arstechnica.com Open in urlscan Pro
18.189.149.173 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://arstechnica.com/?p=1969201
Effective URL:
https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Submission: On September 26 via manual (September 26th 2023, 5:37:57 pm UTC) from US — Scanned from DE

Summary HTTP 193 Redirects Links 69 Behaviour Indicators

Summary

This website contacted 59 IPs in 8 countries across 51 domains to perform 193 HTTP transactions. The main IP is 18.189.149.173, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is arstechnica.com. The Cisco Umbrella rank of the primary domain is 57716.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 10th 2023. Valid for: 10 months.

This is the only time arstechnica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	18.189.149.173 18.189.149.173	16509 (AMAZON-02) (AMAZON-02)
21	205.234.175.175 205.234.175.175	30081 (CACHENETW...) (CACHENETWORKS)
10	104.18.131.236 104.18.131.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2	18.238.243.94 18.238.243.94	16509 (AMAZON-02) (AMAZON-02)
1 2	104.19.144.23 104.19.144.23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.112.202 104.16.112.202	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
1	34.149.178.20 34.149.178.20	15169 (GOOGLE) (GOOGLE)
15	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
2	54.172.92.248 54.172.92.248	14618 (AMAZON-AES) (AMAZON-AES)
1	13.225.78.91 13.225.78.91	16509 (AMAZON-02) (AMAZON-02)
3	13.224.189.39 13.224.189.39	16509 (AMAZON-02) (AMAZON-02)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
1	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	13.225.78.121 13.225.78.121	16509 (AMAZON-02) (AMAZON-02)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	23.32.185.123 23.32.185.123	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.18.41.170 104.18.41.170	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	63.34.148.139 63.34.148.139	16509 (AMAZON-02) (AMAZON-02)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
1	108.156.69.71 108.156.69.71	16509 (AMAZON-02) (AMAZON-02)
1	151.101.0.239 151.101.0.239	54113 (FASTLY) (FASTLY)
2	35.169.143.178 35.169.143.178	14618 (AMAZON-AES) (AMAZON-AES)
1	18.238.243.129 18.238.243.129	16509 (AMAZON-02) (AMAZON-02)
2	44.215.116.28 44.215.116.28	14618 (AMAZON-AES) (AMAZON-AES)
1	130.162.160.243 130.162.160.243	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
5	141.226.124.48 141.226.124.48	200478 (TABOOLA-AS) (TABOOLA-AS)
42	52.222.250.126 52.222.250.126	16509 (AMAZON-02) (AMAZON-02)
1 1	202.241.208.57 202.241.208.57	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
2 10	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2 2	3.66.159.214 3.66.159.214	16509 (AMAZON-02) (AMAZON-02)
1	81.17.55.108 81.17.55.108	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	54.77.73.229 54.77.73.229	16509 (AMAZON-02) (AMAZON-02)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
2 3	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
1	198.47.127.205 198.47.127.205	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	208.93.169.131 208.93.169.131	46244 (WEBMD-IDC...) (WEBMD-IDC1-AS)
1 1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
2 3	18.197.117.175 18.197.117.175	16509 (AMAZON-02) (AMAZON-02)
1 1	35.210.239.72 35.210.239.72	15169 (GOOGLE) (GOOGLE)
2 2	3.120.12.191 3.120.12.191	16509 (AMAZON-02) (AMAZON-02)
1 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2 2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.225.83.103 13.225.83.103	16509 (AMAZON-02) (AMAZON-02)
1	63.33.177.221 63.33.177.221	16509 (AMAZON-02) (AMAZON-02)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
1	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
10	34.107.161.9 34.107.161.9	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.19.149.54 104.19.149.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
3	142.250.185.170 142.250.185.170	15169 (GOOGLE) (GOOGLE)
3	52.222.236.51 52.222.236.51	16509 (AMAZON-02) (AMAZON-02)
3	34.111.134.78 34.111.134.78	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
1	52.73.210.95 52.73.210.95	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
5	18.66.147.35 18.66.147.35	16509 (AMAZON-02) (AMAZON-02)
1	151.101.192.84 151.101.192.84	54113 (FASTLY) (FASTLY)
193	59

2 18.189.149.173 (Columbus, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-189-149-173.us-east-2.compute.amazonaws.com

arstechnica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net

cdn.arstechnica.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.18.131.236 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.238.243.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-94.ams58.r.cloudfront.net

ads-static.conde.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.144.23 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.mediavoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
plugin.mediavoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.112.202 (United States)

ASN13335 (CLOUDFLARENET, US)

polarcdn-terrax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (Dallas, United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.155.119 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.178.20 (United States)

ASN15169 (GOOGLE, US)
PTR: 20.178.149.34.bc.googleusercontent.com

shiverscissors.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 151.101.193.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidanalytics.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.172.92.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-92-248.compute-1.amazonaws.com

api.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.91 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-91.fra2.r.cloudfront.net

cdn.memo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.189.39 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-39.fra2.r.cloudfront.net

player.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Ascension Island)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.78.121 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-121.fra2.r.cloudfront.net

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.185.123 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-123.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.41.170 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.148.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-148-139.eu-west-1.compute.amazonaws.com

segment-data.zqtk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.69.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-69-71.ams1.r.cloudfront.net

z-na.associates-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.239 (United States)

ASN54113 (FASTLY, US)

api.condenast.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.169.143.178 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-143-178.compute-1.amazonaws.com

elsa.memoinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.243.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-129.ams58.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.215.116.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-116-28.compute-1.amazonaws.com

assoc-na.associates-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.162.160.243 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 141.226.124.48 (Israel)

ASN200478 (TABOOLA-AS, IL)

ch-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 52.222.250.126 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-250-126.fra60.r.cloudfront.net

dwgyu36up6iuz.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.57 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 141.226.228.48 (Netherlands) 2 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.66.159.214 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-159-214.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.17.55.108 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.73.229 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-73-229.eu-west-1.compute.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Mountain View, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.206.34 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.205 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.93.169.131 (United States)

ASN46244 (WEBMD-IDC1-AS, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.65 (Germany)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.197.117.175 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-117-175.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.210.239.72 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 72.239.210.35.bc.googleusercontent.com

u.ipw.metadsp.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.12.191 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-12-191.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.83.103 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-103.fra2.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.177.221 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-177-221.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.149 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.107.161.9 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 9.161.107.34.bc.googleusercontent.com

permutive.arstechnica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.149.54 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f10.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.236.51 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-51.fra56.r.cloudfront.net

player-frontend.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.134.78 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 78.134.111.34.bc.googleusercontent.com

planebasin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.251.9 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.210.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-210-95.compute-1.amazonaws.com

capture.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.66.147.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-35.fra60.r.cloudfront.net

dp8hsntg6do36.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.192.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	cloudfront.net dwgyu36up6iuz.cloudfront.net dp8hsntg6do36.cloudfront.net	1 MB
31	taboola.com 2 redirects cdn.taboola.com — Cisco Umbrella Rank: 1262 trc.taboola.com — Cisco Umbrella Rank: 907 ch-trc-events.taboola.com — Cisco Umbrella Rank: 3849 sync.taboola.com — Cisco Umbrella Rank: 1624 sync-t1.taboola.com — Cisco Umbrella Rank: 1924 match.taboola.com — Cisco Umbrella Rank: 8066 pips.taboola.com — Cisco Umbrella Rank: 1909 cds.taboola.com — Cisco Umbrella Rank: 2514 vidanalytics.taboola.com — Cisco Umbrella Rank: 10636	353 KB
21	arstechnica.net cdn.arstechnica.net — Cisco Umbrella Rank: 91875	742 KB
12	arstechnica.com 1 redirects arstechnica.com — Cisco Umbrella Rank: 57716 permutive.arstechnica.com — Cisco Umbrella Rank: 192500	22 KB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 635	250 KB
8	cnevids.com api.cnevids.com — Cisco Umbrella Rank: 276152 player.cnevids.com — Cisco Umbrella Rank: 29802 player-frontend.cnevids.com — Cisco Umbrella Rank: 37495	372 KB
7	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 5062 r.skimresources.com — Cisco Umbrella Rank: 4703 t.skimresources.com — Cisco Umbrella Rank: 4925 p.skimresources.com — Cisco Umbrella Rank: 8532	15 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 404 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 945	67 KB
4	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 cm.g.doubleclick.net — Cisco Umbrella Rank: 329	131 KB
4	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 851 pixel.adsafeprotected.com — Cisco Umbrella Rank: 1025	15 KB
3	planebasin.com planebasin.com — Cisco Umbrella Rank: 207870	1 KB
3	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 657	384 KB
3	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 614	1 KB
3	associates-amazon.com z-na.associates-amazon.com — Cisco Umbrella Rank: 15897 assoc-na.associates-amazon.com — Cisco Umbrella Rank: 5175	4 KB
2	openx.net 2 redirects u.openx.net — Cisco Umbrella Rank: 1024	768 B
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 713	739 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1698	1 KB
2	adscale.de 2 redirects ih.adscale.de — Cisco Umbrella Rank: 3400	633 B
2	memoinsights.com elsa.memoinsights.com — Cisco Umbrella Rank: 48934	1 KB
2	moatads.com z.moatads.com — Cisco Umbrella Rank: 862 mb.moatads.com — Cisco Umbrella Rank: 931	80 KB
2	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 640 dis.criteo.com — Cisco Umbrella Rank: 910	861 B
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 958	582 B
2	polarcdn-terrax.com polarcdn-terrax.com — Cisco Umbrella Rank: 15492	3 KB
2	mediavoice.com 1 redirects cdn.mediavoice.com — Cisco Umbrella Rank: 89114 plugin.mediavoice.com — Cisco Umbrella Rank: 64705	138 KB
2	conde.digital ads-static.conde.digital — Cisco Umbrella Rank: 28521	148 KB
1	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 1031	623 B
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	14 KB
1	condenastdigital.com capture.condenastdigital.com — Cisco Umbrella Rank: 25452	48 B
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 229	53 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 408	17 KB
1	permutive.com cdn.permutive.com — Cisco Umbrella Rank: 3714	33 KB
1	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 360	575 B
1	prmutv.co bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co — Cisco Umbrella Rank: 51582	391 B
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 2469	18 KB
1	metadsp.co.uk 1 redirects u.ipw.metadsp.co.uk — Cisco Umbrella Rank: 8309	236 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 687	1 KB
1	contextweb.com bh.contextweb.com — Cisco Umbrella Rank: 957	683 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 637	149 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 1265	245 B
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 1569	371 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 783	623 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 649	780 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1096	75 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1516	726 B
1	condenast.io api.condenast.io — Cisco Umbrella Rank: 50685	6 KB
1	zqtk.net segment-data.zqtk.net — Cisco Umbrella Rank: 18222	565 B
1	permutive.app cdn.permutive.app — Cisco Umbrella Rank: 9524	215 KB
1	memo.co cdn.memo.co — Cisco Umbrella Rank: 60056	7 KB
1	shiverscissors.com shiverscissors.com — Cisco Umbrella Rank: 221066	24 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	139 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	29 KB
193	51

	Domain	Requested by
42	dwgyu36up6iuz.cloudfront.net	arstechnica.com player-frontend.cnevids.com
21	cdn.arstechnica.net	arstechnica.com cdn.arstechnica.net
10	permutive.arstechnica.com	cdn.permutive.app
10	cdn.taboola.com	arstechnica.com cdn.taboola.com
10	cdn.cookielaw.org	arstechnica.com cdn.cookielaw.org
8	sync.taboola.com	2 redirects arstechnica.com
5	dp8hsntg6do36.cloudfront.net	player-frontend.cnevids.com
5	ch-trc-events.taboola.com	cdn.taboola.com
3	planebasin.com	shiverscissors.com
3	player-frontend.cnevids.com	player.cnevids.com player-frontend.cnevids.com
3	imasdk.googleapis.com	player.cnevids.com imasdk.googleapis.com
3	x.bidswitch.net	2 redirects
3	cm.g.doubleclick.net	2 redirects arstechnica.com
3	c.amazon-adsystem.com	ads-static.conde.digital c.amazon-adsystem.com
3	static.adsafeprotected.com	arstechnica.com ads-static.conde.digital player.cnevids.com
3	t.skimresources.com	arstechnica.com s.skimresources.com
3	player.cnevids.com	arstechnica.com cdn.arstechnica.net player.cnevids.com
2	u.openx.net	2 redirects
2	eb2.3lift.com	1 redirects arstechnica.com
2	rtb.mfadsrvr.com	2 redirects
2	sync-t1.taboola.com	arstechnica.com
2	ih.adscale.de	2 redirects
2	assoc-na.associates-amazon.com	z-na.associates-amazon.com
2	elsa.memoinsights.com	cdn.memo.co
2	trc.taboola.com	cdn.taboola.com
2	p.skimresources.com	arstechnica.com
2	api.cnevids.com	cdn.arstechnica.net
2	geolocation.onetrust.com	cdn.cookielaw.org
2	polarcdn-terrax.com	arstechnica.com cdn.mediavoice.com
2	ads-static.conde.digital	arstechnica.com ads-static.conde.digital
2	arstechnica.com	1 redirects
1	vidanalytics.taboola.com	cdn.taboola.com
1	ct.pinterest.com
1	pagead2.googlesyndication.com	imasdk.googleapis.com
1	capture.condenastdigital.com
1	connect.facebook.net	player-frontend.cnevids.com
1	s0.2mdn.net	imasdk.googleapis.com
1	cds.taboola.com	cdn.taboola.com
1	cdn.permutive.com	cdn.permutive.app
1	pips.taboola.com	cdn.taboola.com
1	ib.adnxs.com	cdn.permutive.app
1	bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co	cdn.permutive.app
1	pixel.adsafeprotected.com	static.adsafeprotected.com
1	www.datadoghq-browser-agent.com	ads-static.conde.digital
1	match.taboola.com	arstechnica.com
1	u.ipw.metadsp.co.uk	1 redirects
1	id5-sync.com	arstechnica.com
1	dis.criteo.com	1 redirects
1	bh.contextweb.com	arstechnica.com
1	match.adsrvr.org	arstechnica.com
1	simage2.pubmatic.com	arstechnica.com
1	trace.mediago.io	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	ssbsync.smartadserver.com	arstechnica.com
1	tg.socdm.com	1 redirects
1	mb.moatads.com	z.moatads.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	plugin.mediavoice.com	cdn.mediavoice.com
1	api.condenast.io	player.cnevids.com
1	z-na.associates-amazon.com	www.googletagmanager.com
1	segment-data.zqtk.net	ads-static.conde.digital
1	cdn.permutive.app	ads-static.conde.digital
1	z.moatads.com	ads-static.conde.digital
1	securepubads.g.doubleclick.net	www.googletagservices.com
1	gum.criteo.com	cdn.taboola.com
1	r.skimresources.com	s.skimresources.com
1	cdn.memo.co	arstechnica.com
1	shiverscissors.com	arstechnica.com
1	www.googletagmanager.com	arstechnica.com
1	s.skimresources.com	arstechnica.com
1	cdn.mediavoice.com	1 redirects
1	www.googletagservices.com	arstechnica.com
193	73

This site contains links to these domains. Also see Links.

