuA5shjvFEjL9iYYSeTzrN57Awl2a8760pz4OwrMuG6Px27YEelNDENzo7L5Csj1m8nWqpoeG6lSEi3bOJPp5DSDSX14quMi4IvAnZ6fze3Ai5iYFWQHw%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=50;prcl=s
Frame ID: F150ADCEC60C2AA22642D488CE2EF8EF
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ABE85826838F8AC3DF063C59F8BF86DD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 37D82297D8330BABC5E34CD89C0E54AB
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
Frame ID: ABE8CB823AE15FC3E57664DD137C0E82
Requests: 14 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
Frame ID: 19AC42800F05D35277B69E2DAE1899CB
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners | ZDNet

Detected technologies

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

228
Requests

94 %
HTTPS

50 %
IPv6

25
Domains

37
Subdomains

35
IPs

5
Countries

2272 kB
Transfer

6867 kB
Size

27
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

URL: https://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: https://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: https://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: https://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://news.sophos.com/en-us/2022/03/29/horde-of-miner-bots-and-backdoors-leveraged-log4j-to-attack-vmware-horizon-servers/
Title: said the attacks

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Title: Trend Micro

Search URL Search Domain Scan URL

URL: https://redventures.com/CMG-terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://redventures.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ZDNet/

Search URL Search Domain Scan URL

URL: https://twitter.com/zdnet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/79ba7c84-ebc2-4740-8d11-bf1cc4501e59/ae88e03f-2b16-4276-9980-27124ba4b2c1
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://support.zdnet.com/
Title: Site Assistance

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 126

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 127

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1

Request Chain 150

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksZ7v.tUB5LgYgqlQpHJAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGiK3LQXcMQxLeKdEmjCNLY&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1

Request Chain 152

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Nzg0ODA3NzQwMDI1ODA5Ng%3D%3D

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksZ7v.tUB5LgYgqlQpHJAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGiK3LQXcMQxLeKdEmjCNLY&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1

Request Chain 156

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQwNjI0ODIyNjgxNzgyMzUwNw%3D%3D

228 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/ 310 KB
100 KB 363ms
274ms Document
text/html 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

31d38f53f745c5ebb8e047156df559b659bd7556923e3f26dc73aa7aaecf8bdf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=5400, private
content-encoding: gzip
content-length: 101335
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 16:16:43 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
expires: Mon, 04 Apr 2022 16:33:58 GMT
fastly-original-body-size: 101335
last-modified: Mon, 04 Apr 2022 15:03:58 GMT
link: <https://www.zdnet.com/a/fly/css/core/main-ce7e494d23-rev.css>; rel="preload"; as="style"; nopush
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, User-Agent
via: 1.1 varnish
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: 3bc0d211-4720-476f-832a-6a3cfae84a95
x-xss-protection: 1; mode=block

GET
H2 200 main-ce7e494d23-rev.css
www.zdnet.com/a/fly/css/core/ 309 KB
53 KB 83ms
82ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/core/main-ce7e494d23-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

05260d49620f9b550301608e7dd5be417d8e29c1b21ed62763114b828f4b723b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
content-encoding: gzip
fastly-original-body-size: 54206
strict-transport-security: max-age=31536000
content-length: 54206
x-xss-protection: 1; mode=block
last-modified: Thu, 31 Mar 2022 17:48:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ac774daa1223fb571248c09f9e54b8bb"
vary: Accept-Encoding, Accept
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 17:49:37 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 20 KB
7 KB 52ms
22ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8305d86074fdee76ef38a7e264f3ac0bfab4051d8f13625b4bbd5396120b1fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 04 Apr 2022 16:16:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: dVKVlVU+J+RB4CMcqf9NTw==
age: 2578
vary: Accept-Encoding
content-length: 6678
x-ms-lease-status: unlocked
last-modified: Thu, 31 Mar 2022 19:30:48 GMT
server: cloudflare
etag: 0x8DA134CF5B38867
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a8caa002-201e-016c-2d36-453560000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f6b59a1fd8a0204-ZRH

GET
H2 200 optanon-v1.1.0.js Show response
www.zdnet.com/a/privacy/optanon/ 36 KB
10 KB 63ms
62ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/privacy/optanon/optanon-v1.1.0.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
content-encoding: gzip
fastly-original-body-size: 0
strict-transport-security: max-age=31536000
content-length: 10444
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Mar 2021 19:22:21 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "46e2aa30cbebb708b5fc468d57d56d8b"
vary: Accept-Encoding, Accept
content-language: en
via: 1.1 varnish
cache-control: public, max-age=86400
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 17 Mar 2022 08:35:39 GMT

GET
H2 200 controls-8ac4c3f043-rev.css
www.zdnet.com/a/fly/css/video/htmlPlayerControls/ 25 KB
4 KB 115ms
113ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-8ac4c3f043-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6404fdc35d7baaf4b444d2210d703057792376db07ae34af5f79904149e1b91c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 4312
x-xss-protection: 1; mode=block
last-modified: Thu, 31 Mar 2022 17:48:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "226f215efd5aafd0c3455597fdbdf77e"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 17:49:37 GMT

GET
H2 200 charlie-osborne.jpg
www.zdnet.com/a/img/resize/c8ef739a72ea5f7507a32fca52940befe437ac45/2014/07/22/36b8334d-1175-11e4-9732-00505685119a/ 784 B
1 KB 29ms
29ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/c8ef739a72ea5f7507a32fca52940befe437ac45/2014/07/22/36b8334d-1175-11e4-9732-00505685119a/charlie-osborne.jpg?width=50&height=50&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea86214f14bd7892eb024a876833cabb892c468f4ea5cf4b3bb905dcdc9c9335

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
fastly-original-body-size: 784
fastly-io-info: ifsz=11429 idim=350x250 ifmt=jpeg ofsz=784 odim=50x50 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1588631330699120
fastly-stats: io=1
content-length: 784
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "R5QZXGFnYYhaEp+fU3JgnjXWN8K9BnSDu/GRE7JpKM0"
vary: Accept-Encoding, Accept
strict-transport-security: max-age=31536000
content-language: en
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/webp
expires: Thu, 17 Mar 2022 09:06:41 GMT

GET
H2 200 charlie-osborne.jpg
www.zdnet.com/a/img/resize/ae8b429306581e2c4e0430de956e3cf4ec97dd0d/2014/07/22/36b8334d-1175-11e4-9732-00505685119a/ 1 KB
1 KB 32ms
28ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/ae8b429306581e2c4e0430de956e3cf4ec97dd0d/2014/07/22/36b8334d-1175-11e4-9732-00505685119a/charlie-osborne.jpg?width=70&height=70&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

cafdfa65c0b7e7adfa772487035d1320e7b035a19301553ccf8341cdadf02422

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
fastly-original-body-size: 1130
fastly-io-info: ifsz=11429 idim=350x250 ifmt=jpeg ofsz=1130 odim=70x70 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1588631330699120
fastly-stats: io=1
content-length: 1130
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "JlS9u9NVu3MEl696gT4Xeuag1vws//0rvUQ+l7fryh0"
vary: Accept-Encoding, Accept
strict-transport-security: max-age=31536000
content-language: en
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/webp
expires: Tue, 08 Mar 2022 11:05:47 GMT

GET
H2 200 screenshot-2019-03-15-at-13-45-47.png
www.zdnet.com/a/img/resize/dc28928263e328c40b6c9c8122ba68b6978db3b6/2019/03/15/5414c3dc-a744-4986-bd5f-de9fcc858790/ 5 KB
6 KB 48ms
43ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/dc28928263e328c40b6c9c8122ba68b6978db3b6/2019/03/15/5414c3dc-a744-4986-bd5f-de9fcc858790/screenshot-2019-03-15-at-13-45-47.png?width=220&height=165&fit=bounds&format=pjpg&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

8eb12097dc755143587dd7f807423da51d8c47b894729203b3aa8d52a29cf274

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
fastly-original-body-size: 5426
fastly-io-info: ifsz=2832582 idim=1878x1258 ifmt=png ofsz=5426 odim=220x147 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1588637922878666
fastly-stats: io=1
content-length: 5426
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5Ir5o+QElnnb+pAeaALRt1Qz8t9mXS6+kr/7O3gRLbg"
vary: Accept-Encoding, Accept
strict-transport-security: max-age=31536000
content-language: en
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/webp
expires: Wed, 23 Mar 2022 10:53:15 GMT

GET
H2 200 istock-10613231601.jpg
www.zdnet.com/a/img/resize/6f0845b87c82baeb02c2ff1518fc3c91ab5e45cc/2020/10/29/fb2aba1d-2353-43ce-9bc1-70fd6770482c/ 7 KB
7 KB 70ms
65ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/6f0845b87c82baeb02c2ff1518fc3c91ab5e45cc/2020/10/29/fb2aba1d-2353-43ce-9bc1-70fd6770482c/istock-10613231601.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

33114cd313dd7d97e2a6f30ce34e51f31a6c6ece954e9111f00155ba50f70ae5

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
fastly-original-body-size: 6672
fastly-io-info: ifsz=66105 idim=770x481 ifmt=jpeg ofsz=6672 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1603978889228619
strict-transport-security: max-age=31536000
content-length: 6672
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "lvO8Fzzs4oIirdngW45UxaAurhYHuQnEU8QwGfxwFZc"
vary: Accept-Encoding, Accept
content-type: image/webp
fastly-stats: io=1
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 24 Mar 2022 06:15:34 GMT

GET
H2 200 programming-code.jpg
www.zdnet.com/a/img/resize/b9c93f86d625a542b7aa91ab6a3ec5720647e14d/2021/06/16/7fc4eae3-9175-4175-b11b-d57ff84ee952/ 9 KB
9 KB 42ms
37ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/b9c93f86d625a542b7aa91ab6a3ec5720647e14d/2021/06/16/7fc4eae3-9175-4175-b11b-d57ff84ee952/programming-code.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

1440fe68fb1fd90c8abfbc5845e571f0765b50f647e7165ae0c1de35f20bd436

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=255038 idim=1600x1069 ifmt=jpeg ofsz=8812 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 8812
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "N6O3sSs2nUJwf5MGye1dfbdqfoLu+wj2z7QNp/paJgY"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 21 Mar 2022 08:30:18 GMT

GET
H2 200 gettyimages-1171809453.jpg
www.zdnet.com/a/img/resize/56214a1acfc260ef36239a2943b8920d605bceaa/2022/02/01/47d0fafc-d2dc-47b5-9c69-06538d3fb74f/ 5 KB
6 KB 69ms
65ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/56214a1acfc260ef36239a2943b8920d605bceaa/2022/02/01/47d0fafc-d2dc-47b5-9c69-06538d3fb74f/gettyimages-1171809453.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a3037bf62b0056b6c2bcce1896b631a714583d37a27c3fb08b8024e056dba5a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=8303553 idim=5700x3800 ifmt=jpeg ofsz=5586 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 5586
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "winoSJCGQS2AnW+uyi++5XenPSpsT07zucdFDkJ9fcw"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sat, 26 Mar 2022 23:04:56 GMT

GET
H2 200 oled-tv-action-shot.jpg
www.zdnet.com/a/img/resize/af11d61432490fbeb42b39ffd976277f1a45e29f/2022/03/14/79d214d1-8ac4-4adc-a080-09379fb869ef/ 3 KB
3 KB 73ms
69ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/af11d61432490fbeb42b39ffd976277f1a45e29f/2022/03/14/79d214d1-8ac4-4adc-a080-09379fb869ef/oled-tv-action-shot.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

fca66821bcbe0a2adfb7113fdab4b19aa6e3807a4a870a24b551313aa786e169

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=95940 idim=1020x574 ifmt=jpeg ofsz=2914 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2914
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "NkSYEwQKqN2TDQqMwTA7k+BQWpXA6dkJw6X92haXkOM"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 14 Mar 2022 15:37:48 GMT

GET
H2 200 discover-it-secured-card.png
www.zdnet.com/a/img/resize/e3f41a6f15f9be24ab0ff71b233d785d0f77450f/2021/08/06/dee31f01-544a-4223-b8b3-6fdba082ceb3/ 2 KB
2 KB 116ms
111ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/e3f41a6f15f9be24ab0ff71b233d785d0f77450f/2021/08/06/dee31f01-544a-4223-b8b3-6fdba082ceb3/discover-it-secured-card.png?width=170&height=128&fit=crop&format=pjpg&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6a42aa69e442dd238a0108dd85e9daef119dcb1a844a0efdfd274e9968f9e531

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=203208 idim=631x456 ifmt=png ofsz=2334 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2334
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "aIRxbhobN6Vr14j8Y84FCiuh7l17taxD58CiZR4yXJ0"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Mon, 21 Mar 2022 15:38:36 GMT

GET
H2 200 credt-card-template.jpg
www.zdnet.com/a/img/resize/bb1cb4fa11c871b24620daa156824a64b1e8ae3d/2022/03/22/da4ab05f-4405-48fd-b08c-c5b96cf59797/ 3 KB
3 KB 76ms
72ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/bb1cb4fa11c871b24620daa156824a64b1e8ae3d/2022/03/22/da4ab05f-4405-48fd-b08c-c5b96cf59797/credt-card-template.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6ca34f13147f5269971e6fad7a0167e2384f00af822330588e68262c362a6a04

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=743814 idim=2100x1400 ifmt=jpeg ofsz=3356 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 3356
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "o5epsHGu2wL4octZUUPuMRyRlnjuiq19zyGAqXLpotc"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 22 Mar 2022 18:18:28 GMT

GET
H2 200 credt-card-template.jpg
www.zdnet.com/a/img/resize/adc0865be1c88c139efbd37007ce4f6af7c5dac8/2022/03/23/99c6337c-7439-4870-82a8-f7bd3d00e998/ 2 KB
2 KB 116ms
112ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/adc0865be1c88c139efbd37007ce4f6af7c5dac8/2022/03/23/99c6337c-7439-4870-82a8-f7bd3d00e998/credt-card-template.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

94a3e12f0e3823bc21fd554f2fdec204ccfe7e32a62dd4a74ba681cfc80a0778

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-original-body-size: 2218
fastly-io-info: ifsz=458192 idim=2100x1400 ifmt=jpeg ofsz=2218 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2218
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "PUNV/TE/1Q0nsAPP0r8k39tWMcxcLO0ZGV/MOJevC/A"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 23 Mar 2022 06:03:09 GMT

GET
H2 200 credt-card-template.jpg
www.zdnet.com/a/img/resize/4fbf4774917c82718d10071bf78b32eec94278c5/2022/03/23/7fa5ca19-c0f7-4ff5-b6fd-a2b2a41dac5f/ 3 KB
3 KB 115ms
112ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/4fbf4774917c82718d10071bf78b32eec94278c5/2022/03/23/7fa5ca19-c0f7-4ff5-b6fd-a2b2a41dac5f/credt-card-template.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

cf1401484313f8538af6fdc28493f4cda7a3e57a94db1073f9bea60686628484

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-original-body-size: 3116
fastly-io-info: ifsz=629141 idim=2100x1400 ifmt=jpeg ofsz=3116 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 3116
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "9OzHzjQTt4hQMJ34HPQPdmeAnk2y1hOByKixWT0ODE4"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 23 Mar 2022 06:22:15 GMT

GET
H2 200 credt-card-template.jpg
www.zdnet.com/a/img/resize/1bbc889472d06be6574225375ab1c9e85be58796/2022/03/23/7e344c03-e1e1-429c-b7ed-4c0cb45b71e9/ 2 KB
2 KB 116ms
113ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/1bbc889472d06be6574225375ab1c9e85be58796/2022/03/23/7e344c03-e1e1-429c-b7ed-4c0cb45b71e9/credt-card-template.jpg?width=170&height=128&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

8aa3b5c03149519655bc49ddd45d5b92326e6c7c76bd2672e258383790e5f45b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-original-body-size: 454106
fastly-io-info: ifsz=454106 idim=2100x1400 ifmt=jpeg ofsz=2338 odim=170x128 ofmt=webp
fastly-stats: io=1
content-length: 2338
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "9O3eirpyucSfYREn91MRsPPha3EvXTitPLqcYuMgJE4"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Wed, 23 Mar 2022 14:17:07 GMT

GET
H2 200 require-2.1.2.js Show response
www.zdnet.com/a/fly/js/libs/ 16 KB
6 KB 116ms
113ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/require-2.1.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
content-encoding: gzip
fastly-original-body-size: 6169
strict-transport-security: max-age=31536000
content-length: 6169
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:29 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "376f46040e611acf44ab682d4253550d"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 07:25:16 GMT

GET
H2 200 inlineMedia_core.js Show response
static.myfinance.com/widget/ 146 KB
51 KB 117ms
43ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia_core.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8062685d744e0b56d816edd3d4b5b9b527927710a163273806b1ccc60393cb92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5877
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 102ZQGTWASMMZ8E9
x-amz-id-2: DVHFKGygh6we/y76DQu+/DLAVg//AQkiVQ63iSjwTgAYi3C371raTcr6MgHWcgx7kRKMxR27fkI=
last-modified: Mon, 28 Mar 2022 19:37:53 GMT
server: cloudflare
etag: W/"212beaa44d3fbd4a31e338d7852b84fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CosF5uedQG2AEfKL6Pmf8XyfcdXfpimVyArcPZ1gtvB1ZIfFe1JGANj%2BYP8TjWxYFNtEP%2BIfD1cbSj4Ouea4U6qz7Uut5g4eOqPW5tno8ttjiJlCTwLo4JDHGJarvZcPbuuINWq%2FFm2QxQP3xPhRobguw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6f6b59a32e3173a3-MRS