Domain
video.arstechnica.com
www.condenast.com
cdn.arstechnica.net
web.archive.org
digital.nhs.uk
github.com
www.trendmicro.com
www.arstechnica.com
popup.taboola.com
yeahmotor.com
trc.taboola.com
livestly.com
qnarrator.com
www.vp21atrk.com
www.tips-and-tricks.co
za.investing.com
twitter.com
mastodon.social
www.facebook.com
www.youtube.com
www.instagram.com
condenast.com

Subject Issuer	Validity	Valid
*.arstechnica.com Amazon RSA 2048 M01	`2023-02-10` - `2023-11-26`	10 months	crt.sh
*.cachefly.net GlobalSign RSA OV SSL CA 2018	`2022-11-01` - `2023-12-03`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
ads-static.conde.digital Amazon RSA 2048 M02	`2023-03-20` - `2024-04-17`	a year	crt.sh
*.skimresources.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-25` - `2023-11-08`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
shiverscissors.com R3	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
cnevideos.com Amazon RSA 2048 M02	`2023-02-28` - `2023-12-29`	10 months	crt.sh
memo.co Amazon RSA 2048 M02	`2023-03-28` - `2024-04-25`	a year	crt.sh
*.cnevids.com Amazon RSA 2048 M02	`2023-08-18` - `2024-09-14`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2023-09-07` - `2023-12-06`	3 months	crt.sh
*.zqtk.net Amazon RSA 2048 M02	`2023-06-18` - `2024-07-16`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
assoc-na.associates-amazon.com Amazon RSA 2048 M01	`2023-03-08` - `2024-03-07`	a year	crt.sh
condenast.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-06-13` - `2024-07-14`	a year	crt.sh
memoinsights.com Amazon RSA 2048 M02	`2023-03-28` - `2024-04-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-06-20` - `2024-07-20`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.contextweb.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-10` - `2024-05-09`	a year	crt.sh
*.id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.datadoghq-browser-agent.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-14` - `2024-01-16`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.prmutv.co R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
a.api.permutive.app R3	`2023-09-10` - `2023-12-09`	3 months	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
planebasin.com R3	`2023-08-07` - `2023-11-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-07` - `2023-10-04`	3 months	crt.sh
conde.io Amazon RSA 2048 M02	`2023-06-27` - `2024-07-25`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-07`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Frame ID: 9B91F671C4356A3B1A22CB671B686A07
Requests: 159 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.20953932449712065
Frame ID: DD7DFDC0158C1BC9B29E0921A56C0998
Requests: 1 HTTP requests in this frame

Frame: https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZRMW7sCo5uYAAFGvplEAAAAA
Frame ID: 68AB40965A84AF6369D7AAF805B8E567
Requests: 17 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 7BD58D0F3020BAA0A55BCF83DC259A82
Requests: 20 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.591.2_en.html
Frame ID: 66E242B3F3C070A79C19CA69BA8CB853
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 88CA2557013503A0D4B95492D067446C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

Page URL History Show full URLs

https://arstechnica.com/?p=1969201 HTTP 301
https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knock... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Page Statistics

193
Requests

90 %
HTTPS

0 %
IPv6

51
Domains

73
Subdomains

59
IPs

8
Countries

4762 kB
Transfer

15451 kB
Size

38
Cookies

69 Outgoing links

These are links going to different origins than the main page.

URL: http://video.arstechnica.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://www.condenast.com/brands/ars-technica
Title: Advertise with Ars

Search URL Search Domain Scan URL

URL: https://cdn.arstechnica.net/wp-content/uploads/2023/09/trojan-backdoor.jpg
Title: Enlarge

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20160605160807/https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf
Title: first seen

Search URL Search Domain Scan URL

URL: https://digital.nhs.uk/cyber-alerts/2019/cc-2929
Title: have said

Search URL Search Domain Scan URL

URL: https://github.com/RamadhanAmizudin/malware/tree/62d0035db6bc9aa279b7c60250d439825ae65e41/Trochilus
Title: been available

Search URL Search Domain Scan URL

URL: https://github.com/ldcsaa/HP-Socket
Title: HP-Socket

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_ca/research/22/a/earth-lusca-sophisticated-infrastructure-varied-tools-and-techni.html
Title: documented

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-unsolved-mysteries-of-quantum-leap-with-donald-p-bellisario
Title: Unsolved Mysteries Of Quantum Leap With Donald P. Bellisario

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-unsolved-mysteries-of-warhammer-40k-with-author-dan-abnett
Title: Unsolved Mysteries Of Warhammer 40K With Author Dan Abnett

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/sitrep-f-16-replacement-search-a-signal-of-f-35-fail
Title: SITREP: F-16 replacement search a signal of F-35 fail?

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/sitrep-boeing-707
Title: Sitrep: Boeing 707

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/personal-history-steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube
Title: Steve Burke of GamersNexus Reacts To Their Top 1000 Comments On YouTube

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube
Title: Modern Vintage Gamer Reacts To His Top 1000 Comments On YouTube

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-the-nes-conquered-a-skeptical-america-in-1985
Title: How The NES Conquered A Skeptical America In 1985

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/scott-manley-reacts-to-his-top-1000-youtube-comments
Title: Scott Manley Reacts To His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/how-immersive-stories-deepen-the-horror-of-games-like-soma-and-amnesiac-rebirth
Title: How Horror Works in Amnesia: Rebirth, Soma and Amnesia: The Dark Descent

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/lgrs-clint-basinger-reacts-to-his-top-1000-youtube-comments
Title: LGR's Clint Basinger Reacts To His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/the-f-35-s-next-tech-upgrade
Title: The F-35's next tech upgrade

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-one-gameplay-decision-changed-diablo-forever
Title: How One Gameplay Decision Changed Diablo Forever

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-unsolved-mysteries-mortal-kombat
Title: Unsolved Mortal Kombat Mysteries With Dominic Cianciolo From NetherRealm Studios

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/us-navy-gets-an-italian-accent
Title: US Navy Gets an Italian Accent

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-amazons-undone-brought-dreams-to-life-through-rotoscope-and-oil-paints
Title: How Amazon’s “Undone” Animates Dreams With Rotoscoping And Oil Paints

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit
Title: Fighter Pilot Breaks Down Every Button in an F-15 Cockpit

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-nba-jam-became-a-billion-dollar-slam-dunk
Title: How NBA JAM Became A Billion-Dollar Slam Dunk

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/linus-tech-tips-reacts-to-his-top-1000-youtube-comments
Title: Linus "Tech Tips" Sebastian Reacts to His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-alan-wake-was-rebuilt-3-years-into-development
Title: How Alan Wake Was Rebuilt 3 Years Into Development

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-prince-of-persia-defeated-apple-ii-s-memory-limitations
Title: How Prince of Persia Defeated Apple II's Memory Limitations

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-how-crash-bandicoot-hacked-the-playstation-to-run
Title: How Crash Bandicoot Hacked The Original Playstation

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-myst
Title: Myst: The challenges of CD-ROM | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/markiplier-reacts-to-his-top-1000-youtube-comments
Title: Markiplier Reacts To His Top 1000 YouTube Comments

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-the-evolution-of-oddworld-and-what-comes-next
Title: How Mind Control Saved Oddworld: Abe's Oddysee

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe
Title: Bioware answers unsolved mysteries of the Mass Effect universe

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-civilization
Title: Civilization: It's good to take turns | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/sitrep-dod-resets-ballistic-missile-interceptor-program
Title: SITREP: DOD Resets Ballistic Missile Interceptor program

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/warframe-s-rebecca-ford-reviews-your-characters
Title: Warframe's Rebecca Ford reviews your characters

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-subnautica
Title: Subnautica: A world without guns | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-slay-the-spire-war-stories
Title: How Slay the Spire’s Original Interface Almost Killed the Game | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-amnesia-the-dark-descent-the-horror-facade
Title: Amnesia: The Dark Descent - The horror facade | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-c-and-c-tiberian-sun
Title: Command & Conquer: Tiberian Sun | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-blade-runner-skinjobs-voxels-and-future-noir
Title: Blade Runner: Skinjobs, voxels, and future noir | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-dead-space-the-drag-tentacle
Title: Dead Space: The Drag Tentacle | War Stories

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/teach-the-controversy-flat-earthers
Title: Teach the Controversy: Flat Earthers

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-gets-a-crucial-green-light
Title: Delta V: The Burgeoning World of Small Rockets, Paul Allen's Huge Plane, and SpaceX Gets a Crucial Green-light

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/chris-hadfield-explains-his-space-oddity-video
Title: Chris Hadfield explains his 'Space Oddity' video

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/apollo-the-greatest-leap-episode-1-risk
Title: The Greatest Leap, Episode 1: Risk

Search URL Search Domain Scan URL

URL: https://www.arstechnica.com/video/watch/war-stories-ultima-online-the-virtual-ecology
Title: Ultima Online: The Virtual Ecology | War Stories

Search URL Search Domain Scan URL

URL: https://video.arstechnica.com/
Title: More videos

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=condenast-arstechnica&utm_medium=referral&utm_content=thumbnails-a-6x1:Below%20Article%20Thumbnails%20-%20AT:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://yeahmotor.com/facebook/strangestaircraft-f/
Title: Yeah Motor

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/condenast-arstechnica/log/3/click?pi=%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff&ri=24f5d1ab19360a9f2b4aa47fe25d63f4&sd=v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ&ui=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&it=text&ii=~~V1~~8346523594968871626~~eQv9hDBEVF5DG25tTPleXfUowFmvubTrjSLjGn2VVMDnoZueAsnM0UTkqRiz-o8uV9GNaet_FWxUAZ9PPPsFwQ4kGdPRnQ5hJWYjEN4zraQLygSN5t9yIR7SaCTthJ3uo0rUo3V3hP1GqIdN4AP5E4Lylefa0kSrS10kKKkBgUDtWQ4PJW7nz3LbTbvf3t7X0DienrMXtv3R6ZWqDZ1725xFtVj1S2j8Uvlszv9Rgm8&pt=text&li=rbox-t2m&sig=23194ec93eb52764a0cb976f2af14b2607f6ede32363&redir=https%3A%2F%2Fyeahmotor.com%2Ffacebook%2Fstrangestaircraft-f%2F%3Fv%3Dinfscroll%26vpid%3D2%26utm_source%3Dtaboola%26utm_medium%3DTBYM3%26utm_campaign%3Dym_tb_dsk_0914_np_strangeair2dpym3cpa%26utm_content%3Dcondenast-arstechnica%26utm_term%3Dym_tb_dsk_0914_np_strangeair2dpym3cpa&vi=1695749868851&p=ym3-sc&r=57&tvi48=10638&tvi50=9563&lti=trecs&ppb=CM4D&cpb=EhMyMDIzMDkyMC0yNy1SRUxFQVNFGAEgnP__________ASoZY2gudGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjODAyNDM4gNrPgwtAkaQOSLe-DlDdztkDWPgDYwjQNxCOUxgwZGMIhTgQ20oYMmRjCNcWENUfGCNkYwjSAxDgBhgIZGMIlhQQoBwYGGRjCPf__________wEQ9___________ARgJZGMI_0YQi2YYHWRjCPQUEJ4dGB9kYwikJxCKNRgvZHgBgAECiAHGprv-AZABHJgBvZvGlK0x&cta=true
Title: Click Here

Search URL Search Domain Scan URL

URL: https://livestly.com/look-inside-air-force-one/
Title: Livestly

Search URL Search Domain Scan URL

URL: https://qnarrator.com/these-costume-mistakes-in-movies-look-painfully-out-of-place/
Title: qnarrator

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/condenast-arstechnica/log/3/click?pi=%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff&ri=24f5d1ab19360a9f2b4aa47fe25d63f4&sd=v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ&ui=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&it=text&ii=~~V1~~5675081402626843173~~GDKEa-yReEUFol3zb2lIsY5pwFxnGVq4_hcogXEOZVh9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kGX2zx8CgVUVkHH9GQANp1csJnhbc8pXpuxxdJaj5uIlYp23fQj64lUNo-UCIuO7L3-XcnfyhJ13FdoPgco1jGQaE3iK7ebMf8nQ4vZ9kk8x5tChKVNR2PDFtDPJ36GLiw&pt=text&li=rbox-t2m&sig=5deec7a57b67cc90f04c624b7efb9a6c3e436511f7b6&redir=https%3A%2F%2Fqnarrator.com%2Fthese-costume-mistakes-in-movies-look-painfully-out-of-place%2F%3Futm_source%3Dtb%26utm_medium%3Dqnarrator%26utm_campaign%3DTB%252BUSA%252BWardrobes%252BDESKTOP%26utm_term%3Dcondenast-arstechnica%26cost%3D0.18%26tblci%3DGiCC3y_QGiynWUGaBvoRaSb07yHkglJLIL1l3QqcRcNPdSCA6l8ogciviKKq2c6oAQ%23tblciGiCC3y_QGiynWUGaBvoRaSb07yHkglJLIL1l3QqcRcNPdSCA6l8ogciviKKq2c6oAQ&vi=1695749868851&p=baidusearch-qnarrator-sc&r=12&tvi48=10638&tvi50=9563&lti=trecs&ppb=CM4D&cpb=EhMyMDIzMDkyMC0yNy1SRUxFQVNFGAEgnP__________ASoZY2gudGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjODAyNDM4gNrPgwtAkaQOSLe-DlDdztkDWPgDYwjQNxCOUxgwZGMIhTgQ20oYMmRjCNcWENUfGCNkYwjSAxDgBhgIZGMIlhQQoBwYGGRjCPf__________wEQ9___________ARgJZGMI_0YQi2YYHWRjCPQUEJ4dGB9kYwikJxCKNRgvZHgBgAECiAHGprv-AZABHJgBvZvGlK0x&cta=true
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.vp21atrk.com/PBGRT/6JHXF/
Title: Tommy Chong's CBD

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/condenast-arstechnica/log/3/click?pi=%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff&ri=24f5d1ab19360a9f2b4aa47fe25d63f4&sd=v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ&ui=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&it=text&ii=~~V1~~-5237803375842584890~~XP4t4wiUwTYOflHAljKKdTNxbWbG6DOecybjy9nUYaR9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kNsEc1Z_zcbixnbk0JPozAksJnhbc8pXpuxxdJaj5uIlowlsRVrPEcAzBd55PBDyF8xwM9vnrM__lwNlNYuqS14frS9PztHZQsXl-nOKHa-a8FVvB3EAALxt-faU4cAhPaNqtnDVmfKlPD3545da0XqOs4a_7qIOhgu9DqiwHekR&pt=text&li=rbox-t2m&sig=688a3a6d82ad547113c28e29a8f8b85926b98a696f23&redir=https%3A%2F%2Fwww.vp21atrk.com%2FPBGRT%2F6JHXF%2F%3Fsource_id%3D8325891%26sub1%3Dcondenast-arstechnica%26sub2%3D3686520622%26sub3%3DGiCC3y_QGiynWUGaBvoRaSb07yHkglJLIL1l3QqcRcNPdSC4_ksovsrS6MOM3rLwAQ%26utm_source%3DTaboola%26utm_campaign%3DDESKTOP%2B-%2BCold%2B-%2BJWhitelist%2B-%2BTest%2B%2528day%2Bparted%2529%2Btsl%26utm_medium%3DPPC%26utm_content%3D3686520622%26utm_term%3D1521364%26tblci%3DGiCC3y_QGiynWUGaBvoRaSb07yHkglJLIL1l3QqcRcNPdSC4_ksovsrS6MOM3rLwAQ%23tblciGiCC3y_QGiynWUGaBvoRaSb07yHkglJLIL1l3QqcRcNPdSC4_ksovsrS6MOM3rLwAQ&vi=1695749868851&p=valkyriepartners-sc&tvi48=10638&tvi50=9563&lti=trecs&ppb=CM4D&cpb=EhMyMDIzMDkyMC0yNy1SRUxFQVNFGAEgnP__________ASoZY2gudGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjODAyNDM4gNrPgwtAkaQOSLe-DlDdztkDWPgDYwjQNxCOUxgwZGMIhTgQ20oYMmRjCNcWENUfGCNkYwjSAxDgBhgIZGMIlhQQoBwYGGRjCPf__________wEQ9___________ARgJZGMI_0YQi2YYHWRjCPQUEJ4dGB9kYwikJxCKNRgvZHgBgAECiAHGprv-AZABHJgBvZvGlK0x&cta=true
Title: Watch Now

Search URL Search Domain Scan URL

URL: https://www.tips-and-tricks.co/various/35-incredible-lifehacks-that-will-change-your-life/
Title: Tips and Tricks

Search URL Search Domain Scan URL

URL: https://za.investing.com/magazine/these-are-the-most-expensive-hollywood-homes-in-history/
Title: investing.com

Search URL Search Domain Scan URL

URL: https://twitter.com/arstechnica

Search URL Search Domain Scan URL

URL: https://mastodon.social/@arstechnica

Search URL Search Domain Scan URL

URL: https://www.facebook.com/arstechnica

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@arstechnica

Search URL Search Domain Scan URL

URL: https://www.instagram.com/arstechnica/

Search URL Search Domain Scan URL

URL: http://condenast.com/

Search URL Search Domain Scan URL

URL: https://www.condenast.com/user-agreement/
Title: User Agreement

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/
Title: Privacy Policy and Cookie Statement

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/#california
Title: Your California Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.condenast.com/online-behavioral-advertising-oba-and-how-to-opt-out-of-oba/#clickheretoreadmoreaboutonlinebehavioraladvertising(oba)
Title: Ad Choices

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy
Title: More information about your privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://arstechnica.com/?p=1969201 HTTP 301
https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js HTTP 301
https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js

Request Chain 120

https://tg.socdm.com/aux/idsync?proto=taboola HTTP 302
https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZRMW7sCo5uYAAFGvplEAAAAA

Request Chain 121

https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__ HTTP 302
https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__&nut&uu=4115335c25164e8a83bde8fba698d297 HTTP 302
https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=4115335c25164e8a83bde8fba698d297

Request Chain 123

https://pixel.rubiconproject.com/exchange/sync.php?p=16698 HTTP 302
https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LN0LOTUI-1P-1490

Request Chain 124

https://pr-bh.ybp.yahoo.com/sync/taboola/77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c?gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-h.qtiDFE2oRBCSVybE7SgUvX4QvzQRQzvx4Dlg--~A

Request Chain 125

https://trace.mediago.io/ju/cs/taboola HTTP 302
https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=199e3e9baf07863b2v7fp400ln0lou2y

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEED6R3Y8_8cuDgOw8kszAC8&google_cver=1

Request Chain 128

https://sync.taboola.com/sg/google-network/1/rtb/?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c

Request Chain 131

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bfa7acdd-6acd-48a0-87da-14dfb1e18e12&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 133

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=taboola&bsw_user_id=${BSW_USER_UD}&bsw_param=a1f287ba-f63d-4131-a612-2ae893c09fc2&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=taboola&bsw_param=a1f287ba-f63d-4131-a612-2ae893c09fc2

Request Chain 134

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=12abd0a7-8fb7-4d87-a254-a985a737844c HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=12abd0a7-8fb7-4d87-a254-a985a737844c&tbid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&query=taboola_hm%3D12abd0a7-8fb7-4d87-a254-a985a737844c&isDirect=0

Request Chain 135

https://eb2.3lift.com/xuid?mid=7772&xuid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&dongle=tbla&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=7772&xuid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=

Request Chain 136

https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26orig%3Dvideo%26taboola_hm%3D HTTP 302
https://u.openx.net/w/1.0/cm?cc=1&gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26orig%3Dvideo%26taboola_hm%3D HTTP 302
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=188437dd-dea0-06eb-3ac6-3cad5c597968

193 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Redirect Chain

https://arstechnica.com/?p=1969201
https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

63 KB
19 KB

217ms
216ms

Document
text/html

18.189.149.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.189.149.173 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-189-149-173.us-east-2.compute.amazonaws.com

Software

nginx/1.23.4 / PHP/8.1.19

Resource Hash

65d564651fbe230fc1103f76cbd09646a957923807d999c0bcdce19e5b42205a

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 26 Sep 2023 17:37:47 GMT
link: <https://arstechnica.com/wp-json/wp/v2/posts/1969201>; rel="alternate"; type="application/json"
server: nginx/1.23.4
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/8.1.19
x-xss-protection: 1; mode=block

Redirect headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 26 Sep 2023 17:37:47 GMT
location: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
server: nginx/1.23.4
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/8.1.19
x-redirect-by: WordPress
x-xss-protection: 1; mode=block

GET
H2 200 main-4b9af0fe84.css
cdn.arstechnica.net/wp-content/themes/ars/assets/css/ 336 KB
71 KB 139ms
35ms Stylesheet
text/css 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: cba2ea8a5c8a1482e3215c4eca8c019a9a6f239d30ee2b4040fc1121ea67c94b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:47 GMT
x-cf-tsc: 1682785016
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 8bf785f4eec75d762f8bf4017e45dd87
content-length: 72116
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: W/"644c1517-540a9"
content-type: text/css
access-control-allow-origin: *
cf4age: 48154
accept-ranges: bytes

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 350ms
22ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: h6ThlO7ea17v6JNPXbI1zQ==
age: 85808
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6822
x-ms-lease-status: unlocked
last-modified: Thu, 21 Sep 2023 18:23:17 GMT
server: cloudflare
etag: 0x8DBBACFD38A4097
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3d42448e-901e-0002-79c4-ec873b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46e3af6f35df-FRA

GET
H2 200 otCCPAiab.js Show response
cdn.cookielaw.org/opt-out/ 22 KB
6 KB 348ms
20ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/opt-out/otCCPAiab.js

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: ERttG9+iQk1LCPjR495NRw==
age: 42716
x-ms-lease-status: unlocked
last-modified: Tue, 22 Feb 2022 22:01:18 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 84ed10d5-601e-00ec-3ce1-5ad09f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 80cd46e3af7335df-FRA

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 98 KB
29 KB 483ms
125ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

7e5cc51adbe2dcaa5b277d98f2d220480bba6d99ca031e4aa5ceace2a76f895e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29307
x-xss-protection: 0
server: cafe
etag: 341 / 19626 / 31078130 / config-hash: 6460809382537402750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 26 Sep 2023 17:37:48 GMT

GET
H2 200 ars-technica.min.js Show response
ads-static.conde.digital/production/cns/builds/ars-technica/ 140 KB
42 KB 480ms
63ms Script
application/javascript 18.238.243.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.243.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-243-94.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae9e030c99d4aa20f6a2692e49269d730bbccdce57f985fd3880f75dce5e4c81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:27:16 GMT
content-encoding: br
via: 1.1 0be6ab2f92b7567e05a874f049abbbe6.cloudfront.net (CloudFront)
x-amz-version-id: 6fEGG2TGygjH94nVnlzsUbdW9PadY.3p
last-modified: Tue, 26 Sep 2023 16:37:47 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P1
age: 632
x-amz-server-side-encryption: AES256
etag: W/"5684f88a3c8d491fecc2c891a736f324"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=900, stale-while-revalidate=3600, stale-if-error=86400
x-amz-cf-id: nZAy-qPGeyE7ZJPKmAzfaPWz8IP5hqUwYHhNxCEGJrOzlzD1UiVduA==

GET
H2 200 ars-84a4ab0802.ads.us.js Show response
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 3 KB
1 KB 134ms
32ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/ars-84a4ab0802.ads.us.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 16708dda2536b4b3782313db4a6ec8456cd84da7ae0f56d7d2455e68fc9bc4f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:47 GMT
x-cf-tsc: 1681586623
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: d9594bc86f489295998f3d069cc26f06
content-length: 1143
x-cf2: H
last-modified: Fri, 24 Mar 2023 17:00:17 GMT
server: CFS 0215
x-cff: B
etag: W/"641dd721-bc0"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 1876099
accept-ranges: bytes
x-cf-rand: 69.920

GET
H2 200 style.min.css
cdn.arstechnica.net/wp/wp-includes/css/dist/block-library/ 87 KB
15 KB 135ms
33ms Stylesheet
text/css 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:47 GMT
x-cf-tsc: 1681586623
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: ad226015fda3ddcf2a54c9e6ee5399b3
content-length: 14508
x-cf2: H
last-modified: Mon, 17 Oct 2022 21:17:21 GMT
server: CFS 0215
x-cff: B
etag: W/"634dc661-15b64"
content-type: text/css
access-control-allow-origin: *
cf4age: 12508725
accept-ranges: bytes
x-cf-rand: 94.719

GET
H2 200 comments.css
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/ 4 KB
1 KB 128ms
27ms Stylesheet
text/css 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/comments.css?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 76a942b00d27a492f8c322bd161121bf2c010d6453ded0cc0788477bc1c7f61d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:47 GMT
x-cf-tsc: 1681586623
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 5c579de2b94370c414a335837df5cd7f
content-length: 1101
x-cf2: H
last-modified: Fri, 24 Mar 2023 16:40:48 GMT
server: CFS 0215
x-cff: B
etag: W/"641dd290-10e6"
content-type: text/css
access-control-allow-origin: *
cf4age: 1873325
accept-ranges: bytes
x-cf-rand: 99.841

GET
H2 200 paywall.css
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/ 839 B
1 KB 131ms
30ms Stylesheet
text/css 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/css/paywall.css?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 4046579e6e4eb157620e7ed218f64cca8b290ba6269d762df786c3c5e069cc5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:47 GMT
x-cf-tsc: 1681586623
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 4b5a3579b1ac1efb982dde7dbf5a92f7
content-length: 839
x-cf2: H
last-modified: Fri, 24 Mar 2023 16:40:48 GMT
server: CFS 0215
x-cff: B
etag: "641dd290-347"
content-type: text/css
access-control-allow-origin: *
cf4age: 1873325
accept-ranges: bytes
x-cf-rand: 39.596

GET
H2 200 trojan-backdoor-800x534.jpg
cdn.arstechnica.net/wp-content/uploads/2023/09/ 153 KB
153 KB 37ms
37ms Image
image/jpeg 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2023/09/trojan-backdoor-800x534.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 0622208799920b6a0cd84617733b0df25deba855ce6bb5f4ba06d2a5d67ec553

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-amz-version-id: 7YMbovn5BgTcE1L6oovKaKjzdBA8sj8p
x-cf-tsc: 1695724134
x-cf3: H
x-amz-request-id: XN56DK5CQC58KSVK
cf4ttl: 43200.000
x-amz-server-side-encryption: AES256
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:M
x-cf-reqid: bd29bcd661162e4e4b7168d49e9849fa
x-amz-replication-status: COMPLETED
content-length: 156478
x-amz-id-2: xdKvLaWmhVY0dWi4UVR5r1/09Q9RyWWCKWZFwuPlNLDrz7OPhNJYydcgmgPHP2Jk93CKaF7v9+s=
x-cf2: H
last-modified: Mon, 18 Sep 2023 22:47:56 GMT
server: CFS 0215
x-cff: B
etag: "5b1f73ad1ace0d6c2a0be2b9dd7a1786"
content-type: image/jpeg
access-control-allow-origin: *
cf4age: 601110
accept-ranges: bytes

GET
H2 200 privacyoptions123x59-c5c9972158.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 1 KB
1 KB 46ms
46ms Image
image/png 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/privacyoptions123x59-c5c9972158.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 3ffb2898bfdc64f6aa63183418b7c42a529f37505c70f68270abf62d90d6babe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1687530693
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 9bade6930886d9e2d6b24ff45cf7d5a1
content-length: 1188
x-cf2: H
last-modified: Fri, 23 Jun 2023 09:42:39 GMT
server: CFS 0215
x-cff: B
etag: "6495690f-4a4"
content-type: image/png
access-control-allow-origin: *
cf4age: 19
accept-ranges: bytes

GET
H2 200 main-f627adae4a.js Show response
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 626 KB
204 KB 30ms
30ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-f627adae4a.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 8b46b307807e5cec27d9bb578a14f0d90ff3ace1eaaf6c7e682734337c0e0378

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682785016
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 87a0b199606b9215ba81fc7d71fb2b5c
content-length: 208328
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: W/"644c1517-9c79d"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 69428
accept-ranges: bytes
x-cf-rand: 4.726

GET
H2

200

conde-asa-polar-master.js Show response
polarcdn-terrax.com/nativeads/script/condenastcorporate/
Redirect Chain

https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js

5 KB
2 KB

393ms
22ms

Script
text/javascript

104.16.112.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 104.16.112.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
via: 1.1 varnish
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 11:35:56 GMT
server: cloudflare
age: 15613
vary: Accept-Encoding
content-type: text/javascript
x-varnish: 3905741213
cache-control: max-age=21600
accept-ranges: bytes
cf-ray: 80cd46ea2fbc9a05-FRA
content-length: 2018

Redirect headers

date: Tue, 26 Sep 2023 17:37:48 GMT
server: cloudflare
vary: Accept-Encoding
location: https://polarcdn-terrax.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
x-country: DE
cache-control: max-age=3600
cf-ipcountry: DE
cf-ray: 80cd46e64e489196-FRA
expires: Tue, 26 Sep 2023 18:37:48 GMT

GET
H2 200 100098X1555750.skimlinks.js Show response
s.skimresources.com/js/ 36 KB
14 KB 135ms
40ms Script
application/octet-stream 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: e213cf8f887633ac8924c0390bb121f259a895ab8432013f5b6e1c37727802aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
content-encoding: gzip
last-modified: Mon, 12 Jun 2023 15:01:52 GMT
server: AmazonS3
x-amz-request-id: EC4MQPW9BNQT1F90
etag: "7c5963972efe352a00c4f008ac8c383b"
x-hw: 1695749868.cds298.lo4.hn,1695749868.cds222.lo4.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 13836
x-amz-id-2: 3VkQo86/CwfEclMxFGwMJUFRC+XnUoumejNAqaU4yANnA6iDDC5rj67V0WdxaIzHYFs6GIcClbM=

GET
H2 200 iframeResizer.min.js Show response
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/ 14 KB
6 KB 36ms
36ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/iframeResizer.min.js?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 4bc7f443f57d55c7eba98816a3d1054bdcee0cc74f4c1302f82056d118f141bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1681586623
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 9ff67fb7a294e46bf042d48f0aca14b5
content-length: 5969
x-cf2: H
last-modified: Fri, 24 Mar 2023 16:40:48 GMT
server: CFS 0215
x-cff: B
etag: W/"641dd290-3734"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 1873325
accept-ranges: bytes
x-cf-rand: 17.877

GET
H2 200 iframe.js Show response
cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/ 7 KB
2 KB 38ms
38ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/plugins/article-forum-connect/public/js/iframe.js?ver=1.2.2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: c390e14d82304a2d9f01faedb819791a5553764c90bd4830c3a27b6108006644

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1681586623
content-encoding: gzip
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 6cd865390fc76e9c280ee561d2063506
content-length: 1697
x-cf2: H
last-modified: Fri, 24 Mar 2023 16:40:48 GMT
server: CFS 0215
x-cff: B
etag: W/"641dd290-1c92"
content-type: application/javascript
access-control-allow-origin: *
cf4age: 1696995
accept-ranges: bytes