GET
H2 200 e70f246a-fd9b-4805-9fd4-fcd89020aca5.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/ 3 KB
2 KB 68ms
21ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/e70f246a-fd9b-4805-9fd4-fcd89020aca5.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 04 Apr 2022 16:16:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: xkIaWO5Hr0+rNu9IdoYHdw==
age: 3253
vary: Accept-Encoding
content-length: 1425
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:53 GMT
server: cloudflare
etag: 0x8D94223473B0939
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f8b1f9ea-701e-0112-1715-b6aaaf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f6b59a288eecc62-ZRH
expires: Mon, 04 Apr 2022 20:16:43 GMT

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame BC83 205 KB
50 KB 26ms
10ms Script
application/javascript 2a02:26f0:fb:187::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:fb:187::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 16:16:43 GMT
Content-Encoding: br
Last-Modified: Sun, 12 Dec 2021 17:26:57 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50393

GET service-worker.js
www.zdnet.com/ Frame 0
0

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 182 B
457 B 70ms
40ms XHR
application/json 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f6b59a2ecd6021d-ZRH
access-control-allow-headers: Content-Type

GET
H2 200 inlineMedia.css
static.myfinance.com/widget/ 3 KB
2 KB 85ms
40ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5825
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: AEM3BRK9E0KAY9CV
x-amz-id-2: Bxo0Cqyj9h7zXEohPYPpajizd+Hquh5OIVjGXgRVLidXxBjnZSdzq2fFb9gNBCmIyV9nPgdmeS4=
last-modified: Mon, 12 Jul 2021 14:22:18 GMT
server: cloudflare
etag: W/"528a38ce39fc58a866c1226253bbb189"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lnEZUjc9wAe37U%2FiYWh%2BIc1MJdMtXChCDyXE1Mfp871%2FXtyjJNI%2F9SBWUi5qZfbSFrPe4LH24T2%2BEWoJtm5P5qLxhus1tou6hrkARpWwx2kR322K9HusdCmzmx7yTBIslSeTnAN5uOuW%2Bvcz5cwkDGyRCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6f6b59a32e3573a3-MRS

GET
H2 200 logo.png
www.zdnet.com/a/fly/1648748745-asset/bundles/zdnetcss/images/core/ 4 KB
4 KB 82ms
82ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1648748745-asset/bundles/zdnetcss/images/core/logo.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-ce7e494d23-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-ce7e494d23-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src https://*.zdnet.com:*
via: 1.1 varnish
last-modified: Thu, 31 Mar 2022 15:22:31 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 16:16:43 GMT
vary: Accept-Encoding, Accept
content-type: image/png
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 4105
x-xss-protection: 1; mode=block
expires: Thu, 07 Apr 2022 17:16:29 GMT

GET
H2 200 Regular.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 110ms
110ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20256
x-xss-protection: 1; mode=block
last-modified: Thu, 03 Mar 2022 15:19:47 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2d636d9395b2da27ce67040250333ca4"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Mar 2023 15:27:21 GMT

GET
H2 200 Semibold.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 153ms
153ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:43 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20344
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 16:33:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 06:32:04 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.20.0/ 376 KB
84 KB 33ms
33ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/otBannerSdk.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jOOTzA5W9ewbfwCUPpt/mw==
age: 14486944
vary: Accept-Encoding
content-length: 86053
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:48 GMT
server: cloudflare
etag: 0x8D941124BEC2620
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e931c12c-a01e-015f-1d6c-c46c4d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f6b59a33fa40204-ZRH

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame BC83 2 KB
1 KB 44ms
26ms XHR
application/json 2a02:26f0:fb:187::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5496963&v=1.720.0&if=&sl=0&si=716a6a41-f18f-45e4-b671-356458a11499-r9tp7v&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:fb:187::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4184adff6b2520d96a9ee19c9d79921d565ad5e29cf3264129dc241eb524a31e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 16:16:44 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 801

GET
H2 200 main.default.js Show response
www.zdnet.com/a/fly/aeb209-fly/js/ 222 KB
70 KB 134ms
134ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/aeb209-fly/js/main.default.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

eac775f02f730f434ef8c6e051676a44981e55dfa56bce374e5eb938b13026e2

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
fastly-original-body-size: 71523
strict-transport-security: max-age=31536000
content-length: 71523
x-xss-protection: 1; mode=block
last-modified: Thu, 31 Mar 2022 17:48:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "56c79c9a68bee2bcb84b6010230f83c8"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 17:49:38 GMT

OPTIONS
H2 204 record
a.myfidevs.io/ Frame 0
0 312ms
100ms Preflight 52.4.215.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.4.215.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-215-152.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.zdnet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: POST
access-control-allow-origin: *
date: Mon, 04 Apr 2022 16:16:44 GMT
server: Python/3.7 aiohttp/3.7.4.post0

OPTIONS
H2 200 v1.5
www.myfinance.com/api/au/ Frame 0
0 237ms
150ms Preflight
text/html 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvbG9nNHNoZWxsLWV4cGxvaXRlZC10by1pbmZlY3Qtdm13YXJlLWhvcml6b24tc2VydmVycy13aXRoLWJhY2tkb29ycy1jcnlwdG8tbWluZXJzLw==

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.zdnet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken, x-api-key, Access-Control-Allow-Origin
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://www.zdnet.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6f6b59a43955734a-MRS
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 16:16:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4QkRu3cD20oQ8kkV9DBRr%2B%2BtJew2JMt2q3S9%2Bdwb%2BKtcVmLzz2A4Ht4cTSaLmHuFSQzwzSIkWKKMmVBVX2CE3oGryaBNbtNb4VTgq%2F%2F3PjrZ8%2BMaIlCzucNnzDHKlBCGaus2HYMDFmbf5lvEJa%2BJPg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000
vary: Origin
x-content-type-options: nosniff

POST
H2 204 record Show response
a.myfidevs.io/ 0
166 B 123ms
123ms XHR
text/plain 52.4.215.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.4.215.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-215-152.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
x-api-key: yuH27H1QId6afXAojow6Tafi7Vw9v1spaLD5Yznw
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 04 Apr 2022 16:16:44 GMT
access-control-allow-credentials: true
server: Python/3.7 aiohttp/3.7.4.post0
access-control-allow-headers: *
access-control-allow-methods: POST

POST
H2 200 v1.5 Show response
www.myfinance.com/api/au/ 1 KB
1 KB 190ms
188ms XHR
application/json 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvbG9nNHNoZWxsLWV4cGxvaXRlZC10by1pbmZlY3Qtdm13YXJlLWhvcml6b24tc2VydmVycy13aXRoLWJhY2tkb29ycy1jcnlwdG8tbWluZXJzLw==

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7368a1fbfe8a5a8bc9fb85ac158deed4aa42c5e60887bf2dfd0f4b19d33546e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-type: application/json
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
allow: POST, GET
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUYg1niRgqGKKX8572MTd34k2vw6%2BhCDUP0MG3AQVdorl%2Btsl%2FZZZAqq5EmfOzsjSuyM0JiNnfdkPCAc%2FbU%2FyeQJWqkzHt%2BTdmXgQde3JU6k0lVW0vFLoBjmO%2BjCOg8UpYbVIYU8V0xvn1wYUax5WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language: en-us
access-control-allow-origin: https://www.zdnet.com
vary: Accept, Accept-Language, Origin, Cookie
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
cf-ray: 6f6b59a52b75734a-MRS
expires: Mon, 04 Apr 2022 16:16:44 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/ 93 KB
20 KB 40ms
40ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/en.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AlmWtxV11YCExQkuyz0PJA==
age: 9282
vary: Accept-Encoding
content-length: 20136
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:59 GMT
server: cloudflare
etag: 0x8D942234AE979B3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1407d26d-801e-004c-5320-b61ff9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f6b59a3ba7acc62-ZRH
expires: Mon, 04 Apr 2022 20:16:44 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.20.0/assets/ 13 KB
3 KB 46ms
46ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/assets/otFlat.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /OL7qnwFOarng5AW29V9Pw==
age: 9239
vary: Accept-Encoding
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:42 GMT
server: cloudflare
etag: 0x8D94112485FC2D3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 1b928500-b01e-014b-640d-3caf29000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f6b59a43b56cc62-ZRH

GET
H2 200 cohesion-latest.min.js Show response
cdn.cohesionapps.com/cohesion/ 83 KB
23 KB 53ms
14ms Script
text/javascript 65.9.66.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-116.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0914a80fbdb3cc4da875422945a90499afa580f654f8797ebde5e26f1ddf4ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: W/"74f80720dbf6cdd4deb2e7824eb87ba6"
last-modified: Thu, 31 Mar 2022 12:02:49 GMT
server: AmazonS3
age: 49787
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
date: Mon, 04 Apr 2022 02:26:57 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 6KWUGzugrXkncGqUCgE4wpTR8tkAJBkyKcKChfUaIRUTCD70feKCHQ==

GET
H2 200 nr-spa-1215.min.js Show response
js-agent.newrelic.com/ 47 KB
18 KB 28ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1215.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: zcmP9QP8YWQtiPZETZozJGQXbXQvWuWT
content-encoding: gzip
etag: "7e1862f7a390ed9fc02c299216395547"
x-amz-request-id: E3807YWQHPQZ8YJZ
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 17465
x-amz-id-2: 5tcVSTKzkfPEZbNMMs+Dplhb/d0xmPHl6ly9DhZlkXi7DMq5iwlmuwUDWB4WFuI4jhXJxdstiws=
x-served-by: cache-hhn4051-HHN
last-modified: Mon, 24 Jan 2022 22:13:54 GMT
server: AmazonS3
x-timer: S1649089005.562938,VS0,VE0
date: Mon, 04 Apr 2022 16:16:44 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 6881

GET
H2 200 bidbarrel-zdnet-rv.min.js Show response
at.adtech.redventures.io/lib/dist/prod/ 491 KB
148 KB 38ms
8ms Script
application/javascript 151.101.194.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://at.adtech.redventures.io/lib/dist/prod/bidbarrel-zdnet-rv.min.js?adaptive=true
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f808f80e0a6828022228c0fcd89ff0a7338bc5f6a7ce891327f7e51bc3d46d06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
via: 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 varnish
fastly-original-body-size: 502570
age: 241
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 150641
x-served-by: cache-hhn4025-HHN
last-modified: Tue, 22 Feb 2022 18:12:52 GMT
server: AmazonS3
x-timer: S1649089005.598223,VS0,VE1
etag: "884860ff0a347f6d5ef39ade0d7af3f2"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=900, public, must-revalidate
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: yxWRAgAR9zSm2Bt9TOmpLABIyYg0HE6QM_77kHrXmOmENPa2a3V88g==
x-cache-hits: 1

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 179ms
116ms Script
application/javascript 34.120.203.121
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://urs.zdnet.com/sdk/urs.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.203.121 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

121.203.120.34.bc.googleusercontent.com

Software

Resource Hash

fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
via: 1.1 google
last-modified: Tue, 12 Jan 2021 17:00:48 GMT
etag: "5ffdd5c0-c803"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51203

GET
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/1/ 49 B
720 B 875ms
856ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1215.1253ab8&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=1274&ck=1&ref=https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/&ap=550&be=418&fe=1152&dc=580&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1649089002723,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:18,%22c%22:18,%22s%22:54,%22ce%22:89,%22rq%22:89,%22rp%22:363,%22rpe%22:458,%22dl%22:371,%22di%22:580,%22ds%22:580,%22de%22:580,%22dc%22:1151,%22l%22:1151,%22le%22:1161%7D,%22navigation%22:%7B%7D%7D&fp=569&fcp=639&at=GkEWQAhCSx5HAxIDThwe&jsonp=NREUM.setToken
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 16:16:45 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6f6b59a74d0b9975-FRA

GET
H2 200 mpulse-1.0.2.js Show response
www.zdnet.com/a/fly/js/libs/ 61 KB
12 KB 84ms
84ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/mpulse-1.0.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
fastly-original-body-size: 12449
strict-transport-security: max-age=31536000
content-length: 12449
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:29 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "8425ac5a8d604b1f5ba678171a378089"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 06:45:25 GMT

OPTIONS
H2 200 diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ Frame 0
0 234ms
134ms Preflight
text/html 151.101.194.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: cat,content-type,variant,version
Access-Control-Request-Method: GET
Origin: https://www.zdnet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: *
access-control-allow-origin: https://www.zdnet.com
allow: GET,HEAD
content-length: 8
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 16:16:44 GMT
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
server: Google Frontend
strict-transport-security: max-age=15552000; includeSubDomains
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-cloud-trace-context: aa898bdc0b135d9346888cb1c3bc0162
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-served-by: cache-cdg20739-CDG
x-timer: S1649089005.830928,VS0,VE113
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 172 KB
34 KB 33ms
7ms Script
text/javascript 151.101.193.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f1339f33a6adf6ce36b7a64a8bc05f8fb47cc2e2e33da3bd8f5a6b8a79432f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 16:16:44 GMT
Content-Encoding: gzip
Age: 2527
X-Cache: HIT
Connection: keep-alive
Content-Length: 33775
x-amz-id-2: Ums4svbFh15BWNDSJ4DIFESvKQIM+N9BrVtzfQapCK30QDtrnmlVGU9Pr7ZPXBnihYle/Y0aA+Y=
X-Served-By: cache-hhn4078-HHN
Last-Modified: Mon, 04 Apr 2022 14:55:46 GMT
Server: AmazonS3
X-Timer: S1649089005.721099,VS0,VE0
ETag: "6646a2f22c928fb91aa82551a4ec63f1"
x-amz-request-id: 80DAXTXG0M7XTERS
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 162

GET
H2 200 diff Show response
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ 6 KB
1 KB 20ms
20ms Fetch
application/json 151.101.194.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

3cbf33ba911c338fc5b46fe24daf947af91796814794a171b28016a9a2cac6c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

cat: itQA9K1qg
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
variant: core
version: rv2.26.2

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
age: 490
x-dns-prefetch-control: off
x-cache: HIT
ttl: 900s
content-length: 1286
x-xss-protection: 1; mode=block
x-served-by: cache-cdg20739-CDG
access-control-allow-origin: *
server: Google Frontend
x-timer: S1649089005.966628,VS0,VE1
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 16:16:44 GMT
x-download-options: noopen
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: bfec96c3c37b8c7c1433c9be65dd4ca4
cache-control: max-age=900
etag: W/78d54c9807b019fd8793b00ddff954dc9de871bc
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 46ms
18ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

ed23916544fa1019b8085a83a6fc9e3b1c32cfa0d6ec130f7364e7da5e17ebc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28303
x-xss-protection: 0
server: sffe
etag: "1177 / 705 of 1000 / last-modified: 1649070350"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 16:16:44 GMT

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/ 192 KB
62 KB 23ms
23ms Script
application/javascript 151.101.193.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 217b9e539bd55ad03f86545c4afc436c1d61f04aa131a4679181a3d30bde9480

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 16:16:44 GMT
Content-Encoding: gzip
Age: 332
X-Cache: HIT
Connection: keep-alive
Content-Length: 62535
x-amz-id-2: Yk686UX3tf+sfw6s00j+izfI0JrqyGDELTeuED0o6vdJRolZ5EiShW+T+zVfuBcB3LCtNA9qHNs=
X-Served-By: cache-hhn4078-HHN
Last-Modified: Tue, 29 Mar 2022 15:47:05 GMT
Server: AmazonS3
X-Timer: S1649089005.763269,VS0,VE0
ETag: "52d00808545427ec106d5efaf477f68a"
x-amz-request-id: 9PNTNSCKC5Z77DFH
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1471

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 30ms
30ms XHR
application/json 2a02:26f0:fb:187::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1649089004092&s=fa0a748e523377df5b28dddecc9d5382d23aea0324cb43202e6a88bd09a1897e
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:fb:187::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1ef94f1c5939727c3f6b25a38c5131490f3f700ad762c0b717d824d2835ae7da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 16:16:44 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 880

GET
H2 200 article-8269acd0ae-rev.js Show response
www.zdnet.com/a/fly/js/pages/ 102 KB
26 KB 94ms
93ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/pages/article-8269acd0ae-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

77534605d7f4bf6131511e44b4da078721199a58ed38e00b2d26cb97fc9e4a7f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 26942
x-xss-protection: 1; mode=block
last-modified: Wed, 30 Mar 2022 16:33:46 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "985ded03329a94d09381d90ae96ed003"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Apr 2022 08:13:13 GMT

GET
H3 200 pubads_impl_2022032909.js Show response
securepubads.g.doubleclick.net/gpt/ 367 KB
125 KB 23ms
7ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

11992f506398f0ce551a82f7591c0448de7de4b0a84a1fdef72131fd756710ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:12:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128011
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 19:35:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 04 Apr 2023 16:12:53 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 220 B
154 B 31ms
16ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e5f7cfcae397d7a1faf00acf6eaf4a7c4d4bb3f749d638c1e7899ef6887e9ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129
x-xss-protection: 0
expires: Mon, 04 Apr 2022 16:16:44 GMT