GET
H2 200 b10882a1-8446-4e7d-bfb2-ce2c770ad910.json Show response
cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/ 6 KB
3 KB 372ms
28ms XHR
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b10882a1-8446-4e7d-bfb2-ce2c770ad910.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

576b3a57aedb0ee6471245d8d079ce89b27123154c214cedf48707d714f3c29a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 82773
content-md5: NFD29RB3ZZq2a9dZU33EnA==
content-length: 2008
x-ms-lease-status: unlocked
last-modified: Tue, 22 Aug 2023 18:19:56 GMT
server: cloudflare
etag: 0x8DBA33C633C4F76
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3834cf97-301e-00a2-6725-d5039a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46e60b1a928f-FRA
expires: Wed, 27 Sep 2023 17:37:48 GMT

GET
H2 200 dnsfeed Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 92 B
261 B 384ms
31ms Script
text/javascript 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/dnsfeed

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4b865cf3629aa782468de4e0c9aa7dbd539d654d90c4779613f11d55a13d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
cf-ray: 80cd46e638eb9b70-FRA
vary: Accept-Encoding
content-type: text/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 519 KB
139 KB 383ms
26ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

20696781e686ad80a8e82078a48b617b5b1e0cdc1cc5e69adb0e83180b7dbd4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142142
x-xss-protection: 0
last-modified: Tue, 26 Sep 2023 16:18:24 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 26 Sep 2023 17:37:48 GMT

GET
H2 200 v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU Show response
shiverscissors.com/ 68 KB
24 KB 417ms
24ms Script
text/javascript 34.149.178.20
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.178.20 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

20.178.149.34.bc.googleusercontent.com

Software

Resource Hash

49ac1501c28bdd468dc1c32a98a2cae287639d9f4c34f22bc29c006eb085d5eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Tue, 26 Sep 2023 17:37:48 GMT
x-datacenter: gce-europe-west1
etag: "85d3a807de5ea64d43d142cec2f18ad40e3714653bda52bb6ce6a8cf26990409"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-kjrp
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 998028631
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/condenast1-network/ 288 KB
77 KB 48ms
10ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d251fd29e28ab21162d41460457570b34e863f86b4845e0cf2be736875e24c86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: KZhWhM26kOuXx06E1xRrRRPdLOruB9wi
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:48 GMT
x-amz-request-id: XG7BSSQ3RYN6XQP0
age: 21339
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 78128
x-amz-id-2: EzkMw8Y5ww5fpntdABE62HI0K5eIiEKWiiKAytFrA6O8L2VQEcH3ELS+KsnAzkLdJV9XBRg8lMk=
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Wed, 20 Sep 2023 14:00:22 GMT
server: AmazonS3
x-timer: S1695749868.206048,VS0,VE0
etag: "e02efdcd0aa4b6adc706f4f083e860c8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 67
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 202

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 357 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 400 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 hacked-300x150.jpg
cdn.arstechnica.net/wp-content/uploads/2015/08/ 15 KB
15 KB 56ms
0ms Image
image/jpeg 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2015/08/hacked-300x150.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: e1ecb7f0b8bda1e5b43f2fc26f0f566c46ff6d5a94b5794c6be7b8242acc6663

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-amz-version-id: null
x-cf-tsc: 1695712152
x-cf3: H
x-amz-request-id: 6H246VK2SX7960XR
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1666693923:cacheN.waw1-01:M
x-cf-reqid: 58a07b5e13de5a61daa0ff9bd945ccf6
content-length: 15021
x-amz-id-2: 6PDfCfE2SUEgneh4pgH5OQiFaWf7yHof6QGm828nb7mB9J/RuyEclFDetyEaRXLKclLKy1Pbn2Y=
x-cf2: H
last-modified: Fri, 20 Dec 2019 23:41:47 GMT
server: CFS 0215
x-cff: B
etag: "52348d5996155348ebf772ab04037926"
content-type: image/jpeg
access-control-allow-origin: *
cf4age: 14321444
accept-ranges: bytes
x-cf-rand: 46.878

GET
H2 200 Dang.jpg
cdn.arstechnica.net/wp-content/uploads/2018/10/ 90 KB
91 KB 140ms
46ms Image
image/jpeg 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2018/10/Dang.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-amz-version-id: null
x-cf-tsc: 1695744440
x-cf3: H
x-amz-request-id: JENVA7N70BS4X482
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:M
x-cf-reqid: b25d8c65560b8000148413c7d214d2ac
content-length: 92486
x-amz-id-2: n2CfTxAzNuMzjuP4SxXPj5kwrAJzblRB8ex6KGVzKD0fCo9kUbbqKq6UtHNU6f6RVRhUgPz7xa4=
x-cf2: H
last-modified: Sat, 21 Dec 2019 01:48:48 GMT
server: CFS 0215
x-cff: B
etag: "03e5fec9e7ca5f8064d945bd791bd4c3"
content-type: image/jpeg
access-control-allow-origin: *
cf4age: 27872391
accept-ranges: bytes

GET
H2 200 channel-ars-be7bb52ba9.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 5 KB
5 KB 131ms
45ms Image
image/png 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/channel-ars-be7bb52ba9.png
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1685269263
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fC.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 5013ecda9522d80a838ce5c63d092565
content-length: 4809
x-cf2: H
last-modified: Fri, 12 May 2023 15:41:19 GMT
server: CFS 0215
x-cff: B
etag: "645e5e1f-12c9"
content-type: image/png
access-control-allow-origin: *
cf4age: 1319439
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 economica-bold-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 25 KB
25 KB 120ms
34ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-bold-otf-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682784798
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: b0113026a24821bcd32619d9f29ef400
content-length: 25592
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: "644c1517-63f8"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 51632
accept-ranges: bytes

GET
H2 200 economica-regular-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 24 KB
24 KB 155ms
69ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-regular-otf-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682784797
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: f1b903438d9a4c13efe0febecca597a8
content-length: 24264
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: "644c1517-5ec8"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 36485
accept-ranges: bytes
x-cf-rand: 89.296

GET
H2 200 bitter-italic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 24 KB
24 KB 161ms
75ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-italic-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1692519417
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 07ee56616fcf8322c95367674e1fbd84
content-length: 24212
x-cf2: H
last-modified: Thu, 17 Aug 2023 21:52:01 GMT
server: CFS 0215
x-cff: B
etag: "64de9681-5e94"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 207207
accept-ranges: bytes
x-cf-rand: 90.748

GET
H2 200 bitter-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 22 KB
23 KB 162ms
77ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-regular-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682784798
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: bad3d95d699fcadd359821b2f2233daa
content-length: 22872
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: "644c1517-5958"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 51632
accept-ranges: bytes

GET
H2 200 opensans-semibold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 19 KB
19 KB 155ms
70ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibold-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682784798
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 49ef6a5235e1f1ab0c9748d8a6be5482
content-length: 18972
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: "644c1517-4a1c"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 47934
accept-ranges: bytes

GET
H2 200 opensans-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 18 KB
19 KB 147ms
65ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-regular-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682784797
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 1fc0c8cca2281b63aefae9ed14715348
content-length: 18824
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: "644c1517-4988"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 36485
accept-ranges: bytes
x-cf-rand: 46.321

GET
H2 200 opensans-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 19 KB
19 KB 139ms
57ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-bold-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1682784798
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 41f753a5880f548bf1b44d8ad5d7b222
content-length: 19516
x-cf2: H
last-modified: Fri, 28 Apr 2023 18:48:55 GMT
server: CFS 0215
x-cff: B
etag: "644c1517-4c3c"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 47934
accept-ranges: bytes

GET
H2 200 bitter-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 22 KB
22 KB 125ms
43ms Font
font/woff2 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-bold-webfont.woff2
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-4b9af0fe84.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
x-cf-tsc: 1692519091
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fE.waw1:co:1525808045:cacheN.waw1-01:H
x-cf-reqid: 0cbd48da88d51c5e7414ad8d12ec8586
content-length: 22104
x-cf2: H
last-modified: Thu, 17 Aug 2023 21:52:01 GMT
server: CFS 0215
x-cff: B
etag: "64de9681-5658"
content-type: font/woff2
access-control-allow-origin: *
cf4age: 184625
accept-ranges: bytes
x-cf-rand: 0.282

GET
H/1.1 200
OK video_groups Show response
api.cnevids.com/v1/ 4 KB
1 KB 514ms
108ms XHR
application/json 54.172.92.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cnevids.com/v1/video_groups?filters={%22channel_key%22:%22arstechnica%22}&pagesize=20&endpoint=oo.arstechnica

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-f627adae4a.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.92.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-92-248.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

cb52c9b5c6b4f30eb9580d4414ecd97d408ffb0579fc9792f379da7e9e43221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/*
Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Status: 200 OK
Connection: keep-alive
Content-Length: 658
X-XSS-Protection: 1; mode=block
X-Request-Id: 221ec609-5424-4d0a-8963-9c9bd811ab7e
X-Runtime: 0.001817
X-Backend-Node: 10.110.121.247
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"b314c30181e6d31078b9a0c38bdd3753"
X-Download-Options: noopen
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate
Vary: Accept-Encoding, Origin
X-Frame-Options: SAMEORIGIN

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 83 B
321 B 348ms
25ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 80cd46e988853802-FRA
access-control-allow-headers: Content-Type

GET
H2 200 memo.js Show response
cdn.memo.co/js/ 21 KB
7 KB 172ms
117ms Script
application/javascript 13.225.78.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.memo.co/js/memo.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.91 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-91.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4d7b91ed4a7804e22b94e4873af273def73469e80b740bd9787e287003058868

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: dIwRVCKiXrZkA8Vq0TRLD0Yyqjiw5iXT
content-encoding: gzip
via: 1.1 eb1a8c1b1275e33a016e623478052110.cloudfront.net (CloudFront)
date: Tue, 26 Sep 2023 17:37:49 GMT
last-modified: Wed, 04 May 2022 18:49:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
etag: W/"09a117df3977ec5a869191fcea2ac408"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-id: P0BcfawvLH9ZFZJ2Y0tSSNS-Be50PwMn-CC73x-Sda0SFFmpJ6sjqQ==

GET
H/1.1 200
OK arstechnica.js Show response
player.cnevids.com/interlude/ 113 KB
28 KB 93ms
27ms Script
text/javascript 13.224.189.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/interlude/arstechnica.js?isRightRail=true

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.39 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-39.fra2.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

560bf130580f795cffabe8de5f2c69ec3f92921e1841ae6e55d516a046805cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies: none
X-Amz-Cf-Pop: FRA2-C1
Age: 24
X-Cache: Hit from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 27992
X-XSS-Protection: 1; mode=block
X-Request-Id: b011686a-6f88-4dcd-beb4-0344d6963857
X-Runtime: 0.008021
X-Backend-Node: 10.110.13.254
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"aa37e3eaf140ac74f328c2d5b35b8311"
X-Download-Options: noopen
Vary: Origin,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: lfyin9HXqg2PY7Vy3OP6I0I5-SRdY_ndPjTqcd8omLsQO6euKrf13w==

POST
H2 200 / Show response
r.skimresources.com/api/ 165 B
384 B 139ms
25ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.19.9.1 /

Resource Hash

c04c88027d9c7fc7b6eabbd7d2927062161e0c012aece1ff7cdd87a9ef7f8452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: openresty/1.19.9.1
via: 1.1 google
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame DD7D 0
123 B 138ms
25ms Image
text/plain 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.20953932449712065
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 , Ascension Island, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:48 GMT
via: 1.1 google
cache-control: private, no-store
server: nginx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain

GET
H2 200 px.gif
p.skimresources.com/ 43 B
276 B 195ms
18ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=10.742029071131785
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Tue, 26 Sep 2023 17:37:48 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 196ms
18ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=10.742029071131785
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date: Tue, 26 Sep 2023 17:37:48 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
content-type: image/gif

GET
H2 200 sync Show response
gum.criteo.com/ 46 B
288 B 370ms
8ms Script
text/javascript 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 198152
expires: 60

GET
H2 200 impl.20230920-27-RELEASE.js Show response
cdn.taboola.com/libtrc/ 810 KB
168 KB 30ms
30ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20230920-27-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 5c413de57e629fbba188d440b4d7e5f2e4458ce3be46973223d8b44caf071f52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: intVab2PW6P1rT.KvLfvGQN_lPLSTonz
content-encoding: br
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:48 GMT
x-amz-request-id: VR5TS1XX20SFRR21
age: 15413
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 171478
x-amz-id-2: xsayEOAeWyvpN/OPuTs8oTZaORzgXpB2f3g+HtuYOORn/1yEGBho7eMU3hygtG2gmTwSEyxBlCQ=
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Wed, 20 Sep 2023 13:19:18 GMT
server: AmazonS3-br
x-timer: S1695749869.851062,VS0,VE0
etag: "d21d0fc11919906291c7af244ef87480"
vary: Accept-Encoding
content-type: application/javascript
abp: 79
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 28

POST
H2 200 json Show response
trc.taboola.com/condenast-arstechnica/trc/3/ 14 KB
7 KB 537ms
500ms XHR
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/condenast-arstechnica/trc/3/json?llvl=2&tim=19%3A37%3A48.851&lti=trecs&pubit=n&t=1&data=%7B%22cmps%22%3A2%2C%22id%22%3A%2299546%22%2C%22sd%22%3A%22%22%2C%22ui%22%3A%22%22%2C%22ii%22%3A%22%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%22%2C%22it%22%3A%22text%22%2C%22vi%22%3A1695749868851%2C%22cv%22%3A%2220230920-27-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F%22%2C%22qs%22%3A%22%22%2C%22bv%22%3A%220%22%2C%22btv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F%22%2C%22vpi%22%3A%22%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4974%2C%22sde%22%3A%221.000%22%2C%22lt%22%3A%22trecs%22%2C%22nsid%22%3A%22condenast1-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%20-%20AT%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%20-%20AT%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a-6x1%3Apub%3Dcondenast1-network%3Aabp%3D0%22%2C%22cd%22%3A4488.75%2C%22mw%22%3A1220%7D%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22cacheKey%22%3A%22text%3D%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2CBelow%20Article%20Thumbnails%20-%20AT%3Dthumbnails-a-6x1%3Apub%3Dcondenast1-network%3Aabp%3D0%22%2C%22_cn%22%3A%22tions_1%22%2C%22lbt%22%3A1695218415726%2C%22wc%22%3Atrue%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0e09024ab9d75e3cb7d6ec91068af15e78fe4d124c8210207b9ec63a24ec1145

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 491
date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 1.5983333333333334
x-fastly-to-nlb-rtt: 97425
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230117-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1695749869.934000,VS0,VE491
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
482 B 477ms
11ms Image
image/gif 13.225.78.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adslot=jzvgq_728x90_
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.121 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-121.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 02:16:03 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 22000907
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: rTtR298oka_xAWx9l1xffdIOJFfq9_-ZtBld3T0nnzdnn93OZBNpjQ==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/ 409 KB
130 KB 365ms
13ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202309210101/pubads_impl.js?cb=31078130

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

17a60971acd82c65cd57863f07cbc2fc9124483c6fb6f9bfa270019c058a479c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 14:56:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9653
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132106
x-xss-protection: 0
server: cafe
etag: 17184539905708832606
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 25 Sep 2024 14:56:56 GMT

GET
H2 200 iasPET.1.js Show response
static.adsafeprotected.com/ 22 KB
7 KB 389ms
12ms Script
application/javascript 13.225.78.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/iasPET.1.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.121 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-121.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: UWTIHcIBCTlOhfqinKDA9NwqhFA8.Ocb
content-encoding: gzip
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
date: Thu, 21 Sep 2023 18:54:14 GMT
x-amz-cf-pop: FRA2-C2
age: 460608
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Jun 2021 13:42:44 GMT
server: AmazonS3
etag: W/"51636de3ce868a2172f9e6996c2934e0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 35Shw138KxgfnBav4hOdX6Tf-T41fOXNwSY6oH41ENSkMTns85XqMA==

GET
H2 200 moatheader.js Show response
z.moatads.com/condenastprebidheader987326845656/ 223 KB
79 KB 72ms
11ms Script
application/x-javascript 23.32.185.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.123 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-123.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d2438f306200d5370bbe42e88464fdcd6b5f1eba1c29bf077d574e6d241eaf26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
last-modified: Tue, 12 Sep 2023 08:34:04 GMT
server: AmazonS3
x-amz-request-id: JQJZS8X8NYZM63R5
etag: "6fa243719b57ce06765505656253b521"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=37314
accept-ranges: bytes
content-length: 80483
x-amz-id-2: JH5jshm9z5IDvowXVfAe0qT4cIt0cqA1diDP5I8FF3RxlvuyBRUiUswJQvvTMFFojRXSlZOCYdk=

GET
H2 200 1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js Show response
cdn.permutive.app/ 1 MB
215 KB 410ms
40ms Script
application/javascript 104.18.41.170
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.41.170 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3059a982a71dd23c723000226fffebca5e28cf1be474afa7de0ebe1120492bff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: bd1cec50-00d1-4ce9-9572-785857419a1e
age: 0
x-guploader-uploadid: ADPycdunX-7mdXotzqr_K8-sdmC2h3XaeGo8xYxFHWecdNUByvBlnyv5zbnvNpHeA9yG4-VjAaissFuj1Tcsnmr-HUgTQhgFV0On
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
last-modified: Tue, 26 Sep 2023 17:32:43 GMT
server: cloudflare
etag: W/"abd5adbd30a2f2a8b80bb6f2beadfb49"
vary: Accept-Encoding
x-goog-generation: 1695749563045791
content-type: application/javascript
x-goog-hash: crc32c=lyqhVg==, md5=q9WtvTCi8qi4C7byvq37SQ==
cache-control: public, max-age=900
x-goog-stored-content-length: 246812
timing-allow-origin: *
cf-ray: 80cd46ebeb34692e-FRA
expires: Tue, 26 Sep 2023 17:52:49 GMT

GET
H/1.1 200
OK condenast-amp Show response
segment-data.zqtk.net/ 312 B
565 B 178ms
38ms XHR
application/javascript 63.34.148.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://segment-data.zqtk.net/condenast-amp?url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.148.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-148-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 35fb4ac258b8026473b1b8858416d0a62e5a559ccd58aadbd83ac6c5ebdfe583

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:49 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: https://arstechnica.com
X-Result-Id: BZlMSoKx1az
Cache-Control: max-age=98607
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: Wed, 27 Sep 2023 21:01:17 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 255 KB
63 KB 161ms
11ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 241df04a32e1a0a4da58eb35f672c5f0b4e1fa131475803ce3222bf493632d5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:15:32 GMT
content-encoding: gzip
via: 1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront), 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
last-modified: Thu, 21 Sep 2023 19:18:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 1338
x-amz-server-side-encryption: AES256
etag: W/"e1caada96468a3b669d0d0cc6ec9a23c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: Kik-gg_DQufwP_8UtxlJAXPSJbPib9tMGdepeIPUI1lVvTooiEuvCg==

GET
H2 200 prebid.min.js Show response
ads-static.conde.digital/production/cns/builds/ars-technica/ 333 KB
106 KB 28ms
27ms Script
application/javascript 18.238.243.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/prebid.min.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.243.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-243-94.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b923c564473d30245b19bc93eaa384225d8ca55118931f89df58e4de539ecb77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: W1ekqYaeI9b2d39f733XZQ83XWuN4aQH
content-encoding: gzip
via: 1.1 0be6ab2f92b7567e05a874f049abbbe6.cloudfront.net (CloudFront)
date: Tue, 26 Sep 2023 17:36:15 GMT
last-modified: Wed, 06 Sep 2023 18:43:58 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P1
age: 95
x-amz-server-side-encryption: AES256
etag: W/"bf357e4a648bea9a6ea64056718fcea6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=900
x-amz-cf-id: 6ydVxDscU1BjWLCpLs26Q4pklZtC22QiavekrU0nNZOlUsEXMVhhAA==

GET
H2 200 v2 Show response
z-na.associates-amazon.com/onetag/ 11 KB
4 KB 133ms
18ms Script
text/javascript 108.156.69.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.69.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-69-71.ams1.r.cloudfront.net

Software

Server /

Resource Hash

7475f5c70d3b6020b6f4621b2e69fba3360bea00a913e60b085af165b93842ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Mon, 25 Sep 2023 21:46:49 GMT
content-encoding: gzip
accept-charset: UTF-8
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 b23a8ff8d37f680e0dbac5e6c56145e2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: AMS1-P2
x-amz-rid: 8DKHVSBWKN5MKB28F8JR
age: 71460
vary: accept-encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
access-control-allow-origin: *
x-amz-cf-id: zc3icqot0jwBFwQJh1Thaqvz66EhJrKUjsluf1Y68B2ad5YtkmNY6g==

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
358 B 51ms
26ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.5 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:49 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.5
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
114 B 58ms
34ms XHR
application/javascript 35.201.67.47
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.10 aiohttp/3.8.5 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:49 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.10 aiohttp/3.8.5
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://arstechnica.com
warning: 299 - "Deprecated API"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK recommendations Show response
api.condenast.io/v1/ 23 KB
6 KB 488ms
413ms Fetch
application/json 151.101.0.239
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://api.condenast.io/v1/recommendations?applicationID=cne-interlude-arstechnica&brand=arstechnica&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&filter%5Bstrategy%5D=POPULAR&filter%5BcontentType%5D=CNEVIDEO&filter%5Blanguage%5D=en-US&page%5Bsize%5D=5
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/interlude/arstechnica.js?isRightRail=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 91eabae06def7894e0b0e2ddc0b6e52936901b1dcae3a88d2055dcaed2894a11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
Via: 1.1 40459db2072186c90a4a2b4ca9cafa56.cloudfront.net (CloudFront), 1.1 varnish
x-backend: 2SrKDXXFWNz87LdtRpzPzK--F_RECS_NA
X-Amz-Cf-Pop: BOM78-P5
transfer-encoding: chunked
X-Cache: Miss from cloudfront, MISS
Connection: keep-alive
X-Served-By: cache-fra-eddf8230064-FRA
X-Timer: S1695749869.304372,VS0,VE385
Vary: origin,accept-encoding, Accept-Encoding, Origin
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: private, max-age=0
access-control-allow-credentials: true
Accept-Ranges: bytes
X-Amz-Cf-Id: UpBiN3-13OeZV1xTGkkDeVBDcA1bDalv5gXTQrZWhvHQ-H-uiJ9Rbw==
X-Cache-Hits: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 404 KB
98 KB 31ms
18ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XJk1ZZTljtwHFT3qcIJg+w==
age: 59865
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99599
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:36 GMT
server: cloudflare
etag: 0x8DB82A15D413626
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7a75efb1-601e-0081-6c94-b47ab1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46eabefb35df-FRA

GET
H/1.1 200
OK 5b27ee7e8c1abc4e7900000f Show response
api.cnevids.com/v1/video_groups/ 104 KB
18 KB 215ms
208ms XHR
application/json 54.172.92.248
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cnevids.com/v1/video_groups/5b27ee7e8c1abc4e7900000f?endpoint=oo.arstechnica

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-f627adae4a.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.92.248 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-92-248.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

ee487c98e8e014c353b73ee8c1008298c95b1c5dbb828b63dfe68a022b1dd352

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/*
Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
transfer-encoding: chunked
Status: 200 OK
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Request-Id: cd68648c-aaa1-4160-835d-2de336dd54e1
X-Runtime: 0.004619
X-Backend-Node: 10.110.41.114
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"8c3f3ea2e7886bf44eb852e345e96b7c"
X-Download-Options: noopen
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate
Vary: Accept-Encoding, Origin
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK n Show response
elsa.memoinsights.com/ 362 B
1 KB 457ms
113ms Script
application/javascript 35.169.143.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://elsa.memoinsights.com/n?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&author%5B%5D=Dan%20Goodin&title=Chinese%20hackers%20have%20unleashed%20a%20never-before-seen%20Linux%20backdoor&date=2023-09-18T23%3A25%3A04Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&cb=MEMO.API.callbacks.cbqzgaasswr&v=v3.0.6
Requested by: Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.143.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-143-178.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: d9d092a1d58c2ce4ad8018fbe856d99a03d16395c3161c53fa970cc7382a6a0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64, Sec-CH-UA-Form-Factor
server: istio-envoy
content-type: application/javascript
x-envoy-upstream-service-time: 0
Connection: keep-alive
Content-Length: 250

GET
H2 200 plugin.js Show response
plugin.mediavoice.com/ 369 KB
138 KB 43ms
25ms Script
application/javascript 104.19.144.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://plugin.mediavoice.com/plugin.js
Requested by: Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.144.23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89a04f1809b96eca28e1646ccc40bfa7b714142a610b41e40082bbebca8ea6c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
via: 1.1 varnish
cf-cache-status: HIT
age: 10558
content-length: 140320
last-modified: Wed, 16 Aug 2023 13:49:09 GMT
server: cloudflare
etag: W/"64dcd3d5-5c2bf"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
x-varnish: 2582280042 2582061368
cache-control: max-age=43200
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-ray: 80cd46eb69d09196-FRA
expires: Tue, 26 Sep 2023 18:29:58 GMT

GET
H2 200 condenastcorporate Show response
polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/ 208 B
438 B 350ms
23ms XHR
application/json 104.16.112.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/condenastcorporate
Requested by: Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.112.202 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dc40a5096530714279199bd98ffbe44f3108bf9dd183ec74d85f69705d86e25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
server: cloudflare
etag: W/"f3cb63b5151ee861d177a2136e7d9989"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-country: DE
access-control-expose-headers: X-Country, CF-Ray
cache-control: max-age=3600
timing-allow-origin: *
cf-ray: 80cd46ed4b3918fb-FRA

GET
H2 200 3035 Show response
config.aps.amazon-adsystem.com/configs/ 505 B
772 B 75ms
22ms Script
application/javascript 18.238.243.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/3035
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.243.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-243-129.ams58.r.cloudfront.net
Software: CloudFront /
Resource Hash: 321b6d434acaa0d2b57801f86fb4ad3444a8e946ac7a07453108515456c7fbcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 16:38:01 GMT
via: 1.1 95ff0d830848b741160e24f658d880e8.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS58-P1
age: 3588
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 505
x-amz-cf-id: OD54X3EZrrB0W9P6-KsNRJFrT-lKR7St23ghM1JOPb8zrYfvgU-0fw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 321 B
668 B 16ms
15ms XHR
application/json 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3035&u=https%3A%2F%2Farstechnica.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: b6219572ff2614c0f7b38815e5f2d8bac96c758d0e455152d2afd7f417395dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 16:25:26 GMT
via: 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 4343
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://arstechnica.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 321
x-amz-cf-id: LXy0sXQe6mR8eKjkU_fOQi4tnXY0c8CoEROmE4ILiMXFLvGPsOa8kQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 40ms
10ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 f13110b40e6214ad566c753a838f49f4.cloudfront.net (CloudFront)
date: Tue, 26 Sep 2023 03:42:30 GMT
x-amz-cf-pop: FRA56-P6
age: 55641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: dL6MxE3OPbzqldrYVuJZT0tdDKS-T_VE9qwCmTG0XCkXVCLicBFl3A==

GET
H/1.1 200
OK andoncord Show response
assoc-na.associates-amazon.com/onetag/ 16 B
411 B 575ms
104ms XHR
application/json 44.215.116.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://assoc-na.associates-amazon.com/onetag/andoncord

Requested by

Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.215.116.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-215-116-28.compute-1.amazonaws.com

Software

Server /

Resource Hash

c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:49 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: RT4EVPTF7Q36D6JT28HT
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 16

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b04bfd56-28cb-4e0f-af9d-d7cc72f833b0/ 270 KB
44 KB 61ms
56ms Fetch
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b10882a1-8446-4e7d-bfb2-ce2c770ad910/b04bfd56-28cb-4e0f-af9d-d7cc72f833b0/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a979c6a3345d7f1a4c1d769f8e391b84e11b4af338bd99c3243deee51213ada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 82451
content-md5: 5VklYXpn/spdZ9/EpGNTPg==
content-length: 45255
x-ms-lease-status: unlocked
last-modified: Tue, 22 Aug 2023 18:22:43 GMT
server: cloudflare
etag: 0x8DBA33CC738B9A9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c9cc5ca1-c01e-0099-3325-d5463e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46ec2ffb928f-FRA
expires: Wed, 27 Sep 2023 17:37:49 GMT

GET
H2 200 iab2Data.json Show response
cdn.cookielaw.org/vendorlist/ 387 KB
55 KB 28ms
24ms Fetch
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/iab2Data.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4b516c88139845d962dc7d766587ad4062bc40c0f84b8aab837c0f799aa43a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: plRtsp39Lx3qjlw9DgkrPw==
age: 42081
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 56413
x-ms-lease-status: unlocked
last-modified: Tue, 26 Sep 2023 04:27:48 GMT
server: cloudflare
etag: 0x8DBBE48F0B8B330
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: daaf8bb3-c01e-0020-2d36-f04224000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46ec2ffc928f-FRA

GET
H2 200 googleData.json Show response
cdn.cookielaw.org/vendorlist/ 56 KB
16 KB 59ms
55ms Fetch
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/vendorlist/googleData.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4087f1bfd7ecba347ea98b2d866ef3140df3a87fc2884b44b157c82cc99192fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: eCMcnQz+L9JI6zXeFGtz/A==
age: 39900
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 16112
x-ms-lease-status: unlocked
last-modified: Mon, 25 Sep 2023 06:05:01 GMT
server: cloudflare
etag: 0x8DBBD8D5B063E38
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 01d757b5-f01e-0014-4c82-ef71ec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46ec2ffd928f-FRA

GET
H2 200 otTCF.js Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/ 67 KB
15 KB 28ms
24ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/otTCF.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28ed651acc8b89aa0ff6d9d19d3026c41bf80b05a4a5bfbd9805e68add5e6cdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ttnLMdLBmYA6u5uFmQ7JsA==
age: 18254
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14914
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:35 GMT
server: cloudflare
etag: 0x8DB82A15C7F12C4
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 60e729a6-801e-0065-13a4-b469bb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46ec286435df-FRA

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 934 B
1 KB 225ms
114ms Script
text/html 130.162.160.243
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BE%24%3D!!tZ.qmKj2fxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7B%2CNr1U*%26ujMUU9%3C%24kBjqI&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-Fd%2BHsWUP%2FoUsOmg7a7FqTWME4Q6dwotBXKPgx%2FCwrOl2tvmQftrLjI5jaRxplbfkuwe%2B&rs=1-X1mOVythgEwLgg%3D%3D&sc=1&os=1-FQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&pcode=condenastprebidheader987326845656&rx=451857805401&callback=MoatNadoAllJsonpRequest_27050079
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.162.160.243 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 51390b40fe41cf2c19204d4592784c751b54d4c2dc72869ce5eab3a11ba91877