GET
H2 200 / Show response
www.zdnet.com/components/breaking-news/xhr/ 1 KB
851 B 261ms
260ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e161b11100e327b8f968261111c4de24589d28b2d934f83d6185257d3492581f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-1f4729d448136e72----1649089004320
traceparent: 00-10d222e21b15c175e7303ca61a4ba880-1f4729d448136e72-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiMWY0NzI5ZDQ0ODEzNmU3MiIsInRyIjoiMTBkMjIyZTIxYjE1YzE3NWU3MzAzY2E2MWE0YmE4ODAiLCJ0aSI6MTY0OTA4OTAwNDMyMCwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Apr 2022 16:01:06 GMT
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFtcXRQODFJfQzkGQ1NSCQ8NBW8MXRVLGhgCHVUJUQFRH1JKBgRWU1AUHgFIQ1IFVVVUVAYGV1MCWwFTUwtAFF5VXkAAZA==
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 16:16:45 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 5a439ba7-7f76-45c4-842c-21e080952755
content-type: application/json
via: 1.1 varnish
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Mon, 04 Apr 2022 17:31:06 GMT

GET
H2 200 track-cwv-72dfb3ae38-rev.js Show response
www.zdnet.com/a/fly/js/components/ 239 B
359 B 29ms
28ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/track-cwv-72dfb3ae38-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
fastly-original-body-size: 199
strict-transport-security: max-age=31536000
content-length: 199
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:36 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ac817dd58d8629f30d00636f2455c94f"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 08:44:51 GMT

GET
H2 200 author-modal-5b949f9436-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
625 B 30ms
30ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/author-modal-5b949f9436-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7f1639eeb6e3eb3e2de52c35e650ac2fe53ea34ee8e8cac73807facad51e9b7f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
fastly-original-body-size: 435
strict-transport-security: max-age=31536000
content-length: 435
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:37 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "1e26bf004e2db1817428f53ad9e17a20"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 08:42:28 GMT

GET
H2 200 disqus-loader-f09d8d6993-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
826 B 31ms
31ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/disqus-loader-f09d8d6993-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3c591927cc6254cd17a33c78e3293b8456851a88c736b300647f7d263dd31740

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
fastly-original-body-size: 703
strict-transport-security: max-age=31536000
content-length: 703
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:36 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "227b1d4c6cd2616444a480ebbf47d4e9"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 11:00:10 GMT

GET
H2 200 front-door-carousel-dcdcc78ebc-rev.js Show response
www.zdnet.com/a/fly/js/components/ 5 KB
2 KB 34ms
34ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/front-door-carousel-dcdcc78ebc-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
fastly-original-body-size: 1651
strict-transport-security: max-age=31536000
content-length: 1651
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:36 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ed66ddd717d4ada33685d564bcb1c438"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 07:09:47 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
2 KB 253ms
252ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1acf9d24b4065106ea5975f71b9fd26b4ed5078cf14be0a5d53a4057d72fd5c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-c9fba86ea5fbd835----1649089004327
traceparent: 00-06b347fb188f5dd40ea1eac284424e10-c9fba86ea5fbd835-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiYzlmYmE4NmVhNWZiZDgzNSIsInRyIjoiMDZiMzQ3ZmIxODhmNWRkNDBlYTFlYWMyODQ0MjRlMTAiLCJ0aSI6MTY0OTA4OTAwNDMyNywidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IAAdTVE4aABtEVVJXAwMFAVVUWllVDVsGVxFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 16:16:45 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 1c1af334-04ba-4dfd-98b3-387448267707
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:16:45 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/redventuresgamheader644747280705/ 241 KB
83 KB 58ms
17ms Script
application/x-javascript 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 13675f970d6dfb0e12a632a85dc3c63ab511d64165770d11c1c09c5868cd0649

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
last-modified: Fri, 25 Mar 2022 21:18:02 GMT
server: AmazonS3
x-amz-request-id: NB2W8E3CW5CZAWJ7
etag: "33e1acc26c7bf4888dbc924de591e629"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=37539
accept-ranges: bytes
content-length: 84049
x-amz-id-2: d92yoT9/8ygv0d5IcxtxMz72QaYX55gmWb2eZmb5Kt+jtsuO/7iNo02O3vW4YnbsZS4adYH/Guw=

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 46ms
18ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 44ms
17ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 85 KB
13 KB 454ms
454ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=346114218235087&correlator=87661501257826&eid=44752585%2C31062930&output=ldjh&gdfp_req=1&vrg=2022032909&ptt=17&impl=fifs&iu_parts=22309610186%2Caw-zdnet%2Cinnovation%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%7C970x66%7C5x5%2C300x250%7C300x600&ifi=1&adks=2152545444%2C192557409&sfv=1-0-38&ecs=20220404&fsapi=false&prev_scp=pos%3Dnav%26sl%3Dnav-ad-plus-leader%253FT-1000%26iid%3Dunit%253Dnav-ad-plus-leader%257Cvguid%253Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d%257Cpv%253D1%7Cpos%3Dtop%26sl%3Dmpu-plus-top%253FT-1000%26iid%3Dunit%253Dmpu-plus-top%257Cvguid%253Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d%257Cpv%253D1&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cservers%252Cvmware%26mfr%3Dsophos-inc%252Cvmware%252Chorizon-usa%252Cmicrosoft%26tag%3Dtarget%252Csecurity%26pid%3Dmicrosoft-teams%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dlog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D2%26session%3Db%26pv%3D1%26vguid%3Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d&sc=1&cookie_enabled=1&abxe=1&dt=1649089004575&lmt=1649084638&dlt=1649089003094&idt=1138&biw=1600&bih=1200&adxs=436%2C1050&adys=50%2C451&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x100%7C370x280&msz=1600x100%7C370x30&fws=4%2C4&ohw=1600%2C370&ga_vid=166432480.1649089005&ga_sid=1649089005&ga_hid=981348037&ga_fc=false&btvi=0%7C0&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

22a3fe5faaebe2847fa8fab8ec0447c17dafbbe0fbb9a0d4639dfe9114e46c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13673
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 45ms
22ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032909&st=env

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98ab4d5883cb45adae4b31f59acc68219cdacc11390b3d1a022ba733dcf447e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10628
x-xss-protection: 0

GET
H2 200 container.html Show response
f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 466C 6 KB
4 KB 295ms
14ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:45 GMT
expires: Tue, 04 Apr 2023 16:16:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
10 KB 378ms
378ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=346114218235087&correlator=4018032443664346&eid=44752585%2C31062930&output=ldjh&gdfp_req=1&vrg=2022032909&ptt=17&impl=fifs&iu_parts=22309610186%2Caw-zdnet%2Cinnovation%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=3&adks=2703023599&sfv=1-0-38&ecs=20220404&fsapi=false&prev_scp=pos%3Dmiddle%26sl%3Dmpu-middle%253FLL%257CT-1000%26iid%3Dunit%253Dmpu-middle%257Cvguid%253Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d%257Cpv%253D1&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cservers%252Cvmware%26mfr%3Dsophos-inc%252Cvmware%252Chorizon-usa%252Cmicrosoft%26tag%3Dtarget%252Csecurity%26pid%3Dmicrosoft-teams%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dlog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D2%26session%3Db%26pv%3D1%26vguid%3Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d&sc=1&cookie_enabled=1&abxe=1&dt=1649089004616&lmt=1649084638&dlt=1649089003094&idt=1138&biw=1600&bih=1200&adxs=1050&adys=1331&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&frm=20&vis=1&scr_x=0&scr_y=0&psz=370x30&msz=370x30&fws=4&ohw=370&ga_vid=166432480.1649089005&ga_sid=1649089005&ga_hid=981348037&ga_fc=false&btvi=1&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c8f0ad7ede4e1674bed2cbef601bb994e8a876486b82d19a5d0557b5c7c95bb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9799
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 45ms
19ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:16:45 GMT

GET
H/1.1 204
No Content / Show response
684dd325.akstat.io/ 0
354 B 102ms
44ms XHR
image/gif 2a02:26f0:1700:59a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd325.akstat.io/?h.pg=article&when=1649089004625&cdim.Site_View=desktop&t_other=custom4%7C373&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=d2ab38c468b9bd64d9651d8e08fa67c2e72f2760-d209b968-800602a4&h.t=1649089004776&http.initiator=api&rt.start=api&rt.si=2500d9a9-42f1-47ab-8101-c85e03040240&rt.ss=1649089005461&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:1700:59a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:45 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Mon, 04 Apr 2022 16:16:45 GMT

GET
H2 200 core-web-vitals-16efe3ae21-rev.js Show response
www.zdnet.com/a/fly/js/managers/ 545 B
659 B 29ms
29ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/managers/core-web-vitals-16efe3ae21-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
fastly-original-body-size: 366
strict-transport-security: max-age=31536000
content-length: 366
x-xss-protection: 1; mode=block
last-modified: Mon, 28 Mar 2022 14:30:37 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "c1b141c86cbd7b88ef439297606ac436"
vary: Accept-Encoding, Accept
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Apr 2022 11:04:46 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 35ms
19ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 322ms
322ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=346114218235087&correlator=3987523479457205&eid=44752585%2C31062930&output=ldjh&gdfp_req=1&vrg=2022032909&ptt=17&impl=fifs&iu_parts=22309610186%2Caw-zdnet%2Cinnovation%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=4&adks=2231921556&sfv=1-0-38&ecs=20220404&fsapi=false&prev_scp=pos%3Dbottom%26sl%3Dmpu-bottom%253FLL%257CT-1000%26iid%3Dunit%253Dmpu-bottom%257Cvguid%253Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d%257Cpv%253D1&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cservers%252Cvmware%26mfr%3Dsophos-inc%252Cvmware%252Chorizon-usa%252Cmicrosoft%26tag%3Dtarget%252Csecurity%26pid%3Dmicrosoft-teams%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dlog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D2%26session%3Db%26pv%3D1%26vguid%3Df0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d&sc=1&cookie_enabled=1&abxe=1&dt=1649089004677&lmt=1649084638&dlt=1649089003094&idt=1138&biw=1600&bih=1200&adxs=1050&adys=1456&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&frm=20&vis=1&scr_x=0&scr_y=0&psz=370x250&msz=370x30&fws=4&ohw=370&ga_vid=166432480.1649089005&ga_sid=1649089005&ga_hid=981348037&ga_fc=false&btvi=2&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

8f567499349c817fee9aca6118017465aaac7579070dc547f49b5fdab3029efd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8837
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show-hide-1.0-2b8cfc35ab-rev.js Show response
www.zdnet.com/a/fly/js/components/ 2 KB
855 B 31ms
29ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/show-hide-1.0-2b8cfc35ab-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

1a703d617fb31d56238372d5bf78e9861b3a09b7447a0184bd5f1c178461ed12

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 710
x-xss-protection: 1; mode=block
last-modified: Tue, 29 Mar 2022 16:39:05 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "298757c580d5aaac475324c5fc3748ba"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Apr 2022 07:20:55 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 737 B
913 B 131ms
36ms Script
text/html 18.135.183.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&pcode=redventuresgamheader644747280705&rx=912112121187&callback=MoatNadoAllJsonpRequest_12703954
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.183.184 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-183-184.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 6de42ab26b7f121d7e40422b272d0ce1beacbaba5b4a696fbcb8abf7cb6d943d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "28feb314e73a03441674953f86eb2c745463f33a"
content-length: 737
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 98 B
272 B 131ms
43ms Script
text/html 18.170.11.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1649089004686&de=611504923275&rx=912112121187&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=1&cb=0&cu=1649089004686&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A570%3A639%3A1161%3A580&jk=-1&jm=-1&fs=197910&na=482129559&cs=0&ord=1649089004686&jv=2023096152&callback=DOMlessLLDcallback_12703954
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.11.184 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-11-184.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 5d513b3462d2599c573562b14a2e58584af55be144c8964871856f1c262242a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "aa59cc7eeb476daff6ce1698a8140f059c0465e3"
content-length: 98
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 99 B
273 B 130ms
43ms Script
text/html 18.170.11.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1649089004686&de=611504923275&rx=912112121187&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=2&cb=0&cu=1649089004686&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A570%3A639%3A1161%3A580&jk=-1&jm=-1&fs=197910&na=560111754&cs=0&callback=MoatDataJsonpRequest_12703954
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.11.184 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-11-184.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 3339ce3a3d421620f29952a2592aa4a64274990b134370810cd70d91f91ccdef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "a869bfc2bdab54166635856edd1f9423ba7af578"
content-length: 99
content-type: text/html; charset=UTF-8

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame ACE3 13 KB
5 KB 25ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 700
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:05:05 GMT
expires: Tue, 04 Apr 2023 16:05:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 58CF 783 B
1 KB 45ms
19ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

31f646b8b5efa1c2c80bfbd98a4fc763b73fc60b3907f85f2559568a43820766

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xSrWW6AJtFhB2Pf8719TSQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-xSrWW6AJtFhB2Pf8719TSQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:45 GMT
expires: Mon, 04 Apr 2022 16:16:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame ACE3 35 KB
13 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 58CF 0
0 72ms
71ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032909&jk=346114218235087&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

POST
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/events/1/ 24 B
501 B 146ms
146ms XHR
image/gif 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1215.1253ab8&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=2220&ck=1&ref=https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
content-type: text/plain

Response headers

Date: Mon, 04 Apr 2022 16:16:45 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6f6b59ad0a269975-FRA
Content-Length: 24

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame ACE3 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qGTsgg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2868 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:45 GMT
expires: Tue, 04 Apr 2023 16:16:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 24ms
23ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1649089004686&de=643706863060&rx=912112121187&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=3&cb=0&cu=1649089004686&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=bottom&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-bottom%3FLL%7CT-1000&pe=1%3A570%3A639%3A1161%3A580&jk=-1&jm=-1&fs=197910&na=399710424&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:45 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:45 GMT

GET
H3 200 container.html Show response
f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3069 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:45 GMT
expires: Tue, 04 Apr 2023 16:16:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012203150226000/ Frame FAF9 222 KB
61 KB 55ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 601579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62084
x-xss-protection: 0
server: sffe
date: Mon, 28 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fa1474a6dd6481f4"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Mar 2023 17:10:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame FAF9 16 KB
6 KB 73ms
29ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 601579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
server: sffe
date: Mon, 28 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d91e62368f79b48d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Mar 2023 17:10:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame FAF9 96 KB
29 KB 69ms
25ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 601579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
server: sffe
date: Mon, 28 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a9baa9802fa29d2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Mar 2023 17:10:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame FAF9 5 KB
3 KB 51ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 311483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
date: Fri, 01 Apr 2022 01:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3393210d007db9ca"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 01 Apr 2023 01:45:22 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame FAF9 42 KB
13 KB 84ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 89550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13669
x-xss-protection: 0
server: sffe
date: Sun, 03 Apr 2022 15:24:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "565eca32a909292d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 03 Apr 2023 15:24:15 GMT

GET
DATA 200
OK truncated
/ Frame FAF9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09857f8d49032c747c4b223e22fc45f9d643e3f27b0e340c6ebeb473d906ed46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012203150226000/ Frame 5228 222 KB
61 KB 43ms
27ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 601579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62084
x-xss-protection: 0
server: sffe
date: Mon, 28 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fa1474a6dd6481f4"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Mar 2023 17:10:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 5228 16 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 601579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
server: sffe
date: Mon, 28 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d91e62368f79b48d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Mar 2023 17:10:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 5228 96 KB
29 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 601579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
server: sffe
date: Mon, 28 Mar 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a9baa9802fa29d2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Mar 2023 17:10:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 5228 5 KB
2 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 311483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
date: Fri, 01 Apr 2022 01:45:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3393210d007db9ca"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 01 Apr 2023 01:45:22 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 5228 42 KB
13 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202203291145/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 89550
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13669
x-xss-protection: 0
server: sffe
date: Sun, 03 Apr 2022 15:24:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "565eca32a909292d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 03 Apr 2023 15:24:15 GMT

GET
DATA 200
OK truncated
/ Frame 5228 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1c0e363ba1dde7f43855da009fad62e5c3ae65bc8377f30963a67f14d700534

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
345 B 51ms
19ms Image
image/png 3.124.27.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6NzI4eDkw&v=5&s=v31fvqlqhie&sb=-1&h=www.zdnet.com&cb=5679842&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZOekk0ZURrdyIsIndkIjp7Im8iOjI4NzA3ODYwNzUsInciOiI3MjgiLCJoIjoiOTAifSwid3IiOjJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.27.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-27-150.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:45 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 15148869080553043038
tpc.googlesyndication.com/simgad/ Frame FAF9 30 KB
30 KB 12ms
11ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15148869080553043038?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkMqF5bxeBRtRRBCUP3yz0OReqzYg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7038a871c6e37530c59d3beaf6159ff46c7404fb6dab40505cb00e23d308db8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:54:14 GMT
x-content-type-options: nosniff
age: 62551
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30968
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 15:11:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 03 Apr 2023 22:54:14 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FAF9 2 KB
2 KB 14ms
13ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 76617
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 04 Apr 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FAF9 295 B
319 B 10ms
9ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 37991
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 05 Apr 2022 05:43:34 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FAF9 0
0 49ms
49ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cvesr7RlLYpbxEcql9u8PxKe20ASZlIqaaZT0hYCxD5bTy3kQASD3u8eDAWCVgoCAlAegAaC2i8YDyAECqQJBmTouKHSyPuACAKgDAcgDCKoEzAJP0JJwllag3LiTCCX_cU44YsNGDvvIyWEdqOG1WRjRGJM1on_ER3IoKiYQdbz3nZMgblteyb-YkOxb4evaddZCpUbhjDeVh7dsbW8Fj8Ir09D9LXXXZD_2PDcV4X0oMec4sixXK27-TwQSKX9VagIvE1SYVSGXNC9Bw46Eiw7id7YLVw2YW5U5OLv6hEKyjHSAH0QfvdJfdU1YvuFMGkd78711TeAeo3e8BSET3BZbPCyBFOF8ZnEb0rf3Yb6HbI9BWC8jos7Upd-Ewny-6rrI98jjI1MmaMDfHwJgHlhTC5CGhM4XtK9tBldMBNrlT7apc-M38vIPr508W6rBFRvdiEUup_79w8oMaMFaPhq8wdBmlieMfdEWdZCPJTLyiAxqbOU1QqRYqXVmJ2BgF_kULyKlTfjkYQMM8mXb8Rz1n4tYkzXKYS31Dd8yhMAErKri-PsD4AQBkgUECAQYAZIFBAgFGASgBgKAB8jJ9DmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCQtUTSCAkIiOGAEBABGB2ACgPICwHYEw3QFQGAFwGyFx4KHAgAEhRwdWItODgyMDM2MjYwNTcxMTE5NhjJm3o&sigh=B0OPd7E43n8&uach_m=[UACH]
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
345 B 66ms
11ms Image
image/png 3.124.27.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6MzAweDYwMA==&v=5&s=v31fvqlqhjc&sb=-1&h=www.zdnet.com&cb=566916&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZNekF3ZURZd01BPT0iLCJ3ZCI6eyJvIjoyODcwNzg2MDc1LCJ3IjoiMzAwIiwiaCI6IjYwMCJ9LCJ3ciI6Mn0=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.27.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-27-150.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:45 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 10962947431251310290
tpc.googlesyndication.com/simgad/ Frame 5228 45 KB
45 KB 13ms
13ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10962947431251310290?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmYw_TYt3-PjCimgI4L3kqaCVPfxw

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c65b94930bdfa194beee8b0b26e0c138762f18c5815642ca7c1c4e02e86d6973

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 06:34:44 GMT
x-content-type-options: nosniff
age: 553321
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46463
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 15:01:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 29 Mar 2023 06:34:44 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5228 2 KB
2 KB 13ms
12ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 76617
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 04 Apr 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5228 295 B
319 B 12ms
11ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 37991
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 05 Apr 2022 05:43:34 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5228 0
0 52ms
51ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFFFp7RlLYpfxEcql9u8PxKe20ASZlIqaaeT0hYCxD5bTy3kQASD3u8eDAWCVgoCAlAegAaC2i8YDyAECqQJBmTouKHSyPuACAKgDAcgDCKoE0AJP0DvQluBCx7KB8Wzest2J-ol2DASZQqiFkU84gX3HeVbVngLbjI9SPzuKOYKHglZo32UPmbm2BzawvFitBeZiOCux1SaoU9TJaBrC7oRs93vM16-0eo9fBJgzWyGI-CPalxq3mTDY0OlVSPQtCMlHOqQFi_dDPXjuVhc8y4V9zTN3JkXko9BB0XZAH7p3pnu37FW9w1m1Byznsy7MX2xJUbu6GIMS12mTlQXi3UOrVL6sAt7pQlDT7xL5GIuqLzG6Y0PSBumrR20G2LlTfLd9gr9SMmjl3FfDtabn6rekMOLoDsM7D1SsunZWOxw1PCObSfzZ6mLWb3DGDfBpC18GZRzYqWOKgd0nAiEzCvuNRS0R45b4JQ15aKuDh_jgULqPl2CTgjOF5JHPTqnBlp1GLrThnjo-Bzqh6xkF7gIg67tA3asVQOxvkFOZe9b_FA_ABKyq4vj7A-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfIyfQ5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwUQptSaAdIICQiI4YAQEAEYHYAKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi04ODIwMzYyNjA1NzExMTk2GMmbeg&sigh=_icbe_G2nyQ&uach_m=[UACH]
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 16ms
16ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1649089004686&de=534518329408&rx=912112121187&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=4&cb=0&cu=1649089004686&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&pe=1%3A570%3A639%3A1161%3A580&jk=-1&jm=-1&fs=197910&na=1932856420&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:45 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:45 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7632 624 B
340 B 40ms
20ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXStzmmfRWAylL9jEmLiy8cZ1_93P0TWxmv3jGl-lPAjwBxAPz7C_Id0Kjzx_dcTpGZ_42m7ERGjJAFUjQORmkiIzS2wSO8WAs0-wYfyN6laVsy6CewE13PvgaxUn900obvalgLqqkfOFQVHJRm8_KjB78xzQ

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2868 14 KB
11 KB 472ms
43ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4-wsJxYLbzbHNoerJ_Mlwv6raS1J89QgnXUytSbbpjdo96fFDj7nbMTrwsPJQ8_4OSA_UfTC48vqTwrtNyPPCUZfA88j03dOEfAg77mGtdW-AGIHOJfj2Df9ARlYrmYSWthT6kaISIpYbQmxUyu0jpLXzIQ&cry=1&dbm_d=AKAmf-BvfuvYuBIjIKQnPG9lVYessC1MI9L9kkyqIjDV-MSm3yANmvg00VaWUh1b4MJTBHjRlo0mWFctV4yQAudiCrwUla2fBcZqbUywLBG6fG1hcvEHFuOupQnsdYWfGkarZPq52aItKzw1D10o8mrvEZhCyS1KUmnBNtdAoQN9--0BRGrjjI292RIJMJRiV1aYLSDStZx5RhNpofCxFkYsoGGMs9Jt9l7KGo1CDo3WOCyp4m9eWyEFsk44vHnCcGHggsW0WRqoUY5rQ21H3-t6XTPww0dHqlUlHKBpcJ7QUPUMidqWpHFhHjzT_y5xOIVoHcTiUiJxPgvfxO_CNt5_iM0MzEymPO6l7Cs91gRJN-ys6NDg_B0PIdPbuTVVNEeCSF10Wp9OmkMvuOtVgkBs0fWitUlRls3hAJl1KFtWdL5Fck6Kf7mbohRLCSTdfntTp9KmbttInPRayqzsWsrh9iqfYE7ysHsWdP-jv4LEeOYALgFiPOca0XohE5e-zRYXljEMAUwd0Z_Y8ITitok8vxm6QHWUwG0Vxax8bwO4Z82mRRtGM9g2GoBduAqSgC43Q6X6q3pYIwFpCeL7OQo0oqXhtQUVmnE05IearkZXCE1YFR_rdeqE-qmc-GHmsYLtk-fLt8s9Lm2ICOjBcRKsKoXRovWX38SLYGqiX2aVXSuPV9mYWkauBSrTY6lxeaLTp1hq-iG-LY3WYAfmgUXMrvSvV4MyP65vEe9MVa1ixxuG84VlWmEfCMignsEp3WfR6BvCjIoRgTwpfxNlC9LWKB34hKqqXWicIZfxwcW0bbgJ2vYQEi32kVMOZzkidnNPR7tuyrn_X4ajVX9KKlylkJ-gacLUs7jHKmOesHAcu6s9OIc0gINnl_b8imLs-tuCmM8kAXDTUUPJbXL24cguz3hiQyHGU3fvuA0pGDXo10u1FhdnCFF7A_cKaN1AgixRpiSpu3uZ4K1h0xUKyu3QDoZr_fzmJVpwVnYiWWuIEEHhKd-ISed2d6REk3qDiKLzJNWUOgc0pdT81vTOX1DZSEoSQvxSLMn7zx2HYNrgemuvEZCb3Ae3sznSW-8PdNp-dDBu25TOqdDhcoSvVAY0BjG1LjPummDtPXxprcd_IGiy7V_vyKmEIXoxXoqi-1XY4jUDHIOa_4xByPrEm4EPa7Jm3RkKEdRatntAKEMtdlIuUx8f9KMHMNbU9crRNoSgrxpkCnd4CtkvJQRQcqzEfrPB9KRlYSz9P3kvyXtSVmIlCKz-D3FBvTgQCEs_qj4iioYW0iWP1jV4HRA6WuS17gBdLjk19SO4EZd1m6DIcZ7C7BbNSUFFc7DG-1vWw00sXiZCAsp4TVSeA8NEzhzMiamgv05kgnL92J9KyfsEjdMoi2JHkpzPIEO4cqN-SUBw5gE6qNeCtvZtx_HTpMRan-9EoYRj3dqNjWyyYQvu-fEioyxNSt7PmVATmvEVhe6NlOqKlmSbD-T6PIyjghtPleVlquXJClG9gSlt0LJEXHFcLXJjC87B6c_LPwgXQC7kVjJy9BwLrr-bQ6YgYm71L2eZOgh7dGgQAioH0bxPQXIPrvDVxXX9CFJpf-TQB_qW_yVc5o36afWEEDr6JxilvE2eN3dlY3nkiKGIgt_K99iIVwG1ja8Sf4dGdnZ1HZwehcy7QrLfN2Y-7INWMhqOipovfdxzpceJxhH3FruDuo7pRz-UL9wzPYS97x5_UOjWu0gCrjUFIoIviLTeOgvCYVmumUBnK_wkMZvfyqHL-DICb81rYGNVrOMidBYmytG_4QVI2qKwcX_wo0CNDtyyf8haRPOT8cMSg6vzU2l7iAsp-64ZtDmPYs1eWXM7mA7T5NyTyAIz1JfvYoHCJFw5zxtsX3hkyuII7Nf4mxSdaM9GnwHZSKCCLaVUFl9i6QEa3BnWP4XYxu2POk-RitrMGdYhl_-ipely5_Wtv0SoTbFFnT3Y0HAap9EW4LVPfHHq0KOBx2rrD5laTjHpIC9I0rG_7-_rYfF51tzYkKLx6fJdZZEnBCjLKsdMsCABAYIkL9c9EbXDPbVMfiGmfxK8njYfbwnno_Uw3pi7iehFweJXN6x1vvNf9zHgYJmZsc2kv22Mdhu0Wc-XEwMtOMYWie4lkr1BLycQdLXgyoK6khSwwIcCmgt10xzqk8gK34LvOp_4cQtXaTsZyd4IgjJweWPuqB91k1vNJRGoMrAkigTlxVdtIiWAQ7SEwElHKTjybIG1-R7Gtps6hsM_v0HZnQ78XmPA9ysyqivpmwJdHR1jKdUndvo-DRxjuclnHy6UfpKLXRfu0hK3A_RXlTDePo_KYShrBAEdmzB2KTZ4Z66GWsZdgBuK3YJmybXas6OAqqb47kH3hcPijZdgkUZrnZxSvrmV-DAyyz7PhJrYpFq7te0HOzAE0N0bbYi5_If0CUynRP9zohV0C-wsT3ix1K_sTMwuG1kVfeiaePiJ54qZ20PpwNreSMED_IU3jCMGhqgLPprEF8AxCAmWIDu3gj8GalmAzxKKIEiNUWtd61oGIqjC-Dt-2O-D2DH4wX5spnnlfiN2WsV6zQ4WIosyYHFKJvpPzZX8JTEYJnWj5MnI3SzvYi5i3KEK42U1gvxhrsDgs9qSqi7Hkaf_oV5cN9QS-g-JZRECi5k60ecmYcrlicyQ4ylz7oNNGqeFPVJDMuRyo2VDgU8t_MnuZ1D0TrTbnr6Wu5cuFZBmhTWCJb94KFcnHSVpx111sgswHDA-8VvYXISdf-C5J-c82TMbH59iJ08fw8JOUt51JPQgDA_0MQynOD5hKxYmSW-tj90hvJeI4YUS7qUmt0VffFT-e3o4Tg0yqY-ItjYVWahxqneL8f7X7UOpod_LkEjfklsK4iJkHulcy50zkcYiuFQzvLTsg7Eb7jCncamK2AJOdDRySXQMkrbALdYgG1n6tdMqM_8_ZJYaILbvfTCb3uJ2oTFjbAU7h_e0KpgAxRC_2kUcaFvPW_y8XdpUVZiZIKFxi88gIMKEy5FZg4zivA6lvYOKt6JG4pIDmP7cFSd836WwVyUG0AlYdb7nyWlndVslIkqi41BMV9WyM13A45xrladm2CwMOvyjyTsAerGBo5fYGbU0WXjPOxe0jKHLludM3JT9CQd713jjRAGIqljik77n1bAe9TvgoIJSSL1YxQgmdVZlHCo&cid=CAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A&rfl=1%2Chttps%253A%252F%252Fwww.zdnet.com%252Farticle%252Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%252F%240

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82f0eb092abda9fac3e946d65566d71e401190860f3941fd17f917a8097aa2ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10919
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2868 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AR-G7zKrGCHmH8JDlWqG4yPLlPorzdJTlx3taVaW0KoKf2vtfxJhFWpM4FDx2E676yNg4gQ0H-rjmw2dOtTuylM1BJJAb6Eu4k4BRUqTUTCQRstT8

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 2868 11 KB
5 KB 13ms
12ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:19:27 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 2868 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:11:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 2868 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:15:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:15:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2868 0
0 316ms
15ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSAItbunx5HEdZqZfZXy2mOfEJlwvMIyqs_On8ViNBxyF3EBMwqZt4bWn3LmNW-Bcw49dsxdjGuy7JCWLqmXG4GYP0XKw
Requested by: Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2868 119 KB
36 KB 25ms
24ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:16:45 GMT

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ Frame 2868 68 B
345 B 11ms
10ms Image
image/png 3.124.27.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6MzAweDI1MA==&v=5&s=v31fvqlqhnr&id=eyJkZnAiOnsiYWQiOjUwMjQ0OTY5MTEsImMiOm51bGwsImwiOjAsIm8iOjI4NzA3ODYwNzUsIkEiOiIvMjIzMDk2MTAxODYvYXctemRuZXQvaW5ub3ZhdGlvbi9zZWN1cml0eSIsInkiOjI4OTA3MiwiY28iOjAsInMiOiJtcHUtYm90dG9tIn19&sb=undefined&cb=5494083&h=www.zdnet.com&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODcwNzg2MDc1LCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by: Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.27.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-27-150.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:45 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1527 624 B
733 B 38ms
19ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXzcOZHUiKZnqLCt4jDDO7MPZT--8zPb-TYEdtr7coaCAvL2Ez3Rg0QufGPM-A157E-rd9sMyDAlnCVyFWFLkK70hdxWMPo0Gkn4TDrSVN1ivFpFQJEw52GumBDiugsn7MMTb9xksG-tI7XKvOzM-cOwPEl5w