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:49 GMT
server: istio-envoy
etag: "b46bdabda06823459cd30724252ada453477d4b8"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 84
timing-allow-origin: *
content-length: 934

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/condenast1-network/ 288 KB
77 KB 60ms
30ms Fetch
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d251fd29e28ab21162d41460457570b34e863f86b4845e0cf2be736875e24c86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: KZhWhM26kOuXx06E1xRrRRPdLOruB9wi
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:49 GMT
x-amz-request-id: XG7BSSQ3RYN6XQP0
age: 21341
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 78128
x-amz-id-2: EzkMw8Y5ww5fpntdABE62HI0K5eIiEKWiiKAytFrA6O8L2VQEcH3ELS+KsnAzkLdJV9XBRg8lMk=
x-served-by: cache-fra-eddf8230028-FRA
last-modified: Wed, 20 Sep 2023 14:00:22 GMT
server: AmazonS3
x-timer: S1695749870.742994,VS0,VE0
etag: "e02efdcd0aa4b6adc706f4f083e860c8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 90
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 217

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 3 KB
2 KB 38ms
9ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a

Request headers

Referer: https://arstechnica.com/
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:49 GMT
x-amz-request-id: 1V3JN4Z08BWJNCK3
age: 3009
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1340
x-amz-id-2: yvDfBoaedLRfPwP0+zgbFCFLRwR4EiC1X5itZ+rLiciBisyuBdOMxzu1/H2ZTO40ir0cZXkf7JA=
x-served-by: cache-fra-eddf8230028-FRA
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
server: AmazonS3
x-timer: S1695749870.742978,VS0,VE0
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
vary: Accept-Encoding
content-type: application/javascript
abp: 51
access-control-allow-origin: *
cache-control: private, max-age=3600
accept-ranges: bytes
x-cache-hits: 19092

GET
H2 200 eid.es5.js Show response
cdn.taboola.com/scripts/ 17 KB
7 KB 40ms
11ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/eid.es5.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4

Request headers

Referer: https://arstechnica.com/
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: Bqo64Ai0BniIkPPSnUb8_cZLJGu.sClo
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:49 GMT
x-amz-request-id: AXB48TVMJDNAM2N4
age: 964
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 6467
x-amz-id-2: b7zQHJfK4QWAGCGQdkiPE/NYuw9ml5U806n4eSZBtDuFhIIlij+/yIbwvs8ktIfKYwcGiAYa9+0=
x-served-by: cache-fra-eddf8230028-FRA
last-modified: Sun, 02 Apr 2023 13:09:57 GMT
server: AmazonS3
x-tbl-debug: bestatus=200,beresp=OK
x-timer: S1695749870.742984,VS0,VE0
etag: "2fdf3e79d5e851201a0d52a886453d8b"
vary: Accept-Encoding
content-type: application/javascript
abp: 44
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 1590

GET
H2 200 fraud-detect.js Show response
cdn.taboola.com/scripts/ 121 B
509 B 42ms
13ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/fraud-detect.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 392c32f20b9f867852a946a6ed1c5e21476df9619083548b6585d80a3b5f9bd4

Request headers

Referer: https://arstechnica.com/
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: vOXBAr_FxKHpU348.XTQhP6DWnVyKple
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:49 GMT
x-amz-request-id: M4SP5ZB80QM7DHQP
age: 25047
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 125
x-amz-id-2: 27s1ZzL8grOAJHrzyGAagzwa4QLcFiyx8paeutTC1SOQfkmrt1WACjA/9B+yApzfDtcrskytcvQ=
x-served-by: cache-fra-eddf8230028-FRA
last-modified: Thu, 15 Dec 2022 16:50:08 GMT
server: AmazonS3
x-tbl-debug: bestatus=200,beresp=OK
x-timer: S1695749870.742953,VS0,VE0
etag: "f7a185d92ac2162dc0bc36c5d7ef7dfe"
vary: Accept-Encoding
content-type: application/javascript
abp: 69
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 85595

POST
H2 204 abtests
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
521 B 437ms
105ms Ping
text/plain 141.226.124.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/abtests?route=US%3ACH%3AV&lti=trecs&ri=24f5d1ab19360a9f2b4aa47fe25d63f4&sd=v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ&ui=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&pi=%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff&wi=-4647761854257520188&pt=text&vi=1695749868851&tim=19%3A37%3A49.717&id=78782&llvl=2&cv=20230920-27-RELEASE&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22brsd%22%2C%22type%22%3A%7B%22esv%22%3A%22ES2021%22%2C%22c%22%3Atrue%2C%22ss%22%3Atrue%2C%22ls%22%3Atrue%7D%2C%22eventTime%22%3A1695749869717%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.124.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arstechnica.com
pragma: no-cache
date: Tue, 26 Sep 2023 17:37:50 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H/1.1 200
OK 60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291 Show response
player.cnevids.com/script/video/ 69 KB
23 KB 148ms
147ms Script
text/javascript 13.224.189.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-f627adae4a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.39 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-39.fra2.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

66ee85cd105abef9d914fdae436f835a05e8cce2842bb283521c7e268a20ccae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies: none
X-Amz-Cf-Pop: FRA2-C1
X-Cache: Miss from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 22475
X-XSS-Protection: 1; mode=block
X-Request-Id: 7d4f29b5-37da-473e-86fa-e11775c4b9e0
X-Runtime: 0.004884
X-Backend-Node: 10.110.73.116
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"88d4f6e550626299fa619c0517e0f78a"
X-Download-Options: noopen
Vary: Origin,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: WaBJc9P0O_aLA5NHkwlN2tVJ6Sb9xJZ6ar1P3DnCaR0GiVdYV-GXzw==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1621877260/ 11 KB
12 KB 121ms
25ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

0396be2ab58ec30babd0838d7e37d6407475d4361be85ee7451dbac9186add57

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:34 GMT
X-Content-Type-Options: nosniff
Via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 267
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11625
Last-Modified: Thu, 20 Jan 2022 21:51:37 GMT
Server: Cloudinary
ETag: "0b80752552abdab1277829e7a4b2824a"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: 6-YIJFFVcpgliun4BEyy9Om-5ncrCaxJZ63jyB_D3Dqu0mcLmvm-Wg==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-the-warhammer-40k-universe-answered-by-author-dan-abnett.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1620135390/ 14 KB
15 KB 109ms
37ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1620135390/arstechnica_unsolved-mysteries-unsolved-mysteries-of-the-warhammer-40k-universe-answered-by-author-dan-abnett.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

a2bd43c80adc73ae26472a90ec3bd9df44a5b7d2dafb133b8660efd800c719b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:34:06 GMT
x-content-type-options: nosniff
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 234
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14620
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: cloudflare
ETag: "7996e22c04be37a8677bb680607e6d12"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b334eb6fd79b3d-FRA
timing-allow-origin: *
X-Amz-Cf-Id: OxKM2_fWiKXO_xDpr1pifZcO7OIdv16vJJalQ2PoT6tqscyQM24yRQ==

GET
H/1.1 200
OK arstechnica_sitrep-f-16-replacement-search-a-signal-of-f-35-fail.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1619531614/ 5 KB
6 KB 87ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1619531614/arstechnica_sitrep-f-16-replacement-search-a-signal-of-f-35-fail.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

85c33811c2b04e4e02babe2fd6bd7ac0035f93e95827116429bbda2cf9c6c95d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:34:50 GMT
x-content-type-options: nosniff
Via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 181
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 5242
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: cloudflare
ETag: "cfdeb1a825aca3ca1bf9ab3727325d27"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80bfcc4f5c549022-FRA
timing-allow-origin: *
X-Amz-Cf-Id: cDvm_IF4qAB30w13M0CfvPZLAQkQMu6is30TVWZ5-FYOntx85z_xuw==

GET
H/1.1 200
OK arstechnica_sitrep-boeing-707.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1615574323/ 12 KB
12 KB 95ms
24ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1615574323/arstechnica_sitrep-boeing-707.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

571479d52cd675db5573fe46973c62cba6d8224a76136fcefeb90f7dc42a6391

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 00:03:18 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 1618471
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11899
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: Cloudinary
ETag: "49fd6cf75b5acbe4ea95126496406585"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: 1lWz6Fn5rxQyn_HbfjOX2TN3ZwU3ZxWX6SnvHpYiHcwRPKSummvi7g==

GET
H/1.1 200
OK arstechnica_steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1611089409/ 16 KB
17 KB 106ms
36ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1611089409/arstechnica_steve-from-gamers-nexus-reacts-to-their-top-1000-comments-on-youtube.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

06b33c040105224101afcdaacd82b6dfb3ea1bf9ef3d7478cf5fa163a0ad65e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:19 GMT
X-Content-Type-Options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 284
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 16317
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: Cloudinary
ETag: "4796345150de82db7572da4e13d5fbc1"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: USrW95a4hmFzPpJcx4mCmreAmS_JsFOIxR4SkGYptpAwJc-OJp7ojg==

GET
H/1.1 200
OK arstechnica_modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1607984287/ 14 KB
15 KB 110ms
41ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1607984287/arstechnica_modern-vintage-gamer-reacts-to-his-top-1000-comments-on-youtube.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

de5e37739b5797e8ba9dba4a2dcb65f37c36a65fe839cb306162e21c74ba166e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:49 GMT
X-Content-Type-Options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 10
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14171
Last-Modified: Thu, 20 Jan 2022 21:51:37 GMT
Server: Cloudinary
ETag: "7f2bf661d68cedfcf91542c6e1dab7c6"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: tMZKSj77PUTqLC9d6A2DKC8cucPNI0GlpVKAD-1e8dvT4YuPE3S2WQ==

GET
H/1.1 200
OK arstechnica_war-stories-gail-tilden.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603899385/ 15 KB
15 KB 18ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603899385/arstechnica_war-stories-gail-tilden.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

7d91c04c657709af03f6dad61d375c3208d18ab5ff7851c2472007dc05201342

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:49 GMT
X-Content-Type-Options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 10
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15071
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: Cloudinary
ETag: "1f4aa6187c59e6ed79d0c3a2a0bc19d9"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: PAkfkYaektAb_n0vKVfZ-6GAvY2ELFNS5eMCZ9sX2k_ZZ1ju3TGGgw==

GET
H/1.1 200
OK arstechnica_personal-history-scott-manley.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603123470/ 14 KB
15 KB 15ms
14ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1603123470/arstechnica_personal-history-scott-manley.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

1f466b08649eef5ad16c20f6d7207bf8818cb107b6241950dbc568cdffc03d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:32:55 GMT
X-Content-Type-Options: nosniff
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 294
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14113
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: Cloudinary
ETag: "963bf0b22c745f95a06f32ee1317b872"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: a0XTtO1SAOcLbxUAAGDlJ3Wern3qNSMWQDRrz3ALUP3ygXJBPZ1FBg==

GET
H/1.1 200
OK arstechnica_scare-tactics-thomas-grip.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1602524702/ 15 KB
15 KB 14ms
13ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1602524702/arstechnica_scare-tactics-thomas-grip.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

617e0f9fee7ef0ca891735246b4b5a61caa3622db4a4256685b061c9f43bd053

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:16 GMT
X-Content-Type-Options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 33
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15079
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: Cloudinary
ETag: "d57f99149a48173e30de572cfa48ed93"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: NuwiS36Qi9npxoJc2IH918KxSnR1xJ5a1V_mOb_pToh5BUfH-s4HMQ==

GET
H/1.1 200
OK arstechnica_personal-history-lgr.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1600711530/ 14 KB
15 KB 12ms
11ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1600711530/arstechnica_personal-history-lgr.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

29637e0647104ccc5d5583e652db29ce99e947c858c3d9502960e7ea7f1aea19

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:25 GMT
x-content-type-options: nosniff
Via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 267
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14772
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: cloudflare
ETag: "4049b10cd3281951b01beb4f36134234"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80c7552a7c329013-FRA
timing-allow-origin: *
X-Amz-Cf-Id: YglsTsX64ey5dP36eLjNPmOUJip0R15iKthshA9PR0J8JTH3KRBQzQ==

GET
H/1.1 200
OK arstechnica_the-f-35-s-next-tech-upgrade.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1598890591/ 3 KB
4 KB 13ms
12ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1598890591/arstechnica_the-f-35-s-next-tech-upgrade.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

3b0209841325362235c221628e471145726897e4e1c9b210b6e6b2217fdf2ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 19 Sep 2023 19:31:04 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 598005
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 3374
Last-Modified: Thu, 20 Jan 2022 21:49:06 GMT
Server: Cloudinary
ETag: "3f16924a1fdff64e971a0491115fc147"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: FZoQkaJSAun0yXKMBoWZydIPgK5PNfB5YKwhQ_Rzey6J9w0HJC4cCg==

GET
H/1.1 200
OK arstechnica_war-stories-diablo.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1597686086/ 14 KB
15 KB 30ms
24ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1597686086/arstechnica_war-stories-diablo.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

aa3b9513abbbf65a2c8483122648fce1b39b1afa2a69bdf863242f1411baba58

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:31 GMT
x-content-type-options: nosniff
Via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 19
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14667
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: cloudflare
ETag: "d4de63ae8b9ef5b77ad58eaae97d7d02"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b334eb984abb7a-FRA
timing-allow-origin: *
X-Amz-Cf-Id: BB9_eF2YROuIqmIavafy4M_zukpABkQUt5pEDeVOMJZKUMn6hdgqfQ==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-mortal-kombat.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1596476950/ 11 KB
12 KB 18ms
14ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1596476950/arstechnica_unsolved-mysteries-unsolved-mysteries-mortal-kombat.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

0b5c6a8d4a856db56da956eced8af9a5eb6e0a89dc67de5ffc4c83513472a3cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
x-content-type-options: nosniff
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11486
Last-Modified: Thu, 20 Jan 2022 21:51:38 GMT
Server: cloudflare
ETag: "7a8a596aae95c9a900261808554523e6"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b084131cbe9b67-FRA
timing-allow-origin: *
X-Amz-Cf-Id: Br82tTzy1e7wAhhKDQUoKs8LQeUIqzA44piJT9CNBfR9mm1IbTYTWw==

GET
H/1.1 200
OK arstechnica_us-navy-gets-an-italian-accent.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1595427354/ 6 KB
7 KB 13ms
11ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1595427354/arstechnica_us-navy-gets-an-italian-accent.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

85db95dbe15c810a710ca6d9094a2a29f2eeea05791cc7aaab7af8939684b978

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 20:19:43 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 1804686
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 6124
Last-Modified: Thu, 20 Jan 2022 21:51:46 GMT
Server: cloudflare
ETag: "51113bf4443c0cf453d0e8bf60489ac7"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 80212b366e932be4-FRA
timing-allow-origin: *
X-Amz-Cf-Id: I2kic5kbKRC_Jaj2fLsbpUPSMuD3Q3Q6di1z1-xwAVtC1ol9eQ09-w==

GET
H/1.1 200
OK arstechnica_war-stories-war-stories-undone-w-slash-hisko-hulsing.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1594656439/ 10 KB
11 KB 17ms
15ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1594656439/arstechnica_war-stories-war-stories-undone-w-slash-hisko-hulsing.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

e74b9cb9d8871d300d2a1d36ce2cd00dfbfe0c5d8066d1d415c4ce620a919d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:34:30 GMT
X-Content-Type-Options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 202
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10345
Last-Modified: Thu, 20 Jan 2022 21:52:15 GMT
Server: Cloudinary
ETag: "60622b64688dbb49917234d4091856fb"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: tJlnx3feddilDcTEhwPgxxEVA22rDrDUyQ3k6pYI9MtGB_NZBjnlmA==