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3069 14 KB
11 KB 440ms
50ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Do1_bGEAvpzZC4OvB26YO4B-k4ZE5ltancILPq6LW8VzqIPjURQBRAxkZMY5PXsbJ4Hz_nFwqUtF1M3T_UqiyMcjvqXE0mrHruCH1SL_D9pe3esyPld-eCz5_YDXQCVxPu7vIi-RK_oYtLb4iszBXEryYZAg&cry=1&dbm_d=AKAmf-BaXGayNoXZ-3fl6Mm9vHabt2U98CRqI2022LUh2HdacoRaDto-9adxmthGwQ9mCcbtIS2pZn3S8fQQivcGfNjYDtN-2T_L1ea9735-NuST2zB8YBRIBiHUS1f3GgyV2ksJKdZ5LAg8QsanisnzXvq_zcrrUvDtHhRhlPU0aZ_NcpZ-Dkmxp76dy4dMwhiMgraMdfqq0db_oCL-i5OqaRCSVYOZIG4sYIs4vrU-1liIHuR90brG2BVJQjXS8h3fhV0UV6uoiA6YbDEZSSF_Mm97d1GMwZ_ybMp1abeziAwww6_sIyi8KHUN9OjQLikilwArpwUZ1ea4i2e6vE3Ei7-Yv8xEAG_IBScwOCj-ixmdtCmSbflx06sQH8n4-pdfKCc2za7PIqKgcrUc0Zws6cIRHDqtqk2fy5uQDHmktVCX66LqLA6B59NTHoni4f803AarZbrro7Al9mk9SeLoq0A4vncspqjjiC4J8Ls6PVHoxGmkNZ4-IRhOJf_r4nRNm_2QHugCcir6ACsSP9G1oWU_j1qFei-KUk0rB_dLiNrzXFz3fAe9MrSqr3h3rEAggMUnUNjK22TVctJzOOGLCANwpICSgSa-deyBmpcG7L4PB1yPNitk1dqm3hi-hjC4Z-Q4AZWSHR0LWDavUxAfDZnJ7LguTxXwfn8hOgOYOjIHW6g1JE5bHx4RPJXPfLtOKNMlUabVokA0LMyUC0u-lGlmlTBgBuXQKYaH2bLgZtm_52mVf52QR_Gw6DX_HFrCtNfKYeFh4WZYIeAu9fZgBsLiXHZRxMCJmEw0W2noX1nRmcV8HXSNzDmAgn02VgJ8v_MDR-8mMW2oS16lCw26B4A6wpQOJTDPpezX2EI7ie7ZkgKmO54467eZs9cgEcFzIoLKypqwk48I4qk0E3gz9C3gPBTJ15C8IK0EsFHH3MgJuyfnbPsVa3h-huplqlJcLSdBsvyrfMf7HfCCePVPQhRUYHqEqGVdhE3KaSv945jh4xQci60Ciix7PESQ78zn0bBoMEEfHM51YlssfXpfvx9qr0zdf_OhUPJalL7AX4j5N8kNWOfLj5fnEV_MNsdCBLcNHfJ-XNYarp88l8Kyk0flkgqfqzaws1MV1FgDMymqjcTaXiAXbA2PPuM9aWMjglbs7bhMRCPhGwdI_XEx5G3QUkU7oQEt-Xy_W9Bk-IR7gHfEl3I7yG5lAIp2MWjQBjrIOAxYdkZRKq80ym2do7aOUmU58FrjTg-KzGs6wUVZ7tBJoIwg0Eh-F5S4Q_ZIkEIozoBJVAZiY9L-T2-ROmKlh9SoETI3YptKzJLdUYWsl4ps-N78wgtHg02V1EoiBDKCVD3OdI0xRrvrNy8CbKE6kAk0fUbxyRTsyZNvI8Ew8vDxXFmzXaifK2zzFE4fw9F4pDfJTWoUqhIKPrpg004WwvD1pnla5ns-Am3WdBEfWXBuJ2IhlSQZ5EdwG9g4TlaAepd_AYxlnWq7i7uNaPIYPijmKyNNoRntxHvsycVFiQ7e_rSYWuuwMIw4PgS8EAuhh9wEcV98IAdUw6I51D_asbhe4LUAD25YKKjzjo_1Nw6udcoKd86fpBEfjKXYZV5ANt3nGidkWvzSE3oZeWyBzx387ufv8KemTiasRT4mmnm5QbXSbevGmUs6AeHnYjzz3Wk2KgioVGBTPPrIH8Mc_zfWnycDneT7ddVJWc7EVLmk-Sz9MDv7JQxKbD-xPB3OmahLBTv-QMyRYfud9OyLVCGcUseiSZO7xjGRznKQxV2RNZNup4iz8zdN8IQ51O3fyPq2RjFKBeYOadv0rhUY80MzD8KVr2gLGWfdVMMLWX6sqefhMCjG3pND6UOrk8tWqnk1uMbi9x2hCArB4w1pzUUb5LYsMBYg4qqfHULxPj6mgPCE8NXGjXjEqZY4XX2neVFvUN-AAoaOjtgtLIEsi7kIUK-LcyjnK0exe4iCEKlAOAzTd8h0dxVOOLUAGA-DMUNDT5DMIEqq3_5KHgkCFvpcsHIIRuGU7VhQz3sraaQk26wMmnS9MdMjfZyKRdSQVXMFiZhzFYg2p6UoC5WsI6a6Nk9PrlakXf9whuRotJmivUXMLOxVqbfbH4V16iApe2dmUefseieGiajwS6jotTqVuE4IQJeazt0TBSHbu90OyBuPh5elFqNkV_i64bU2ccAYR0cIGY9dUxKhr6DiJyNe7iAVjKL55IPV-7ZZNJig1DnoXYj0nMK2KAmbB2JwzBLDlNwJoDKQXzQu0GY1HSft6T-C8aF1IWZ4izT9cZvtuSbVKpwhMuD52YiyrfjlTHkMlwAEwYWvK6hur6GoWWt82SbwFCCBeRZIa1sKA1WZFPEdazEUbOo3V4QUIxq8ai0gzDkQkLYcwOq8BWh2nZaoX3DllN5ASy2n-IM9K66Q6twNr9Z_WLzck3PTHwGKyLauZzXhIGHNSzYyhSI4LQgnXps4rzqA3XF7wZcgvGNt4y9IN8eWgLJJoWScGEOYt08vGNEgjSwTNst2CBYdyWsEwKNcYABYsop3r24wqFYI9xKTxGWHmFLYnkzntmlTouGwIWGUWEZ3VHlGvn4NyXrw8oVnWn2Qi_Aa7cxP8VvqWw2QJut7vlRJ52UToxtX60aK0lg2UDg75Cz5tJIci693W3Hz1ICpyVMbFNvB49cCdH50AyffAs_MoCZTCX02eNdOvRaF9I06qiCZxiSMeqPKG70lqRURQm_QyaziOTuy-4VcdsX5wiU2UB-DFku7OlNYOLfLfaUsEr9fTjc-yd5dr3SMYXXAEhokcNpKoveCph91hO5rUhAqe01OIY0ZiLQr2wCtuF9ZEt88XbhP4tF6fRW4b630SMWmcKNmtSAXDsGs7eTDnv-GrOgx0TCnu4qrL5VM8ZfF6hSJkVc-XayVv2_jNo5dsnpXId-4u2WrnKPP00PTelzS3Ry_K_T8tpOeIk5QVcVdO4dtsXcS8Yr150fpGEX8VvYGF5WkC1s_Np6C019XtFFoTp2Ta92WsZnSgIncWA-VWH3r9w2c1rppOOZI9WOBzemB4WTnNJXqVLtaMy9-yf8gBy_1sweYWCsk9_lRcU3wqKBNegEjlik9LwlmfzHfu_GOAYXrZR7QBHxLCqgKjrRi1zWbgpbFlAquGeS1pK77d0hHQbnXgL4uaLhRCnyoc_ooPO0-b6Hgrww&cid=CAASJ-RoTYifdg0t8du-q8-9PlTKRtGIKTd3VLWMn5puzeG40StJ7hErTw&rfl=1%2Chttps%253A%252F%252Fwww.zdnet.com%252Farticle%252Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%252F%240

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efa09cbcfb60b5276b58345d461b2e4ad72d20768235d7afbc18cc449d0a0e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10723
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3069 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DMi9TMEYVLt4598fniE0W5c-F8LjFlHK8RlG8Cyc_f9ejnAebB8j7CbUPptUV92ucoS8DmPz3lBQ34tHJofEa0Qd9lJftuEDzfKOy09l46_nzmAAo

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 3069 11 KB
5 KB 9ms
8ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3439
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:19:27 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3069 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 322
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:11:24 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3069 119 KB
36 KB 25ms
24ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3069 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:15:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:15:15 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3069 0
0 316ms
15ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSH7cjYgjZkMGvshDXS7OiKAJN59eSwVNkbp79vCqSKdEvBvs_9RbOR9zIl2SSXrlhzUCFfjsupCPgca-55Z7kifC5QYQ
Requested by: Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ Frame 3069 68 B
345 B 13ms
12ms Image
image/png 3.124.27.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6MzAweDI1MA==&v=5&s=v31fvqlqhp5&id=eyJkZnAiOnsiYWQiOjUwMjQ0OTY5MTEsImMiOm51bGwsImwiOjAsIm8iOjI4NzA3ODYwNzUsIkEiOiIvMjIzMDk2MTAxODYvYXctemRuZXQvaW5ub3ZhdGlvbi9zZWN1cml0eSIsInkiOjI4OTA3MiwiY28iOjAsInMiOiJtcHUtbWlkZGxlIn19&sb=undefined&cb=9360559&h=www.zdnet.com&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODcwNzg2MDc1LCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by: Host: f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
URL: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.27.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-27-150.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame FAF9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

125ms
111ms

Image
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H3
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Redirect headers

date: Mon, 04 Apr 2022 16:16:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 5228
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

125ms
109ms

Image
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
Protocol: H3
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Redirect headers

date: Mon, 04 Apr 2022 16:16:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1649089004686&de=389305118581&rx=912112121187&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=5&cb=0&cu=1649089004686&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&pe=1%3A570%3A639%3A1161%3A580&jk=-1&jm=-1&fs=197910&na=1374241438&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1649089004686&de=366102306497&rx=912112121187&m=0&ar=3e87cfd1033-clean&iw=f366f1c&q=6&cb=0&cu=1649089004686&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FT-1000&pe=1%3A570%3A639%3A1161%3A580&jk=-1&jm=-1&fs=197910&na=1475699245&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

POST /
684dd325.akstat.io/ 0
0

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 190ms
25ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=104&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=643706863060&t=meas&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=bottom&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-bottom%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 191ms
27ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=104&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=643706863060&t=nht&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=bottom&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-bottom%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ff021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=11&zMoatpos=bottom&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-bottom%3FLL%7CT-1000&g=0&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=1050&gp=1920.5&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=643706863060&rx=912112121187&cu=1649089004686&m=891&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=1920.5&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=104&cd=0&ah=104&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&jk=2&jm=-1&tc=0&fs=197910&na=730705560&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 177ms
27ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=125&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=643706863060&t=hdn&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=bottom&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-bottom%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 178ms
28ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=21&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=534518329408&t=meas&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=middle&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-middle%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 179ms
29ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=21&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=534518329408&t=nht&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=middle&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-middle%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ff021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=11&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&g=0&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=1050&gp=1373.96875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=534518329408&rx=912112121187&cu=1649089004686&m=907&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=1373.96875&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=21&cd=0&ah=21&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&jk=2&jm=-1&tc=0&fs=197910&na=824997795&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 106ms
30ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=96&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=534518329408&t=hdn&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=middle&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-middle%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 21ms
20ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=22&fi=1&apd=44&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=389305118581&t=meas&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 22ms
21ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=22&fi=1&apd=44&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=389305118581&t=fv&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 23ms
22ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=22&fi=1&apd=44&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=389305118581&t=nht&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 18ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F15148869080553043038%3Fsqp%3D4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4%26rs%3DAOga4qkMqF5bxeBRtRRBCUP3yz0OReqzYg&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=389305118581&rx=912112121187&cu=1649089004686&m=1027&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=0&ag=22&an=0&gf=22&gg=0&ix=22&ic=22&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=22&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=44&cd=0&ah=44&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=197910&na=2032910680&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 24ms
23ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=28&fi=1&apd=50&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=389305118581&t=hdn&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 26ms
25ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=366102306497&t=meas&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 26ms
25ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=366102306497&t=fv&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 27ms
26ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=3&fi=1&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=366102306497&t=nht&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 18ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F10962947431251310290%3Fsqp%3D4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4%26rs%3DAOga4qmYw_TYt3-PjCimgI4L3kqaCVPfxw&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FT-1000&g=0&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=366102306497&rx=912112121187&cu=1649089004686&m=1032&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=0&ag=3&an=0&gf=3&gg=0&ix=3&ic=3&ez=1&aj=1&pg=100&pf=0&ib=1&cc=0&bw=3&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=6&cd=0&ah=6&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=197910&na=566178375&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1527
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1

43 B
1014 B

73ms
72ms

Image
image/gif

2.20.157.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXzcOZHUiKZnqLCt4jDDO7MPZT--8zPb-TYEdtr7coaCAvL2Ez3Rg0QufGPM-A157E-rd9sMyDAlnCVyFWFLkK70hdxWMPo0Gkn4TDrSVN1ivFpFQJEw52GumBDiugsn7MMTb9xksG-tI7XKvOzM-cOwPEl5w
Protocol: HTTP/1.1
Server: 2.20.157.55 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-55.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 16:16:46 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1527
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksZ7v.tUB5LgYgqlQpHJAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2

43 B
894 B

43ms
43ms

Image
image/gif

2.20.157.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXzcOZHUiKZnqLCt4jDDO7MPZT--8zPb-TYEdtr7coaCAvL2Ez3Rg0QufGPM-A157E-rd9sMyDAlnCVyFWFLkK70hdxWMPo0Gkn4TDrSVN1ivFpFQJEw52GumBDiugsn7MMTb9xksG-tI7XKvOzM-cOwPEl5w
Protocol: HTTP/1.1
Server: 2.20.157.55 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-55.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 16:16:46 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 1527
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGiK3LQXcMQxLeKdEmjCNLY&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1

43 B
1 KB

28ms
28ms

Image
image/gif

185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXzcOZHUiKZnqLCt4jDDO7MPZT--8zPb-TYEdtr7coaCAvL2Ez3Rg0QufGPM-A157E-rd9sMyDAlnCVyFWFLkK70hdxWMPo0Gkn4TDrSVN1ivFpFQJEw52GumBDiugsn7MMTb9xksG-tI7XKvOzM-cOwPEl5w

Protocol

HTTP/1.1

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 5dd8a223-4a12-497a-b02f-54f0fbed7f9d
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: a68d6920-0ac4-4e16-b51b-6cfda8657f32
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1527
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Nzg0ODA3NzQwMDI1ODA5Ng%3D%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Nzg0ODA3NzQwMDI1ODA5Ng%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 88927fe3-23c6-4574-8486-93366869dbe8
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODM4Nzg0ODA3NzQwMDI1ODA5Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7632
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1

43 B
1014 B

63ms
63ms

Image
image/gif

2.20.157.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXStzmmfRWAylL9jEmLiy8cZ1_93P0TWxmv3jGl-lPAjwBxAPz7C_Id0Kjzx_dcTpGZ_42m7ERGjJAFUjQORmkiIzS2wSO8WAs0-wYfyN6laVsy6CewE13PvgaxUn900obvalgLqqkfOFQVHJRm8_KjB78xzQ
Protocol: HTTP/1.1
Server: 2.20.157.55 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-55.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 16:16:46 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7632
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksZ7v.tUB5LgYgqlQpHJAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2

43 B
894 B

42ms
41ms

Image
image/gif

2.20.157.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXStzmmfRWAylL9jEmLiy8cZ1_93P0TWxmv3jGl-lPAjwBxAPz7C_Id0Kjzx_dcTpGZ_42m7ERGjJAFUjQORmkiIzS2wSO8WAs0-wYfyN6laVsy6CewE13PvgaxUn900obvalgLqqkfOFQVHJRm8_KjB78xzQ
Protocol: HTTP/1.1
Server: 2.20.157.55 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-55.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 16:16:46 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBr-9DZ7EJ-DC15vYh6S-iQ&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 7632
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGiK3LQXcMQxLeKdEmjCNLY&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1

43 B
1 KB

131ms
130ms

Image
image/gif

185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNXStzmmfRWAylL9jEmLiy8cZ1_93P0TWxmv3jGl-lPAjwBxAPz7C_Id0Kjzx_dcTpGZ_42m7ERGjJAFUjQORmkiIzS2wSO8WAs0-wYfyN6laVsy6CewE13PvgaxUn900obvalgLqqkfOFQVHJRm8_KjB78xzQ

Protocol

HTTP/1.1

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6c69bff2-825f-4724-8602-9ec16fa4e086
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: dbe38cd3-d594-4f3a-988c-599fba9016f4
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGiK3LQXcMQxLeKdEmjCNLY%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7632
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQwNjI0ODIyNjgxNzgyMzUwNw%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQwNjI0ODIyNjgxNzgyMzUwNw%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 16:16:46 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: def12c0a-cc55-49c2-95f6-9ef6e3275884
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQwNjI0ODIyNjgxNzgyMzUwNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022032909&jk=346114218235087&bg=!3t2l3ZnNAAZku-1yRLs7ACkAdvg8WlbZKAOUIgF7QEC8mJcCmLXeqH4_I6RuO_xNIxmJTZLJQmPFUgIAAAFmUgAAAAhoAQcKADDmn-TqbJ4hhUIQM7CQP6nXaq4C3s9ev8r2ukqK38NRZEDdl6rzJUgt16_3CcK6zWyZAs8n14P4STAyliMBTBnPrUraMphrNQsz7HF9SbkG_c5HJXMOfnhJkfrp8e04gxfIMg9sys0RbAOa8ndmXuuNpmEP5gO8ww49q9-5pFt1hEfBkHtlsTpT-mJOhYaha3rWgHm1He__Qb9_2MDub11PzP2qXANgf7heFS_yi9lU_XSIYFq4qrrniihzkTV6ZNoLCu6NRe2VYlGCyz4zuv0dY5CjEsgs0q4yAvV-4VOqmU8yLe6SV3dgjHyv6gldLBzOORuJ-MhyJbjoRFw2jjxEJmcIcxoseP--tAkPcnV4RCT7eXxUaKl3HcbMuPbyz2Of-jEUOHRPOBMi7GDs93gKi_ZFJ4WeuRatj_ln9EHOIhriMR3OVr6mgqhTdT8e8tXD0qbgOge_GTasfufbzeEL_8Jp0lLG9Ih-1RtW1Xij9AQMHGLDe3aKujQZjFWY90RMZZEGBAcPs5EfApP-i5q3yarZmLf7PmEN_xm9A58az4jwdH5vZYHD1LfSHVII7OdHj5txR45bEKHz94yHV8WSSLjlDhfJpLlgWV830S8E2t3lnGMny4zHVobBirC2i0E0ePlRVJDZs16lZsVWTK_1mg8Ej-4PRT-DlhbO-tZaWdsPhPcfIeKfsiUwgKcYEjC1R8OH3fsNv64b1HlQEaeICS095xaZN4rhpRiJ5YA3c_sLmyYFWvfStNGtd-xvlD99fjL86JQwvJwADEBvcK-p9OFcdyJ_IzcpcNJuHf6cMCiXvYigMAgCI8tnAddDgoO6Ill83X4tVm_AiICO6wKSYwA3mWUa8Mg-RMVNzi6Oij_PcbXySXF5Zu0fewvPr90nB1C6doqWAq25tO7Vkh4uAiNBfknkmam8xVEUIS_M0PFVHsjBzS1I0fqRhwXJFqqsNTWhSaaY81ZWUFBxPwRh2EP8o3gnyVtWKITCJSr3_MtyV7v6M0c0QwCRMECOfb0wZQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2868 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 380252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3069 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 380252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 2868 42 KB
17 KB 8ms
7ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64911
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Apr 2023 22:14:55 GMT

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 3069 42 KB
17 KB 9ms
8ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64911
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Apr 2023 22:14:55 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 66C7 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 36138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C71B 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 36138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabK... Show response
ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/ Frame 4334 56 KB
26 KB 92ms
53ms Document
text/html 142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

940b9ac1edbc48b52f7c0e423a3e7eb64cc2cd0293efc0dddc2a725edf9e17d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 26559
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=3013400686;ord=adsy5o;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9yFn7RlLYp7_E_bM7_UP9em76AuN06i0abKxxab... Show response
ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/ Frame F150 56 KB
26 KB 79ms
46ms Document
text/html 142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=3013400686;ord=adsy5o;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9yFn7RlLYp7_E_bM7_UP9em76AuN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QqC5EJPL0sJQp-upLbj0okmKn2k-FdrF7djskV6VPMFV7kUKjL44lSz1OnnFbHdXZJWznsoWjKSibfXMNBGgFxMijLVh5myrp5xXsmBwhMreyeQupfdeVrMg8Zlcp81vgyk6IlYHMtJAaPxchurVxwrlNUYxgWbXFqMj3h8TLMUHp-ozj7QgO6vezAvaYwoSfXy8wgHqVanrwPa-Q4bZf_wTm0LEdJ6fnUN9ocOvKbbOrrPyKFyyuTTVU4Wz6WNWawNUAkZEOhykZwxk1Bijk1l4Ax6fsB-q7PbY243irgRA2CebcW5TuNmMY8zrABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoTYifdg0t8du-q8-9PlTKRtGIKTd3VLWMn5puzeG40StJ7hErTw%26sig%3DAOD64_1sDfE4V9szf6zdBdiACodHptNPnw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-DSuwxNWwfrRlfUxqy3S8cpvp_8FcnxlnrpuY6-VGx0Nn0PiBsNlkJCc1-6psOTOQNxCqtZ2u_ZE6bSSjJxWr81jf9jgK6a8wAzYS7SSs3eKCVsrgdX9n3ESIOU1-comqmkItevZA9K4HWyU5oEdl6PNRtqTA%26cry%3D1%26dbm_d%3DAKAmf-DWZpa4CP6UAtYB1t7gH1jaO4VkNyFmTY60j0n7RC4rkUL2YwB8faCH_1D9Z5CyvgjLGAeShnnbIbqC0m5alJOpDUNf9o5m9CS04AnEiL_QWQ_RMh9VdrcWFccPxI9kN5DB6KToUaVjlGsPEbhBrhALEMd7cLYHkKUXbzyfXz2SZt1SB2H6SNvT6Ne8p4PzoPE7DKJnGx0g3Q0oKBKmmrgUiOCGokADTR6r46eChEPwqklOFHbBL8SuwNiClcdpBeBLT_sXeT0jwyYaEQi7szK-pKqx6OGH-ObyegsgWaEwHchPMWm9Tn2B6vcBEyraXc0RzQkAC-n__Rj7TzjEtBmYLvvZ5H3iImvEPKSpdICNRbX2Wn5fjeXYitvX-GRwH5I4c4CFbjNAq2oxUM3p1fUV5rfH6V465h2BcyagxxtYMd1_qmaAzgNEolXwy2ms09npceMNUexQBrUGGDwdM6-9vEmP12iFJBwhMF1ZzsuA5shjvFEjL9iYYSeTzrN57Awl2a8760pz4OwrMuG6Px27YEelNDENzo7L5Csj1m8nWqpoeG6lSEi3bOJPp5DSDSX14quMi4IvAnZ6fze3Ai5iYFWQHw%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=50;prcl=s

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

27f6668fd7abcb5f871573a8b959c1873c2cb0b6d762a55967d43ed10bd781dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 26551
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 16:16:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2868 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c62e2862eeddeeb3b5762011bf4401bc6e0a4efa93b0940c09eb15f55e70671

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 21ms
21ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=231&fi=1&apd=234&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=366102306497&t=hdn&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:46 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
DATA 200
OK truncated
/ Frame 3069 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a945a2447694f9649195bd2ccb91c21be19efd75b7ae1c68e2d357cf7a97b14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame F150 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=3013400686;ord=adsy5o;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9yFn7RlLYp7_E_bM7_UP9em76AuN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QqC5EJPL0sJQp-upLbj0okmKn2k-FdrF7djskV6VPMFV7kUKjL44lSz1OnnFbHdXZJWznsoWjKSibfXMNBGgFxMijLVh5myrp5xXsmBwhMreyeQupfdeVrMg8Zlcp81vgyk6IlYHMtJAaPxchurVxwrlNUYxgWbXFqMj3h8TLMUHp-ozj7QgO6vezAvaYwoSfXy8wgHqVanrwPa-Q4bZf_wTm0LEdJ6fnUN9ocOvKbbOrrPyKFyyuTTVU4Wz6WNWawNUAkZEOhykZwxk1Bijk1l4Ax6fsB-q7PbY243irgRA2CebcW5TuNmMY8zrABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoTYifdg0t8du-q8-9PlTKRtGIKTd3VLWMn5puzeG40StJ7hErTw%26sig%3DAOD64_1sDfE4V9szf6zdBdiACodHptNPnw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-DSuwxNWwfrRlfUxqy3S8cpvp_8FcnxlnrpuY6-VGx0Nn0PiBsNlkJCc1-6psOTOQNxCqtZ2u_ZE6bSSjJxWr81jf9jgK6a8wAzYS7SSs3eKCVsrgdX9n3ESIOU1-comqmkItevZA9K4HWyU5oEdl6PNRtqTA%26cry%3D1%26dbm_d%3DAKAmf-DWZpa4CP6UAtYB1t7gH1jaO4VkNyFmTY60j0n7RC4rkUL2YwB8faCH_1D9Z5CyvgjLGAeShnnbIbqC0m5alJOpDUNf9o5m9CS04AnEiL_QWQ_RMh9VdrcWFccPxI9kN5DB6KToUaVjlGsPEbhBrhALEMd7cLYHkKUXbzyfXz2SZt1SB2H6SNvT6Ne8p4PzoPE7DKJnGx0g3Q0oKBKmmrgUiOCGokADTR6r46eChEPwqklOFHbBL8SuwNiClcdpBeBLT_sXeT0jwyYaEQi7szK-pKqx6OGH-ObyegsgWaEwHchPMWm9Tn2B6vcBEyraXc0RzQkAC-n__Rj7TzjEtBmYLvvZ5H3iImvEPKSpdICNRbX2Wn5fjeXYitvX-GRwH5I4c4CFbjNAq2oxUM3p1fUV5rfH6V465h2BcyagxxtYMd1_qmaAzgNEolXwy2ms09npceMNUexQBrUGGDwdM6-9vEmP12iFJBwhMF1ZzsuA5shjvFEjL9iYYSeTzrN57Awl2a8760pz4OwrMuG6Px27YEelNDENzo7L5Csj1m8nWqpoeG6lSEi3bOJPp5DSDSX14quMi4IvAnZ6fze3Ai5iYFWQHw%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=50;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:13:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:13:09 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 4334 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:13:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:13:09 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 66C7 35 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C71B 35 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame F150 106 KB
38 KB 36ms
7ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Origin: https://ad.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 09:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Apr 2022 09:31:06 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F150 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 380252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 4334 106 KB
37 KB 40ms
17ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Origin: https://ad.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 09:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Apr 2022 09:31:06 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4334 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 380252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ABE8 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 36138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 37D8 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 36138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F150 119 KB
36 KB 20ms
19ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 6 KB
2 KB 23ms
8ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb3c904f3fe6bdcb1bc5f5955cf0681c7b54d31acdb6015c6a39928805cdbadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3261
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2379
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:22:25 GMT
expires: Tue, 04 Apr 2023 15:22:25 GMT
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F150 0
575 B 80ms
43ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuS3fr9BlZYIyV-lgmlpzqX4qe8Q4ybF7fG_0h9CCoAni5_hoz3U38KvDJWMz6-6vDP74SdB_od32ulmW38kS0DNOsXa8QKr9nV508QJLX7tQtWmEmrnrDoefF8Rzona-P2l80gnl5EDiWrHT9oKQ&sig=Cg0ArKJSzFy6WR7MNc7gEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=116&cbvp=1&cstd=114&cisv=r20220330.61071&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4334 119 KB
36 KB 28ms
28ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:16:46 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 6 KB
2 KB 16ms
8ms Document
text/html 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb3c904f3fe6bdcb1bc5f5955cf0681c7b54d31acdb6015c6a39928805cdbadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3261
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2379
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:22:25 GMT
expires: Tue, 04 Apr 2023 15:22:25 GMT
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4334 0
63 B 75ms
43ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstGM5_v6UtSMdTnGqfMgNJZwI3HA7i80il8i6LaR33QZ6462PpB_kaEgHVxmuWYXGgfzXeCBrd9jpJ1m01De4hDA4xK6W3PAM2KDoebxHnsTMxCGLq6lQN5pxTKzffAhNRRLrb7h2b03XLeWwJStA&sig=Cg0ArKJSzFHDhO21X5u6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=116&cbvp=1&cstd=114&cisv=r20220330.24231&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 19AC 236 KB
63 KB 95ms
40ms Script
text/javascript 2a02:26f0:f7::5c7b:e033
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e033 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:31:46 GMT

GET
H3 200 mandiant_name_300x250.js Show response
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 41 KB
5 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/mandiant_name_300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99d75855bd913a43cbe2485a1a57a6ff3b30f27e93c24aa03a50d6e3bc90253d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5372
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame ABE8 236 KB
63 KB 80ms
26ms Script
text/javascript 2a02:26f0:f7::5c7b:e033
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e033 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 16:16:46 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:31:46 GMT

GET
H3 200 mandiant_name_300x250.js Show response
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 41 KB
5 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/mandiant_name_300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99d75855bd913a43cbe2485a1a57a6ff3b30f27e93c24aa03a50d6e3bc90253d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5372
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame ABE8 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 37D8 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 200 man_names_300_bg.jpg
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 5 KB
5 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_bg.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d81a5cbabc401e26f9796b2d542a96518680646804cf45b744ff15f7d04a741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5499
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F150 0
26 B 58ms
43ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuS3fr9BlZYIyV-lgmlpzqX4qe8Q4ybF7fG_0h9CCoAni5_hoz3U38KvDJWMz6-6vDP74SdB_od32ulmW38kS0DNOsXa8QKr9nV508QJLX7tQtWmEmrnrDoefF8Rzona-P2l80gnl5EDiWrHT9oKQ&sig=Cg0ArKJSzFy6WR7MNc7gEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=402&vt=11&dtpt=286&dett=3&cstd=114&cisv=r20220330.61071&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3069 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=fb.473,e2e.1786,fs.466,reqs.466,ress.473,rese.483&srt=9&e=&id=csi_pagead&gqid=&qqid=CN6p9qLn-vYCFXbmuwgd9fQOvQ&rt=lb.855,ol.1313

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_300_bg.jpg
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 5 KB
5 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_bg.jpg

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d81a5cbabc401e26f9796b2d542a96518680646804cf45b744ff15f7d04a741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5499
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4334 0
26 B 41ms
41ms Ping
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstGM5_v6UtSMdTnGqfMgNJZwI3HA7i80il8i6LaR33QZ6462PpB_kaEgHVxmuWYXGgfzXeCBrd9jpJ1m01De4hDA4xK6W3PAM2KDoebxHnsTMxCGLq6lQN5pxTKzffAhNRRLrb7h2b03XLeWwJStA&sig=Cg0ArKJSzFHDhO21X5u6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=421&vt=11&dtpt=305&dett=3&cstd=114&cisv=r20220330.24231&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;dc_adk=250412562;ord=kzrzfb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdrjS7RlLYryuF6Pd7_UPqY6zqAWN06i0abKxxabKD7_O8_0IEAEg97vHgwFglYKAgJQHyAEJqAMBqgTuAU_QCKnBu-9WdebnhgUFv8fyjfxHazBzxBnWNPOgUk81DDSEuziozuEnDVp2Esr9cTlCg8lIbG-nMzcdIYAVIsq3fh-slaySXqmcuKLsHnUsVb4B-3pGcNLlNTNNCG9OJny_UVUVer759ikeprywMxqO0xmbKSc-FgVNXgIqztUpxGXa05FO9n2eds0C-wBxxaX0FPuyATc8xc0GpC1YPQdqrG5krJZZs-eIEa0JBBPBxOEAXJpwOG_2Wfhkd2l5ecWZetfuaqjCyGY48TVPTE4hQfOkpCHBlvTlRRlC-zZ5p5DSnf9tqhaxT9RMKF3ABOTovLqNBOAEA5AGAaAGTYAHoM72-gKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RomGOaZd3je3GrgOZ6K2HFV3ycg1SP4c0ED7McHkTQzm73enWP3A%26sig%3DAOD64_0kK7UjZmdGbFEWIH-IB8y-lI5nYw%26client%3Dca-pub-8820362605711196%26dbm_c%3DAKAmf-CTvzkRowrZFCDoM54E1ub4Hd8jdAFevGcGzv4fCwR2lnB_904aNER8H7bXSJJ14gz9lcUZ7dIfwb8-la2cJ1wm4ilpQkZl6dapu8nvMzNFXqPqUfDJSyZA7EhkQ4FBXE1vAPpoPaxUFOzaZLYKloVWDEnWBA%26cry%3D1%26dbm_d%3DAKAmf-AO38oxuYDs-RrEAGuHkMeAVtDTTTDB8YyOz_DsJZSd65tNHPp1wNW7HvNpZUy7Hiql8CijobHwGQf27o43ignGmEXlicWnHfLwXkgCmisZ3IVtWG_LGIJdp83KG-oeJvpb0rVzmnKyy0vKZAaU8vFdnyTg-EJNVQR0XtgcdqzMcWBCmrTeQYSW5_vfiNVZlOwIJVLXrof85WYwSWvZMnn974dwDtHnD4uC-gaRcd__ocsHsWHhZQu6eCMJFzxRJf77sWH3urZ4tBIVE7P02pXKDExsiyqC-CV9fFwUGpgCeoRdWGyQDxG8N4u1tDzvE4mEagezRPLty01GxBOCDptlyHe3PTvwYrvSP7AcIDuIDAIR67I54VZdmDFdZ0O7ufa0HKMbLIH1fYoR0m0Nvc7-Aja0m9DbwZ4Ife0w4wsDQSqOpI3tUVX6owx49XV8agUK3cTVmCcZW4_sPHW6ew50mwQv3ccF7Eb21wrMiPmDIE1gxfCJ6CCRBwPbOEFKy8KdwY2vzEUb28i9OQpSncjmnCbtlP6AsYTsbeXRpDMUF5WRoXtP7k_08pWyZfGfTmBZ_xks_HvUfIMas_FJ7QRl7I2qEA%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F$0;xdt=1;crlt=qVZ.4j6)oI;sttr=38;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 man_names_300_copy1.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 1 KB
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c4ec1cb9472a75fd57990b7823fc13fd069e3b926ae5c9aed78cac65f943166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1497
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy1.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 1 KB
1 KB 7ms
6ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy1.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c4ec1cb9472a75fd57990b7823fc13fd069e3b926ae5c9aed78cac65f943166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1497
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 66C7 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bmido7hlLYsjrGb_G7_UP3JSi-AEAAAAAOAHgBAI&bg=!CwilCEzNAAZku-1yRLs7ACkAdvg8WpCGEhs34JvTaSJUrzWMeJe7eu54LzLHO2BPbpM_8vD5hxtfhQIAAAGjUgAAAAFoAQeZAzdz_fAMxscdAWQrd-tne55jagpTMTbWz0IvQmlNPG-qob8rHd2ADDMxgXILBa6ehgyyYzV8tSk4vjNImB-xTxl1y3zmhMpG1cYoeptbf80P4zHyoZfAwNYACeguuLLLKE9sOJ7rsa2X7u8Kc1QHRqqiDNfnj3NCgrFPzD3mzFjqcKJLeB0G1D2QUe4y7Bu4rCjK5_sPJM0me0jT6C7q5dnrwJkA2_YpHc6D9c2KyS-p888HuEGBRgZZC6sHdtdmxL0340aJiO0HUhq8HTLpssCqvxqkL5rSq9DD_0OPK9r_wwVL1EfMeI8nYS7O2EvqDZILkgxxnJxFFDsKPQCzP_7vqk6vt1cSZqc8DHH7MW_-1WkyZSIr28Ys1ZxSXQHWXRxl8XvX4xg-gBWoVRbEkOaKEtQY7m6XyHj4_qAS0d0Y1xt5yD9uB6f2CwTDpgPTwvGKXtMQMt5i2TSXCHsJepBR-AFIlFnqwomhooF16o8fVoPyyCIqA4B9yuKuMeLpMKCCnz5jrkyV0KIpHI914yrCJ0NSz8qkKhHe9MNpDTP-TGpU2OzlhXFWRtRhKO8F3ioWHvv1NU6GGbjCmLEHRqKvFXrAdObckSciJGI_cCCgB9RIuG6I3y0NSe-o81vpjI9nPK53US0m7D8EMas6TXJpVvXCMznllvNMFAOIhmNSrVe57bIlMCSkjtydm8t4Dsekarjge8qcsjs7JHj7TYYBGCwZmJCCoirL3RXQoCnw9BsADKQx9yOM-0DJuqeburDQLcATl2fQtpeGSzeZT9b4WB1zMXuSH5Wk2hhtsGC3PXDsgrXyWvkDTmm-vG-QzeQnrW_1W5Q4sCaVBPxl8pPvyZCfvoAoURHZj2uTpCTP33mLAT6_tN005GdiV7qwb_zCPhD_oay9h5ggzhHL2KdTBUm7CvkfEJvFUrkA4nCB_WqnD0w41KqOm60tQo9wpm5OEOxCyIoSjX4C5D_kucZRn-bGSA-AW7DPzWbojqqn2IfihKaEV5tbcQf18Wu1TwOKMzV67zf09UywIq_pFCeb2QW301P7QJcnWFu1v66ocJ8wzw9LvX3PTyOTrjX0qR2o9K-wLlvO