GET
H/1.1 200
OK arstechnica_fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1593453234/ 15 KB
16 KB 13ms
12ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1593453234/arstechnica_fighter-pilot-breaks-down-every-button-in-an-f-15-cockpit.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

9431bc6d1a6d036a70c92dfc9000d7965f939671a59705bdd01c3e652048ed9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 23:08:28 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 1189761
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15307
Last-Modified: Thu, 20 Jan 2022 21:49:07 GMT
Server: cloudflare
ETag: "324e15e8b7d3edd23ffbf5df0a1a9e77"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 805bd00419391c01-FRA
timing-allow-origin: *
X-Amz-Cf-Id: NUSEfa5PVGY8eJPVOrJLFP7LUXiimcBL_RagnOl9tnS_Pvg2I6B7ug==

GET
H/1.1 200
OK arstechnica_war-stories-war-stories-nba-jam.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1592315288/ 14 KB
15 KB 17ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1592315288/arstechnica_war-stories-war-stories-nba-jam.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

5be5b0170ad4bbd2be91182d137933e7de9c7e86b09ec855a4bac015ebfd746f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
x-content-type-options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14149
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: cloudflare
ETag: "bd63326fa81d10df9e2da1245d3c122c"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b11c31a9813659-FRA
timing-allow-origin: *
X-Amz-Cf-Id: 11WQgiGpMISeh3LfmlW_JIg3wMlZspEqRjUK5TjgAsDvquZ_pqXbAg==

GET
H/1.1 200
OK arstechnica_linus-tech-tips-reacts-to-his-top-1000-youtube-comments.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1591804041/ 9 KB
10 KB 14ms
10ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1591804041/arstechnica_linus-tech-tips-reacts-to-his-top-1000-youtube-comments.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

e8830a414dfeb4c0e0f519d3419f69849df9226f329357c938333dbf2c956f63

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:36:07 GMT
x-content-type-options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 103
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 9054
Last-Modified: Thu, 20 Jan 2022 21:49:07 GMT
Server: cloudflare
ETag: "b17d3aab70cb56fbf2df892c8415ab16"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80bae57d5da82c2e-FRA
timing-allow-origin: *
X-Amz-Cf-Id: FbnjU7s7H7HO0uAA3WG4BvduT9WnNYshKKRdtrAYsrkFKYasKa3n1A==

GET
H/1.1 200
OK arstechnica_war-stories-how-alan-wake-was-rebuilt-3-years-into-development.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1589408118/ 11 KB
11 KB 18ms
15ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1589408118/arstechnica_war-stories-how-alan-wake-was-rebuilt-3-years-into-development.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

3f2cf5f857c617761a251ceef8f6ed452a7690e21f16eff0a70dddf9beea8633

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:34:06 GMT
X-Content-Type-Options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 233
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10817
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: Cloudinary
ETag: "9417ada34c9b6b07ccd41a463b717969"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: eH_C8ejy2blEI9mjPd33iud30ImJT5b5-CwLmptwYlD-lnxzdUN4aA==

GET
H/1.1 200
OK arstechnica_war-stories-prince-of-persia.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1584454477/ 15 KB
16 KB 18ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1584454477/arstechnica_war-stories-prince-of-persia.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

56f8838a24cb0cc47dc34a19d6b84d6ce8bf8086b1682bbb990abc13b1e2da65

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:31 GMT
X-Content-Type-Options: nosniff
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 19
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15682
Last-Modified: Thu, 20 Jan 2022 21:51:39 GMT
Server: Cloudinary
ETag: "e9cccef2a4a4cf217be0ba162f6b4296"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: rvaYonHpO39CaW5l91Eurbwgsa2If4GAxx3GjhJhT498UJ10c9iPdg==

GET
H/1.1 200
OK arstechnica_war-stories-how-crash-bandicoot-hacked-the-playstation-to-run.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582755533/ 17 KB
18 KB 19ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582755533/arstechnica_war-stories-how-crash-bandicoot-hacked-the-playstation-to-run.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

46a9ddb1f206a46900872e0a832750ae06925528f81883a3d3517fdb42aefb6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
X-Content-Type-Options: nosniff
Via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 17475
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "7588b83c6eb2a1165344abad7e12e715"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: nUYU7co9C7MOoYQiFJAEJv7jA2Xvtr9cWbpxXZwpON8dXChkfQcCkw==

GET
H/1.1 200
OK arstechnica_war-stories-myst.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1580223113/ 13 KB
14 KB 20ms
17ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1580223113/arstechnica_war-stories-myst.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

1bf55bc00dbf13180884211c3d301729e67b81f3456225c1fbf97d271d636509

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:36:48 GMT
X-Content-Type-Options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 61
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13522
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "ed8c6a9aa19e7d5c7aa46a3aead23a87"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: u6U92eZePZJ1R3AbesShL5qWlqUEmhPXVkfXgUOjwPaUIDM8mniBRA==

GET
H/1.1 200
OK arstechnica_markiplier-reacts-to-his-top-1000-youtube-comments.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1579194313/ 9 KB
9 KB 20ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1579194313/arstechnica_markiplier-reacts-to-his-top-1000-youtube-comments.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

e336ff50623cff960c2396944be4392139f63dcc032e5f3428d81489fdfe697a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:31 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 18
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 8832
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "2bad386c14ac040d530ceb2ae89c8bbb"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: ZFfs9ebLWZSKS66L1D4uyIqq98A4NJS62b_b7oEqTewd0tGUgE32Iw==

GET
H/1.1 200
OK arstechnica_war-stories-war-stories-oddworld.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582815531/ 12 KB
13 KB 22ms
17ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1582815531/arstechnica_war-stories-war-stories-oddworld.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

1097abb6f0992cccc79428374463e7f23b99dae5eb85d7317b20bd57c96031bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:36:48 GMT
x-content-type-options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 61
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 12614
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "4a7903cbe66890b5688d843661943ccd"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b106a649899b9a-FRA
timing-allow-origin: *
X-Amz-Cf-Id: m97CqDdiXEpS7zAmpIADeLieLafZZKh9SSXqJyqJ-bKmq9AFCdKP0w==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1573140819/ 11 KB
12 KB 20ms
19ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1573140819/arstechnica_unsolved-mysteries-bioware-answers-unsolved-mysteries-of-the-mass-effect-universe.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

de24551bd4396fc8579b2d87ce01944553dd48fb52775d14373725a50efa0c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:31 GMT
x-content-type-options: nosniff
Via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 24
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 11417
Last-Modified: Thu, 20 Jan 2022 21:52:15 GMT
Server: cloudflare
ETag: "3e8509d06c6610d54babcac0d91e5d93"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80aac255ea0330c3-FRA
timing-allow-origin: *
X-Amz-Cf-Id: 2XZ-aQxpm-eBk5PhUbB0UyAjW8e6vsJnei9SLofke5doMml6iB3a4Q==

GET
H/1.1 200
OK arstechnica_war-stories-civilization.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1569003425/ 16 KB
17 KB 13ms
12ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1569003425/arstechnica_war-stories-civilization.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

1c7dcc8216c6f82da2998ceeac2523632c7f9bffe510824b6d082621201f2012

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:31 GMT
X-Content-Type-Options: nosniff
Via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 19
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 16236
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "72002610618f7bf8bf0e52c760e39897"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: Dc0dSNz94NlI49_VUhQHa8_-PaDx-xfxh5OKfsl6v32h9t75Eqv4WQ==

GET
H/1.1 200
OK arstechnica_sitrep-dod-resets-ballistic-missile-interceptor-program.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1568662260/ 11 KB
11 KB 11ms
10ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1568662260/arstechnica_sitrep-dod-resets-ballistic-missile-interceptor-program.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

7fc88c65d46e83b3f3e9f098f05fd639480332fc3718cd714725e2e4633af4e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 12 Sep 2023 10:23:00 GMT
Strict-Transport-Security: max-age=604800
x-content-type-options: nosniff
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 1235689
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10793
Last-Modified: Thu, 20 Jan 2022 21:51:46 GMT
Server: cloudflare
ETag: "0e1ff58ccf6d97759de3d774a7ff835a"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
CF-Ray: 80576eb9e8903a88-FRA
timing-allow-origin: *
X-Amz-Cf-Id: YzfI4v32LRDTqsGRXd77-YGiYm6rGOR2Ak_IZ8WzSDeVRfub5pD9UA==

GET
H/1.1 200
OK arstechnica_warframe-reviews.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1561556730/ 14 KB
15 KB 17ms
16ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1561556730/arstechnica_warframe-reviews.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

83a366075eb2387c6d9f848f42b08df0546027333eccf5813edf95ba45709be2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:31 GMT
x-content-type-options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 18
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14837
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "1d90d6aef7585f963e1270a1a02a4dd4"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80aac2560b672bf2-FRA
timing-allow-origin: *
X-Amz-Cf-Id: CUYaZrRy2TQ_G-jhMzEhhyXsHNzLsgxbADo7qIgV1F2WES1AxZ8Xqw==

GET
H/1.1 200
OK arstechnica_war-stories-subnautica.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1559747425/ 15 KB
16 KB 19ms
18ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1559747425/arstechnica_war-stories-subnautica.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

20660a9ef7ec454c15b2dc62b3db084e0cc9f74c5bb6de71a96fb1a54aef00f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
X-Content-Type-Options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15222
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "8c45b6c645caba59f4b14d3fbdc09062"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: Zm30T2AeDRk_eX2l3K-k-d5rVgT1WOzsoKmw_S6PpRkMJIVLPpNzSg==

GET
H/1.1 200
OK arstechnica_war-stories-slay-the-spire-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1556741487/ 15 KB
16 KB 41ms
40ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1556741487/arstechnica_war-stories-slay-the-spire-war-stories.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

f9d9e96c4439beeca49a1a10f9dffe6f5cd0b604d13aa13af170d0bc62d8ca1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
X-Content-Type-Options: nosniff
Via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15634
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "abee90e53f29ba0127fca9442ab50902"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: 2OrO-V4kD6lnpLMzru8dzCHnGWSqqQanxQp2U-THvgnNz90IRYYGDQ==

GET
H/1.1 200
OK arstechnica_war-stories-amnesia-the-dark-descent-the-horror-facade.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1555359865/ 15 KB
16 KB 12ms
12ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1555359865/arstechnica_war-stories-amnesia-the-dark-descent-the-horror-facade.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

1defb6bc54a7ee9c066136908360e8455c23ee9ad0dec9924e7255d7948cd4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
x-content-type-options: nosniff
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 15251
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: cloudflare
ETag: "3e7cdc13e718680bf5e1efa64468b560"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80a510641a1218e2-FRA
timing-allow-origin: *
X-Amz-Cf-Id: lLy0pHEvzON6I-CHLejlxWGocDcKe6B1p860AAy88mwivrjt3nBBcA==

GET
H/1.1 200
OK arstechnica_war-stories-c-and-c-tiberian-sun.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1551193450/ 19 KB
19 KB 41ms
40ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1551193450/arstechnica_war-stories-c-and-c-tiberian-sun.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

27348ba4b98bd80f1038496ec5dea6ad865680540058fb085b8ca199b8aaf4c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:35:30 GMT
X-Content-Type-Options: nosniff
Via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 196
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 19022
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "fe52b9acd391d8bee8de15a0f429b377"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: gVpw5SyCBNLL8kbpH5Ziz_pAji-zytlwe4u_DLaFj_S2NwoukoE8yw==

GET
H/1.1 200
OK arstechnica_war-stories-blade-runner-skinjobs-voxels-and-future-noir.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1550244434/ 18 KB
18 KB 45ms
43ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1550244434/arstechnica_war-stories-blade-runner-skinjobs-voxels-and-future-noir.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

8b72952d3fd656ee6594f0d9735d928113ad1d590705b14f77abf75f1d4d5d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:49 GMT
X-Content-Type-Options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 10
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 18172
Last-Modified: Thu, 20 Jan 2022 21:51:40 GMT
Server: Cloudinary
ETag: "32f1b8954559c8d598e9861f5b8360b9"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: Q8_MgOBSnF_RXrN1Jq_5YhNy7rl_MP-fT6vG3KbUIt3cqwPR-CdOdw==

GET
H/1.1 200
OK arstechnica_war-stories-dead-space-the-drag-tentacle.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/ 7 KB
8 KB 40ms
38ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/arstechnica_war-stories-dead-space-the-drag-tentacle.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Sat, 02 Sep 2023 10:46:46 GMT
Strict-Transport-Security: max-age=604800
X-Content-Type-Options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 2098262
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 7393
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: Cloudinary
ETag: "17a6e4b5eb75eb12f5d8c89eb3d0ace8"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: -pfQkc5w1TGIfSejWO1HFrSv8oezXBMrfP0OWy_rLj0jxpeueX2WdA==

GET
H/1.1 200
OK arstechnica_teach-the-controversy-flat-earthers.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/ 10 KB
11 KB 43ms
41ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/arstechnica_teach-the-controversy-flat-earthers.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:49 GMT
x-content-type-options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10595
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: cloudflare
ETag: "6c0c4f8a9d61ed2b5863a8058c624a37"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80a4e86e9f78903d-FRA
timing-allow-origin: *
X-Amz-Cf-Id: KDs1Z9trWfDX9xxmcdYwjTuLjF-zPy1OyfYAWqTtGvke4BDQYboMvA==

GET
H/1.1 200
OK arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/ 12 KB
13 KB 21ms
18ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:34:07 GMT
x-content-type-options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 227
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 12509
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: cloudflare
ETag: "b9c502ffc902b60d0eb13698b37a945d"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b538fe0c5918da-FRA
timing-allow-origin: *
X-Amz-Cf-Id: WdymCjFZrDtc9_ebN9dAW13XCDQSrq_Utq_ftgK_l3q7hMHjK_5e1w==

GET
H/1.1 200
OK arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/ 7 KB
8 KB 14ms
12ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

Cloudinary /

Resource Hash

3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Wed, 06 Sep 2023 20:14:37 GMT
X-Content-Type-Options: nosniff
Via: 1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 1718601
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 7181
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: Cloudinary
ETag: "0549828edcecd339d8d10ebe6119de70"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
Cache-Control: public, no-transform, immutable, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
X-Amz-Cf-Id: bWCWmqVtylJBQdf9sGuNgouvLnppwLd5fwXQGKyyhx3doWItgTlNXg==

GET
H/1.1 200
OK arstechnica_apollo-mission-episode-1.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/ 14 KB
14 KB 15ms
13ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/arstechnica_apollo-mission-episode-1.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:39 GMT
x-content-type-options: nosniff
Via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 251
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14040
Last-Modified: Thu, 20 Jan 2022 21:52:14 GMT
Server: cloudflare
ETag: "ecc047c6eed3dc571a78eab647201220"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 809de6109dff2bc6-FRA
timing-allow-origin: *
X-Amz-Cf-Id: Xt01FhsLkKV4jT6ofy0wzAkzfnnU_YM4KKuAwWuXQvNwsaxGl64WMQ==

GET
H/1.1 200
OK arstechnica_richard-garriot-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/ 14 KB
14 KB 17ms
15ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_image.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/arstechnica_richard-garriot-war-stories.jpg

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:37:50 GMT
x-content-type-options: nosniff
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 11
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13885
Last-Modified: Thu, 20 Jan 2022 21:51:41 GMT
Server: cloudflare
ETag: "13d45a1733ad4d2f3ae707584d6a8a32"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80b084133f50193c-FRA
timing-allow-origin: *
X-Amz-Cf-Id: KjYfrMDWn8bMXIA3JNCbdDVHRge2-cuISsB9dPOu2ES7Qx3DILBLcA==