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_300_copy2.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 1 KB
1 KB 8ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57b665fd1cf39f583765bbe2ab26050ea2fe934808ca9477804de22bff02222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1140
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy2.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 1 KB
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy2.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57b665fd1cf39f583765bbe2ab26050ea2fe934808ca9477804de22bff02222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1140
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FAF9 42 B
64 B 42ms
42ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuVSZgOD_mI6BI5VvY5B_mDnGCTpcMEw6nhqY8N8jZen1rjUGZnY779Y4gPzlHXy9UWnI25NbDZbwQe4JV3z2d4oLLTvDMNezfLzQ0-evnJ5KYtrB9onQ&sai=AMfl-YShoAxqRyh--zgfaPLCHi2ZhacYfs7NK3K3BGhJJlCtZGNzoUyYQ73UsCr-G-Vq8QFtjuKqbsvY4cEntMd4_MmsZt70BUlcrkyXemMaTG7p3sqWCQSXMXEArSnzkr64&sig=Cg0ArKJSzHZeDrVZSt-1EAE&id=ampim&o=436,5&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1021&mtos=0,0,1021,1021,1021&tos=0,0,1021,0,0&tfs=385&tls=1406&g=100&h=100&tt=1407&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=2152545444

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5228 42 B
64 B 42ms
42ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssT4vsLc2ruoUwZBcasOpEwXXJtKtLuSF9wRjGjBm-mOR7IbjrOxsO5FsFiS0-kaH-0gxeWuE29eyISDt4XzpzLIfHlyVKc9odcb79uhYUxqIrAabslXg&sai=AMfl-YTQz--IMKv2omoy9K2Tay6zKs3NlL4-vZ1TOXpEWYT67ex85QLgFA4ENRonejxNUCQH04DJZNcKhjqqZ0brUV9NFcf6ey4UcDekhSgxGW_edISZl5HtdM-NlCMrjR-2&sig=Cg0ArKJSzDYTeT3qRhbLEAE&id=ampim&o=1050,451&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1029&mtos=0,0,1029,1029,1029&tos=0,0,1029,0,0&tfs=349&tls=1378&g=73.9244818687439&h=100&tt=1378&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=192557409

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C71B 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUMWX7hlLYqbwGZOv-ga8uouQAwAAAAA4AeAEAg&bg=!AgGlAUXNAAZku-1yRLs7ACkAdvg8Wr9JZynAXh4KP_KsLG8mVt0Wc2JiGUQCx2BY2hMI-h0s7xtjrgIAAAG-UgAAAANoAQeZAz6gsgtWVZZAINjj2v24b3iPg7mxtQhJNKbkpaHAR_XYcgEhWhMVJ7DE7ZboaAONQSiJKJgqk5eiFdCqcwsf8sv1xn_iJxfvo7EOAktJrSIJftG19rzS6W2LNEv5VpLlpx1DeEtgyeiMtIyOHcS1hAPkHSbzdneUdOfb37qv8Pd4N-D14WTT1nvptdEPLh4wwlIOG1yXN7r9C9cMo2DCEgVgSui2JepcXHIionn9rH1aIjuG4zN2S7cDA7VTkJk-oHgDmDh3J2RGCWxXLELyKSG5CcNBo6XGW2O-ZiLGeEZK7eobqmgOkC1ujQpwUtgJLV2XqcdEVDaIAcvXhoQ68HAiGY3zQG0UgK8e6WwopFwQJ8Y7H8K0YAXvNpF2rIA0kP0XUyNF6N3abkd3Fr5hF6PufiZtS74Gd_8ay-q1T-sg7-pCx9kippZDHr0TJF7nsSqwfDV4dKDFrGrh1F6MMTYGrr8Fd-_RoX-8omIMKHv49rHqRfcoj_4JuSSCjP5hHz_DnPeBusKik_hcEo3hyU23LCADpKqQfqIq6b7RPcQtn2s2XrfS9Eb3mnLzSTzFhyKnpCEVa2cBzmfVex_GcdjPhDg59uRqHmIhdge-j2-ONVH5_h4MkTNOxx-3bT7PZuYqeDvCadmGQlLmRqHPxs2sYjltoMy2ZJqSFsErM9fCXzQoE0WMZysGXbOLifDsweuajX0AbxwvuQZDFVRiSqe9AoNRdkKRkcGT_uJq-qiMM5GXtodUmG720jA1lOmEu5v2X_FGO8AzIrPfxuX4fasaYWYfI_ae3EQK4RDKxgoRGMNSofbz1jdkDYIrbEmHfzvuTXhNBwJFGdpqsawko-kwPoQxyTpLXdHprEj4fK6yy0c5bG0zterBfwpNggefxWDKd4CTA_DSE0aVrBWccrNxC8MoVBQCOrTl-uUplb5ZgYDhsJO4N7uhLCjJG193wAJgv26icvfRp0pxfvYpNni2i4eFdZwwirLerMqoA3JjMWH9-G_vbvUYMhUcJ604MMsJTMCx_iiWbvkc1jr-yzYwbDl0MtQ4hgoJ7H8Yuk5KmRhqJDOCFHIUO_MS0nd-rZximnTSyOX2MZkjHq5yBg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_300_copy3.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 1 KB
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd85d36e65e3602aea07ead6d94b8fbe2ed5bbe3473f0fb1512f54ab359e8b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1347
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy3.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 1 KB
1 KB 7ms
6ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy3.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd85d36e65e3602aea07ead6d94b8fbe2ed5bbe3473f0fb1512f54ab359e8b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1347
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy4.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 902 B
929 B 8ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca38cd9407ae288717edd25a803756b478d9b40481ad7148155f0931abe49840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 902
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy4.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 902 B
929 B 7ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy4.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca38cd9407ae288717edd25a803756b478d9b40481ad7148155f0931abe49840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 902
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ABE8 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9jQn7hlLYpS_I5D43gPAl7iwDgAAAAA4AeAEAg&bg=!trWltfHNAAZku-1yRLs7ACkAdvg8WiKDD4oDmbMIrRg6BMruWWU2V3PNF0mGmRGWzs64R7yJ2vKJPQIAAAEiUgAAAAJoAQeZAz-u7FhRIhk1B98ASWbLh-m74yz4U4VefK13WpNBQTmsuLB6U0XFf6Q5rfBmKuAA6OCkJPTv-8S48kbPJb7HiroHLTByrR6bAFUhClhwRrMjsEmSUdZ1lTQo9K56bPuYzpzhNA7eSv1FSAIXm_n0A7_8TNFn7lLE-e9iyFkao5vwLD1UmYFdSPR-EMMh34LAq7I_3LZZRI0YJ_Msvs15Y-JR5tizi-cAc3iE_0AVfoEufoiQHu4kzqo1TjlQA9YmnA79q2w2F3lIP16Y812l3syAJFbYWLJbXTZAXJX11TL0Lcu5V354bENgSFWyqbV0XnFpWeMKr68gZ3QZVwXSgviOocPKJIDwc_IokZ6vVS_nj0tMtD5x384130uHXCWyLMWvjnk8uCZHuKnapCJ2dlw3W2LiXw4uJg5Y3kVmeI_VzSq6Qezz-fMnKvTO-VjduThrP2ufYXpmBLfYYKtAE5qSqDEdDKq3Kz4k4TKKMLerKZsCpeaoKfmJGaDJjNjSj5dyabUnxGZl59cQpUOH3Vaue1wuB2nq3ZdDC1P3gJvUJncyj30QTgcr_zgfciIJfDU1IJCrZffQnjwPQs4DzxKuwN5I_3c8UyczJgzURWNWwIFh6X02IVPxbKT2vm5ah1CAAX83_5CZpnMtfRUUjq6OFnMvrh_BblYpv0IHSlRNBS5SMNoTfRtxyCR9m4sna0q4TDc9iG6RgSLKa2m5aVUyiaLqulSINrp2ZK3wrpxJZ-CoMfDUKa26tx9RZ9LrsSrM4x8oqLYICJ2sPth2x_D72qq8Xcrz9P_AA8AKRU96PND9lFQV7Ga0qh2_RXwpnRgkWIu2UHGolwsqgAoTQUATmhI656Qkq0fml2sTEJpzsaCd9xQ1yacegcB16_khdxw5jv9LMn7p8RYveWCMC4jNKlovS6bYzJiFy8ENrl4ADE8ckiT5ZjT021hge_o70hd3jp1y04kfkN3o2XuFMyTqMRbWIN12M-PLkVdTylYviUgEAepKQTGHhV_AKUV7W7Hvqu90YKzx6xfayOY3skvxorNCeTbg6TPTJKt-Ajxjlw3HoV7PIeg9-uuaGz9IT03wSMUe26csOisw2jzYZks

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_300_copy5.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 1 KB
1 KB 8ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy5.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8b859c337ba140cd427e7018d90d06c09eeea5b94659ce387d7df29edcf836f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1388
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy5.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 1 KB
1 KB 8ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy5.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8b859c337ba140cd427e7018d90d06c09eeea5b94659ce387d7df29edcf836f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1388
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy6.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy6.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afde443c0e71ebed5be4869cf9f6bee4cbb8a864130f6738c7f2228a675f088d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1554
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy6.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy6.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afde443c0e71ebed5be4869cf9f6bee4cbb8a864130f6738c7f2228a675f088d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1554
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 37D8 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BmHZO7hlLYqm-I5rQ3gP4ury4AgAAAAA4AeAEAg&bg=!srGlsfXNAAZku-1yRLs7ACkAdvg8Wm9AWwPF1OkwIo5CvrhMQLLD13wgN-JQnjlH5WQIBkSDhZbXxwIAAAD2UgAAAANoAQeZA1AQ7jZ432BxKWAVkK41niBVTmxEkcMiX7m1Z0j0Ua9Fr-MXCm6TqqUfX-i1Fu_LwB-CBAt0gz_HZJ8g8Uvgjeh3-ZDqJUdhJa-RK9v7F6VKTcbz0Nk5GVEDSPBaZrkOZqeH6Qu7NLkqELUtPFMc7iT2OUY18cvJYCt38ECEYE44Llif3k-RuY1fUbpu6oQ1NtM3Wwtf3nmD4Q9eOnCq1SiFanRVWZEGlAQ_1GTKCk7QmYiyoftS7IKeiZH--0VwTN4YSVE-ExoJxXvT3NFF0yLbCyciFTEmL5C6rPHN_Zsibw5DNq5IoyZu_6wdBP1XD-Go8E0fbQ3XCmyGygoAAkYqnkqJSRovyAGLms3UspngMbxoZQckUuYiXvLiJ7sjpBU2h1aCw9NCwBe70lMN99d__s1v9p8azK6KkDyfjfR-Vz3GfrGYPXz0hMNx0EFS_SpCGmCJ7mXfVtv_Z6JJi5TvTEMlWjnfmu99NAHI7NSJf_aWLSg8FARjbpbeIyu8ckRgCzdvrQcW9p_zfbYxiOISzD67a785v_8WSmEbs8Mgei-PYcdk0HTaqx-ce2hMKgSPmZFC9pwIlI0iHfsI3qW9KHzcUpkYu1rKEEsr8ED--kTLmumM9vJGCT9eTOXGj_OXx8TTilb5H2_AyL9EBBZ5oyCxyPdfAyV69Bzeru47VVXcmQqQ84_1NHz8O7C_LrRe22YtvKALSyeHNS8b-rDd_e8FDZvHzB6O4eDKJvUObLAjjvEAB9ELvvrv8RFUR29S8SFksiIqKbbORXLQKaT6lzsAd8etvsvTQQc2nPNxDePbYib9PItqcQdABVQAa8MlCWaxnoFNyj-ZchmBmUBwovkBMDk68HOVciefZPQVgKurHVGOmEoMh39PTYvr6MVUpUwAzCS6XXwqFCSZeK200l4KBI6K5Ea4OdE2dxYNJ_wQ-ieeQAwc0m_KA2JZC19iWep-iObBha33M1C2JAWfAkM_mZA06ZHh8LZwc1EI8lIRlKeAP6fQQ5vfdREzpTmra9GLQo6w2xdQOzxdNTY61nuP8J5ykqQG1CttmMvFMi9K6JsYLGawYtIiNcu3YYUi32l8jvp-16x8sS8WzEZ0QWs-kljbyzMTTyUf-7BSug

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_300_copy7.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 7 KB
7 KB 16ms
16ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy7.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d01c79518ec7aa4d8f9edc39a5535df85d418029deda2bc4e555b295d939049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7142
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_copy7.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 7 KB
7 KB 16ms
16ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy7.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d01c79518ec7aa4d8f9edc39a5535df85d418029deda2bc4e555b295d939049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:25 GMT
x-content-type-options: nosniff
age: 3262
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7142
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:25 GMT

GET
H3 200 man_names_300_cta_bg.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 366 B
393 B 11ms
11ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_cta_bg.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0d01991879875adad900b371a341342baf6deca280896fb406ad48360caa6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:26 GMT
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 366
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:26 GMT

GET
H3 200 man_names_300_cta_bg.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 366 B
393 B 11ms
11ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_cta_bg.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0d01991879875adad900b371a341342baf6deca280896fb406ad48360caa6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:26 GMT
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 366
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:26 GMT

GET
H3 200 man_names_300_cta_text.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 886 B
913 B 8ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_cta_text.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037dd36c7b23a7cdab949ce0bbdd15dc6962c96638c6da41ecdfeb6db74fe400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:26 GMT
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 886
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:26 GMT

GET
H3 200 man_names_300_cta_text.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 886 B
913 B 8ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_cta_text.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037dd36c7b23a7cdab949ce0bbdd15dc6962c96638c6da41ecdfeb6db74fe400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:26 GMT
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 886
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:26 GMT

GET
H3 200 man_names_300_logo.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 19AC 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8742eb0bd710587edec894c84e82c8372ef6b8040c3081c8aa230024e107fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:26 GMT
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1624
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:26 GMT

GET
H3 200 man_names_300_logo.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame ABE8 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_logo.png

Requested by

Host: code.createjs.com
URL: https://code.createjs.com/1.0.0/createjs.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8742eb0bd710587edec894c84e82c8372ef6b8040c3081c8aa230024e107fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:26 GMT
x-content-type-options: nosniff
age: 3261
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1624
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:26 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 18ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=389305118581&rx=912112121187&cu=1649089004686&m=2137&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=1135&an=22&gi=1&gf=1135&gg=22&ix=1135&ic=1135&ez=1&ck=1135&kw=955&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1135&bx=22&ci=1135&jz=955&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=955&cd=44&ah=955&am=44&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=197910&na=1439837914&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 31ms
31ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=955&tet=1135&fi=1&apd=1157&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=389305118581&t=iv&os=1&fi2=0&div1=1&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 37ms
37ms Image
image/gif 23.35.229.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=911&tet=1110&fi=1&apd=1113&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1649089004686&r=366102306497&t=iv&os=1&fi2=0&div1=1&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Finnovation%2Fsecurity&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=389305118581&rx=912112121187&cu=1649089004686&m=2138&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=1135&an=1135&gi=1&gf=1135&gg=1135&ix=1135&ic=1135&ez=1&ck=1135&kw=955&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1135&bx=1135&ci=1135&jz=955&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=955&cd=955&ah=955&am=955&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=197910&na=1364126385&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
16ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=389305118581&rx=912112121187&cu=1649089004686&m=2138&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=1135&an=1135&gi=1&gf=1135&gg=1135&ix=1135&ic=1135&ez=1&ck=1135&kw=955&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1135&bx=1135&ci=1135&jz=955&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=955&cd=955&ah=955&am=955&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=197910&na=808359600&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FT-1000&g=1&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=366102306497&rx=912112121187&cu=1649089004686&m=2139&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=1110&an=3&gi=1&gf=1110&gg=3&ix=1110&ic=1110&ez=1&ck=1110&kw=911&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1110&bx=3&ci=1110&jz=911&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=911&cd=6&ah=911&am=6&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=197910&na=1437044278&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
16ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FT-1000&g=2&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=366102306497&rx=912112121187&cu=1649089004686&m=2139&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=1110&an=1110&gi=1&gf=1110&gg=1110&ix=1110&ic=1110&ez=1&ck=1110&kw=911&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1110&bx=1110&ci=1110&jz=911&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=911&cd=911&ah=911&am=911&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=197910&na=1419083038&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FT-1000&g=3&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=366102306497&rx=912112121187&cu=1649089004686&m=2140&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=1110&an=1110&gi=1&gf=1110&gg=1110&ix=1110&ic=1110&ez=1&ck=1110&kw=911&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1110&bx=1110&ci=1110&jz=911&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=911&cd=911&ah=911&am=911&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=197910&na=615796627&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:47 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:47 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 21ms
20ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=bottom&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-bottom%3FLL%7CT-1000&g=1&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=1050&gp=2055.84375&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=643706863060&rx=912112121187&cu=1649089004686&m=6179&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=2055.84375&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5197&cd=104&ah=5197&am=104&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=197910&na=55612892&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:51 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:51 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
16ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&g=1&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=1050&gp=1488.875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=534518329408&rx=912112121187&cu=1649089004686&m=6181&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=1488.875&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5093&cd=21&ah=5093&am=21&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=197910&na=1510670488&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:51 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:51 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=389305118581&rx=912112121187&cu=1649089004686&m=6182&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=5176&an=1135&gi=1&gf=5176&gg=1135&ix=5176&ic=5176&ez=1&ck=1135&kw=955&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5176&bx=1135&ci=1135&jz=955&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4997&cd=955&ah=4997&am=955&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=5&jm=-1&tc=0&fs=197910&na=1659289567&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:51 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:51 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 17ms
17ms Image
image/gif 2.20.157.238
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=innovation&zMoatAdUnit3=security&wf=1&ra=3&sgs=3&vb=5&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%24%26109.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-QhslZQwprWHiKYvbY%2BOEbHHfl7P4J7uhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWekwLgg%3D%3D&sc=1&os=1-NA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=%3B4*E%3Amx5%60K&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FT-1000&g=4&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&id=1&ii=4&f=0&j=&t=1649089004686&de=366102306497&rx=912112121187&cu=1649089004686&m=6182&ar=3e87cfd1033-clean&iw=f366f1c&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3142&le=1&lf=172&lg=1&lh=14&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A570%3A639%3A1161%3A580&as=1&ag=5151&an=1110&gi=1&gf=5151&gg=1110&ix=5151&ic=5151&ez=1&ck=1110&kw=911&aj=1&pg=100&pf=100&ib=1&cc=1&bw=5151&bx=1110&ci=1110&jz=911&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4953&cd=911&ah=4953&am=911&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=5&jm=-1&tc=0&fs=197910&na=955137965&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.157.238 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-157-238.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 16:16:51 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 04 Apr 2022 16:16:51 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.zdnet.com
URL: https://www.zdnet.com/service-worker.js

Domain: 684dd325.akstat.io
URL: https://684dd325.akstat.io/

Domain: 684dd325.akstat.io
URL: https://684dd325.akstat.io/

Verdicts & Comments Add Verdict or Comment

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners	1970-01-20 02:05:31	Name: pv Value: 1
www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners	1969-12-31 23:59:59	Name: zdnet_ad Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22aw%22%2C%22subses%22%3A%222%22%2C%22session%22%3A%22b%22%7D
.zdnet.com/	1970-01-20 02:14:53	Name: fly_geo Value: {"countryCode": "de"}
.zdnet.com/	1970-01-20 02:14:53	Name: fly_device Value: desktop
.zdnet.com/	1969-12-31 23:59:59	Name: fly_preferred_edition Value: eu
.zdnet.com/	1969-12-31 23:59:59	Name: fly_default_edition Value: eu
www.zdnet.com/	1970-01-20 10:50:25	Name: _mfuuid_ Value: 151f4999-7711-4c5a-9a22-2be75d52f736
.zdnet.com/	1970-01-20 10:50:25	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Apr+04+2022+16%3A16%3A43+GMT%2B0000+(GMT)&version=6.20.0&hosts=&consentId=f89b2754-7fae-4177-8a45-4e2697c31b6b&interactionCount=0&landingPath=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Flog4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners%2F%23ftag%3DRSSbaffb68&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.www.zdnet.com/	1970-01-20 19:36:01	Name: chsn_cnsnt Value: www.zdnet.com%3AC0001
www.zdnet.com/	1969-12-31 23:59:59	Name: viewGuid Value: f0c98ef7-9bf0-4c8f-910e-7c3c7a82c19d
.zdnet.com/	1970-01-20 02:48:01	Name: arrowImp Value: true
.zdnet.com/	1970-01-20 02:48:01	Name: arrowImpCnt Value: 1
.zdnet.com/	1969-12-31 23:59:59	Name: zdnetSessionStarted Value: true
.zdnet.com/	1970-01-20 02:48:01	Name: zdnetSessionCount Value: 1
.zdnet.com/	1969-12-31 23:59:59	Name: fly_session Value: 011f745b75604b150cf7400073575a74
.zdnet.com/	1970-01-20 02:14:53	Name: RT Value: "z=1&dm=zdnet.com&si=2500d9a9-42f1-47ab-8101-c85e03040240&ss=l1kx0i5f&sl=1&tt=w9&bcn=%2F%2F684dd325.akstat.io%2F&ld=1h7"
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: db9a2d3234cf0688
.zdnet.com/	1970-01-20 11:26:25	Name: __gads Value: ID=81a8d62b21f1fccb-2255deff6dcd00f5:T=1649089005:S=ALNI_MbIeAa_aFGP9rgvDIaVdbpwa8WUVA
.doubleclick.net/	1970-01-20 11:26:25	Name: IDE Value: AHWqTUkHivuw5LBRzPYTVhZ0R6i1OviXOvYNgebe-Cm5F6kMlO72n808hCm8hl-U0Ls
.casalemedia.com/	1970-01-20 04:14:25	Name: CMPS Value: 3219
.adnxs.com/	1970-01-20 04:14:25	Name: uuid2 Value: 8387848077400258096
.doubleclick.net/	1970-01-20 02:04:52	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 04:14:25	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?dv5L`d!]tbPl1M>e)ZlrFUfJ+tGXxoiZVRl.Cuv?AD#mGZKHc3VUJ!5_YvoYjGJ9?]3If)y3KL9D3I?+bi5)m*
.casalemedia.com/	1970-01-20 02:06:15	Name: CMST Value: YksZ7mJLGe4A
.casalemedia.com/	1970-01-20 10:50:25	Name: CMID Value: YksZ7v.tUB5LgYgqlQpHJgAA
.casalemedia.com/	1970-01-20 04:14:25	Name: CMPRO Value: 1132
.casalemedia.com/	1970-01-20 10:50:25	Name: CMRUM3 Value: 2d624b19ee2760CAESEBr-9DZ7EJ-DC15vYh6S-iQ

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
javascript	error	URL: https://www.zdnet.com/article/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners/#ftag=RSSbaffb68 Message: Access to XMLHttpRequest at 'https://684dd325.akstat.io/' from origin 'https://www.zdnet.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://684dd325.akstat.io/ Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd325.akstat.io
a.myfidevs.io
ad.doubleclick.net
adservice.google.com
adservice.google.de
at.adtech.redventures.io
bam-cell.nr-data.net
c.go-mpulse.net
cdn.ampproject.org
cdn.cohesionapps.com
cdn.cookielaw.org
cm.g.doubleclick.net
code.createjs.com
confiant-integrations.global.ssl.fastly.net
dsum-sec.casalemedia.com
f021fceb1b97048c0823550201d15fe9.safeframe.googlesyndication.com
geo.moatads.com
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
js-agent.newrelic.com
mb.moatads.com
pagead2.googlesyndication.com
protected-by.clarium.io
px.moatads.com
redventuresgamheader644747280705.s.moatpixel.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.myfinance.com
tpc.googlesyndication.com
urs.zdnet.com
www.google.com
www.googletagservices.com
www.myfinance.com
www.zdnet.com
z.moatads.com
684dd325.akstat.io
www.zdnet.com
142.250.181.226
142.250.185.226
142.250.74.198
151.101.193.194
151.101.194.154
151.101.66.137
162.247.243.147
18.135.183.184
18.170.11.184
185.33.221.13
2.20.157.238
2.20.157.55
23.35.229.151
2606:4700:10::6814:b844
2606:4700::6810:9540
2a00:1450:4001:801::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2006
2a00:1450:4001:812::2001
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2001
2a02:26f0:1700:59a::11a6
2a02:26f0:f7::5c7b:e033
2a02:26f0:fb:187::11a6
2a04:4e42:4c::666
2a06:98c1:3120::7
2a06:98c1:3121::7
3.124.27.150
34.120.203.121
52.4.215.152
65.9.66.116
037dd36c7b23a7cdab949ce0bbdd15dc6962c96638c6da41ecdfeb6db74fe400
05260d49620f9b550301608e7dd5be417d8e29c1b21ed62763114b828f4b723b
09857f8d49032c747c4b223e22fc45f9d643e3f27b0e340c6ebeb473d906ed46
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe
11992f506398f0ce551a82f7591c0448de7de4b0a84a1fdef72131fd756710ff
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13675f970d6dfb0e12a632a85dc3c63ab511d64165770d11c1c09c5868cd0649
1440fe68fb1fd90c8abfbc5845e571f0765b50f647e7165ae0c1de35f20bd436
1a703d617fb31d56238372d5bf78e9861b3a09b7447a0184bd5f1c178461ed12
1acf9d24b4065106ea5975f71b9fd26b4ed5078cf14be0a5d53a4057d72fd5c1
1c62e2862eeddeeb3b5762011bf4401bc6e0a4efa93b0940c09eb15f55e70671
1ef94f1c5939727c3f6b25a38c5131490f3f700ad762c0b717d824d2835ae7da
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
217b9e539bd55ad03f86545c4afc436c1d61f04aa131a4679181a3d30bde9480
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
22a3fe5faaebe2847fa8fab8ec0447c17dafbbe0fbb9a0d4639dfe9114e46c32
27f6668fd7abcb5f871573a8b959c1873c2cb0b6d762a55967d43ed10bd781dd
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0
2d81a5cbabc401e26f9796b2d542a96518680646804cf45b744ff15f7d04a741
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
31d38f53f745c5ebb8e047156df559b659bd7556923e3f26dc73aa7aaecf8bdf
31f646b8b5efa1c2c80bfbd98a4fc763b73fc60b3907f85f2559568a43820766
33114cd313dd7d97e2a6f30ce34e51f31a6c6ece954e9111f00155ba50f70ae5
3339ce3a3d421620f29952a2592aa4a64274990b134370810cd70d91f91ccdef
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3a945a2447694f9649195bd2ccb91c21be19efd75b7ae1c68e2d357cf7a97b14
3c591927cc6254cd17a33c78e3293b8456851a88c736b300647f7d263dd31740
3cbf33ba911c338fc5b46fe24daf947af91796814794a171b28016a9a2cac6c6
4184adff6b2520d96a9ee19c9d79921d565ad5e29cf3264129dc241eb524a31e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5d513b3462d2599c573562b14a2e58584af55be144c8964871856f1c262242a5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6404fdc35d7baaf4b444d2210d703057792376db07ae34af5f79904149e1b91c
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6a42aa69e442dd238a0108dd85e9daef119dcb1a844a0efdfd274e9968f9e531
6ca34f13147f5269971e6fad7a0167e2384f00af822330588e68262c362a6a04
6de42ab26b7f121d7e40422b272d0ce1beacbaba5b4a696fbcb8abf7cb6d943d
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3
77534605d7f4bf6131511e44b4da078721199a58ed38e00b2d26cb97fc9e4a7f
7d01c79518ec7aa4d8f9edc39a5535df85d418029deda2bc4e555b295d939049
7f1639eeb6e3eb3e2de52c35e650ac2fe53ea34ee8e8cac73807facad51e9b7f
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8062685d744e0b56d816edd3d4b5b9b527927710a163273806b1ccc60393cb92
823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64
82f0eb092abda9fac3e946d65566d71e401190860f3941fd17f917a8097aa2ea
82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd
8305d86074fdee76ef38a7e264f3ac0bfab4051d8f13625b4bbd5396120b1fe1
8aa3b5c03149519655bc49ddd45d5b92326e6c7c76bd2672e258383790e5f45b
8eb12097dc755143587dd7f807423da51d8c47b894729203b3aa8d52a29cf274
8f1339f33a6adf6ce36b7a64a8bc05f8fb47cc2e2e33da3bd8f5a6b8a79432f9
8f567499349c817fee9aca6118017465aaac7579070dc547f49b5fdab3029efd
940b9ac1edbc48b52f7c0e423a3e7eb64cc2cd0293efc0dddc2a725edf9e17d3
94a3e12f0e3823bc21fd554f2fdec204ccfe7e32a62dd4a74ba681cfc80a0778
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
98ab4d5883cb45adae4b31f59acc68219cdacc11390b3d1a022ba733dcf447e1
99d75855bd913a43cbe2485a1a57a6ff3b30f27e93c24aa03a50d6e3bc90253d
9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71
9c4ec1cb9472a75fd57990b7823fc13fd069e3b926ae5c9aed78cac65f943166
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a0d01991879875adad900b371a341342baf6deca280896fb406ad48360caa6e1
a1c0e363ba1dde7f43855da009fad62e5c3ae65bc8377f30963a67f14d700534
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a3037bf62b0056b6c2bcce1896b631a714583d37a27c3fb08b8024e056dba5a0
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7038a871c6e37530c59d3beaf6159ff46c7404fb6dab40505cb00e23d308db8
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8b859c337ba140cd427e7018d90d06c09eeea5b94659ce387d7df29edcf836f
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
afde443c0e71ebed5be4869cf9f6bee4cbb8a864130f6738c7f2228a675f088d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
c0914a80fbdb3cc4da875422945a90499afa580f654f8797ebde5e26f1ddf4ca
c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2
c65b94930bdfa194beee8b0b26e0c138762f18c5815642ca7c1c4e02e86d6973
c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083
c8742eb0bd710587edec894c84e82c8372ef6b8040c3081c8aa230024e107fee
c8f0ad7ede4e1674bed2cbef601bb994e8a876486b82d19a5d0557b5c7c95bb5
ca38cd9407ae288717edd25a803756b478d9b40481ad7148155f0931abe49840
cafdfa65c0b7e7adfa772487035d1320e7b035a19301553ccf8341cdadf02422
cf1401484313f8538af6fdc28493f4cda7a3e57a94db1073f9bea60686628484
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d7368a1fbfe8a5a8bc9fb85ac158deed4aa42c5e60887bf2dfd0f4b19d33546e
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
dd85d36e65e3602aea07ead6d94b8fbe2ed5bbe3473f0fb1512f54ab359e8b03
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e161b11100e327b8f968261111c4de24589d28b2d934f83d6185257d3492581f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e5f7cfcae397d7a1faf00acf6eaf4a7c4d4bb3f749d638c1e7899ef6887e9ebe
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
ea86214f14bd7892eb024a876833cabb892c468f4ea5cf4b3bb905dcdc9c9335
eac775f02f730f434ef8c6e051676a44981e55dfa56bce374e5eb938b13026e2
eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604
eb3c904f3fe6bdcb1bc5f5955cf0681c7b54d31acdb6015c6a39928805cdbadf
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ed23916544fa1019b8085a83a6fc9e3b1c32cfa0d6ec130f7364e7da5e17ebc9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa09cbcfb60b5276b58345d461b2e4ad72d20768235d7afbc18cc449d0a0e11
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f57b665fd1cf39f583765bbe2ab26050ea2fe934808ca9477804de22bff02222
f808f80e0a6828022228c0fcd89ff0a7338bc5f6a7ce891327f7e51bc3d46d06
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
fca66821bcbe0a2adfb7113fdab4b19aa6e3807a4a870a24b551313aa786e169
fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

www.zdnet.com Open in urlscan Pro 2a04:4e42:4c::666 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

228 Requests

94 %HTTPS

50 %IPv6

25 Domains

37 Subdomains

35 IPs

5 Countries

2272 kBTransfer

6867 kBSize

27 Cookies

16 Outgoing links

Redirected requests

228 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Screenshot
Live screenshot

Full Image

228
Requests

94 %
HTTPS

50 %
IPv6

25
Domains

37
Subdomains

35
IPs

5
Countries

2272 kB
Transfer

6867 kB
Size

27
Cookies

228 HTTP transactions
7 data transactions