GET
DATA 200
OK truncated
/ 408 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2

200

rtb-h
sync.taboola.com/sg/supershiprtb-display-network/1/ Frame 68AB
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=taboola
https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZRMW7sCo5uYAAFGvplEAAAAA

0
373 B

22ms
21ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZRMW7sCo5uYAAFGvplEAAAAA
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14319

Redirect headers

X-SO-Cluster-ID: 0
Date: Tue, 26 Sep 2023 17:37:50 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=taboola","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZRMW7sCo5uYAAFGvplEAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad37"}
X-SO-Key: ZRMW7sCo5uYAAFGvplEAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad37
P3P: CP="See also http://www.scaleout.jp/privacy/"
Location: https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZRMW7sCo5uYAAFGvplEAAAAA
Cache-Control: private
X-SO-HostName: m-ad37.dc4p.scaleout.jp
Connection: keep-alive
X-SO-Ads-Time: 2
Content-Length: 0
X-SO-LB-Hostname: a-tgng40015.dc2p.scaleout.jp
X-SO-IP: 176.115.237.162

GET
H2

204

/
sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__
https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__&nut&uu=4115335c25164e8a83...
https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=4115335c25164e8a83bde8fba698d297

0
363 B

26ms
26ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=4115335c25164e8a83bde8fba698d297
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 9861

Redirect headers

location: https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=4115335c25164e8a83bde8fba698d297
date: Tue, 26 Sep 2023 17:37:50 GMT
content-length: 0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 68AB 0
75 B 464ms
16ms Image
text/plain 81.17.55.108
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=4
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.108 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-length: 0

GET
H2

200

/
sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=16698
https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LN0LOTUI-1P-1490

0
372 B

19ms
19ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LN0LOTUI-1P-1490
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 9861

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LN0LOTUI-1P-1490
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H2

200

/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/taboola/77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c?gdpr=0&gdpr_consent=&us_privacy=
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-h.qtiDFE2oRBCSVybE7SgUvX4QvzQRQzvx4Dlg--~A

0
373 B

20ms
20ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-h.qtiDFE2oRBCSVybE7SgUvX4QvzQRQzvx4Dlg--~A
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 15213

Redirect headers

date: Tue, 26 Sep 2023 17:37:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-h.qtiDFE2oRBCSVybE7SgUvX4QvzQRQzvx4Dlg--~A
content-length: 0

GET
H2

200

/
sync.taboola.com/sg/baidurtb-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://trace.mediago.io/ju/cs/taboola
https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=199e3e9baf07863b2v7fp400ln0lou2y

0
373 B

22ms
21ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=199e3e9baf07863b2v7fp400ln0lou2y
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 15213

Redirect headers

date: Tue, 26 Sep 2023 17:37:50 GMT
via: 1.1 google
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
location: https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=199e3e9baf07863b2v7fp400ln0lou2y
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

/
sync.taboola.com/sg/google-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc=
https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEED6R3Y8_8cuDgOw8kszAC8&google_cver=1

0
373 B

38ms
37ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEED6R3Y8_8cuDgOw8kszAC8&google_cver=1
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 10871

Redirect headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEED6R3Y8_8cuDgOw8kszAC8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 305
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 68AB 42 B
245 B 62ms
15ms Image
image/gif 198.47.127.205
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c:$UID
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.205 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 26 Sep 2023 17:37:48 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 68AB
Redirect Chain

https://sync.taboola.com/sg/google-network/1/rtb/?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c

170 B
243 B

28ms
27ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Server

216.58.206.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c
date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 9327

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 68AB 70 B
149 B 133ms
38ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame 68AB 49 B
683 B 100ms
22ms Image
image/gif 208.93.169.131
WEBMD-IDC1-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),

Reverse DNS

Software

Jetty(10.0.14) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: de-DE
content-type: image/gif;charset=iso-8859-1
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET
H2

200

/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%...
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bfa7acdd-6acd-48a0-87da-14dfb1e18e12&gdpr=0&gdpr_consent=&us_privacy=

0
373 B

61ms
19ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bfa7acdd-6acd-48a0-87da-14dfb1e18e12&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 16245

Redirect headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:49 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=bfa7acdd-6acd-48a0-87da-14dfb1e18e12&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1038329
content-length: 0
expires: Tue, 26 Sep 2023 00:00:00 GMT

GET
H/1.1 200 9.gif
id5-sync.com/s/464/ Frame 68AB 43 B
1 KB 49ms
11ms Image
image/gif 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/464/9.gif?puid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 26 Sep 2023 17:37:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2

200

sync
x.bidswitch.net/ Frame 68AB
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=
https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=taboola&bsw_user_id=${BSW_USER_UD}&bsw_param=a1f287ba-f63d-4131-a612-2ae893c09fc2&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=taboola&bsw_param=a1f287ba-f63d-4131-a612-2ae893c09fc2

43 B
145 B

16ms
16ms

Image
image/gif

18.197.117.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=taboola&bsw_param=a1f287ba-f63d-4131-a612-2ae893c09fc2
Protocol: H2
Server: 18.197.117.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-117-175.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=&user_group=0&user_id=&ssp=taboola&bsw_param=a1f287ba-f63d-4131-a612-2ae893c09fc2
date: Tue, 26 Sep 2023 17:37:50 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame 68AB
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=12abd0a7-8fb7-4d87-a254-a985a737844c
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=12abd0a7-8fb7-4d87-a254-a985a737844c&tbid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&query=taboola_hm%3D12abd0a7-8fb7-...

0
77 B

112ms
103ms

Image
text/plain

151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=12abd0a7-8fb7-4d87-a254-a985a737844c&tbid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&query=taboola_hm%3D12abd0a7-8fb7-4d87-a254-a985a737844c&isDirect=0
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 26 Sep 2023 17:37:50 GMT
via: 1.1 varnish
server: nginx
x-timer: S1695749871.901582,VS0,VE94
x-cache: MISS
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra-eddf8230117-FRA

Redirect headers

location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=12abd0a7-8fb7-4d87-a254-a985a737844c&tbid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&query=taboola_hm%3D12abd0a7-8fb7-4d87-a254-a985a737844c&isDirect=0
date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14319

GET
H2

200

xuid
eb2.3lift.com/ Frame 68AB
Redirect Chain

https://eb2.3lift.com/xuid?mid=7772&xuid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&dongle=tbla&gdpr=0&gdpr_consent=&us_privacy=
https://eb2.3lift.com/xuid?ld=1&mid=7772&xuid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=

37 B
354 B

27ms
26ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=7772&xuid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 13.248.245.213 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 26 Sep 2023 17:37:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=7772&xuid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&dongle=tbla&gdpr=0&cmp_cs=&us_privacy=
date: Tue, 26 Sep 2023 17:37:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/ Frame 68AB
Redirect Chain

https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Fr...
https://u.openx.net/w/1.0/cm?cc=1&gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F...
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=188437dd-dea0-06eb-3ac6-3cad5c597968

0
373 B

26ms
25ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=188437dd-dea0-06eb-3ac6-3cad5c597968
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14319

Redirect headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=188437dd-dea0-06eb-3ac6-3cad5c597968
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 datadog-logs-v4.js Show response
www.datadoghq-browser-agent.com/ 51 KB
18 KB 63ms
18ms Script
application/javascript 13.225.83.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-logs-v4.js
Requested by: Host: ads-static.conde.digital
URL: https://ads-static.conde.digital/production/cns/builds/ars-technica/ars-technica.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.83.103 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-83-103.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f5070f02c82cd5ac7d09e469fc9c90c21799ee4da016c8cb9d713df5d40ba904

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:37 GMT
content-encoding: br
via: 1.1 e5b747ffd1713cb17ddd7d55234a3300.cloudfront.net (CloudFront)
last-modified: Tue, 26 Sep 2023 15:01:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 14
x-amz-server-side-encryption: AES256
etag: W/"a2efa0f7a47549626f98fee5a0489549"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
x-amz-cf-id: Fo4SLB_Nssan0eOQ0BmmGsslxWUGIXJaihu4L9zWQLuhnolkqdtkSg==

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 451 B
684 B 182ms
77ms XHR
application/json 63.33.177.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=931565&slot=%7Bid:_out_of_page_0,ss:%5B1.1%5D,p:3379/conde.ars/interstitial/security/article/1,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=bece645d-235d-672e-c340-556910911b35&url=https%253A%252F%252Farstechnica.com%252Fsecurity%252F2023%252F09%252Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%252F
Requested by: Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.177.221 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-177-221.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 46ef1fc84c21011a1a5794b389c0fa7adae622326617bc87835e8b17c524ae49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
server: nginx
x-server-name: app07.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *

GET
H/1.1 200
OK onetag Show response
assoc-na.associates-amazon.com/ 64 B
459 B 112ms
112ms XHR
application/json 44.215.116.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://assoc-na.associates-amazon.com/onetag?src=330&pj=%7B%22tracking_id%22%3A%22arstech20-20%22%2C%22assocPayloadId%22%3Anull%2C%22refUrl%22%3A%22https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F%22%7D&u=https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/

Requested by

Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=e6160dfa-32a7-4b0e-9675-d18902339f1e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.215.116.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-215-116-28.compute-1.amazonaws.com

Software

Server /

Resource Hash

e19f32a9fd5fb67f23f7a4db0640622314c70ac1f02b83cd9f75d228a8b87762

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:37:50 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: SP273CGC4VG62EGR83XC
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: application/json
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 64

GET
H2 200 pxid Show response
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/v2.0/ 46 B
391 B 73ms
17ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/v2.0/pxid?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 7fa4de6ff22e83ba167f496fab7c2d37f216dcb0158d0b2a80712945d27c317d

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64

GET
H2 200 getuidj Show response
ib.adnxs.com/ 11 B
575 B 70ms
15ms XHR
application/json 37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.149 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:50 GMT
an-x-request-uuid: 803f6eb6-d4c4-4e55-a1d5-758e001f4193
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 176.115.237.162; 176.115.237.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 9 KB
3 KB 37ms
36ms Fetch
application/json 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: IRMIKuionWyvX1I089CQ9w==
age: 74271
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2626
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:31 GMT
server: cloudflare
etag: 0x8DB82A15A246027
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: edde817a-801e-00e6-68fc-b4c916000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80cd46f31cb9928f-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202306.1.0/assets/ 21 KB
4 KB 31ms
30ms Fetch
text/css 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202306.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202306.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 26 Sep 2023 17:37:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 75739
x-ms-lease-status: unlocked
last-modified: Wed, 12 Jul 2023 06:29:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: c36a75b2-f01e-014c-63fb-b459ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 80cd46f31cbc928f-FRA

GET
H/1.1 200
OK embed-api.json Show response
player.cnevids.com/ 11 KB
5 KB 66ms
37ms Fetch
application/json 13.224.189.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/embed-api.json?videoId=60abade4dc31e5375248cba6&embedLocation=arstechnica

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.39 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-39.fra2.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

d0883dc51f5a465d72c91dc84ff0f9bd25913fe00718e16ce7e18a5c54ed2c50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 17:33:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
X-Permitted-Cross-Domain-Policies: none
X-Amz-Cf-Pop: FRA2-C1
Age: 244
X-Cache: Hit from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 3808
X-XSS-Protection: 1; mode=block
X-Request-Id: f7c8f3b9-8df9-42fa-9cbe-8104f0d64b0e
X-Runtime: 0.013955
X-Backend-Node: 10.110.120.182
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.18.0
ETag: W/"4e135dc11fdc8bd1930f7d8d73f8f939"
X-Download-Options: noopen
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=300, public
Vary: Origin,Accept-Encoding
X-Amz-Cf-Id: cVXAdHdRjrcDHdZsYngkCD_NmLYqFZAxqSHeGISIgRqQ6vfnOjFaRQ==

GET
BLOB 200
OK a3a53973-62a9-4ffa-9e26-b05f61b40c52
https://arstechnica.com/ 692 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/a3a53973-62a9-4ffa-9e26-b05f61b40c52
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16518a981bbe659ea6a0b0c085d0c2a20992fa1808947636e19f6bae2b57d376

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Length: 708603
Content-Type

GET
BLOB 200
OK 8e9625c6-92a2-44c2-8c33-26506352faf8
https://arstechnica.com/ 692 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/8e9625c6-92a2-44c2-8c33-26506352faf8
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16518a981bbe659ea6a0b0c085d0c2a20992fa1808947636e19f6bae2b57d376

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Length: 708603
Content-Type

GET
H2 200 / Show response
pips.taboola.com/ 4 B
121 B 47ms
14ms XHR
text/plain 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-served-by: cache-fra-eddf8230028-FRA
date: Tue, 26 Sep 2023 17:37:50 GMT
via: 1.1 varnish
server: Varnish
access-control-allow-methods: GET
x-cache: HIT
access-control-allow-origin: https://arstechnica.com
cache-control: no-store
accept-ranges: bytes
content-length: 4
retry-after: 0
x-cache-hits: 0

GET
H2 200 geoip Show response
permutive.arstechnica.com/v2.0/ 263 B
364 B 102ms
20ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 240b8cad9e591f690ab9f22cf725f5e866db19653c3002040631ff2d7179b935

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 171

POST
H2 200 watson Show response
permutive.arstechnica.com/v2.0/ 469 B
345 B 112ms
31ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/watson?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 94c8d3cdec068da4c6410807027011851e1e3b88d21953f5069d5a1acc2ad5fe

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 280

POST
H2 204 bulk-metrics
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
520 B 107ms
106ms Ping
text/plain 141.226.124.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/bulk-metrics?route=US%3ACH%3AV&lti=trecs&cv=20230920-27-RELEASE&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.124.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arstechnica.com
pragma: no-cache
date: Tue, 26 Sep 2023 17:37:50 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 200 identify Show response
permutive.arstechnica.com/v2.0/ 50 B
352 B 58ms
26ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/identify?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 3ad77d287a5a40f8cc211ca4bfa3fae99e4ec8178df32b18bfaaad175c5e1dcb

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70

GET
H2 200 1dfc40bb-d155-4f15-970e-99450dbfa0e2-models.bin Show response
cdn.permutive.com/models/v2/ 48 KB
33 KB 80ms
25ms XHR
application/x-binary 104.19.149.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/models/v2/1dfc40bb-d155-4f15-970e-99450dbfa0e2-models.bin
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.149.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74b06d01f4a9d3962f65e38f0b8220772f88651487ef8e648d8f7d35d34923a3

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:50 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-oid: bd1cec50-00d1-4ce9-9572-785857419a1e
age: 0
x-guploader-uploadid: ADPycdsH_utFnDDQqV7w6RQVWoK5JaE_qQl05NgFzQfcgbj77H4siohdDUiMhCiT0dci5ynRkaCZwcwZNGljSlCWDEIJ2uwzNB8P
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 33328
last-modified: Tue, 26 Sep 2023 16:56:55 GMT
server: cloudflare
etag: "fb022fddf2f2a2eb59e6b9c7e277fc52"
vary: Accept-Encoding
x-goog-generation: 1695747415048744
content-type: application/x-binary
access-control-allow-origin: *
x-goog-hash: crc32c=KIzr6g==, md5=+wIv3fLyoutZ5rnH4nf8Ug==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=900, no-transform
x-goog-stored-content-length: 33328
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80cd46f53d83bb56-FRA
expires: Tue, 26 Sep 2023 17:00:27 GMT

GET
H2 204 / Show response
cds.taboola.com/ 0
82 B 306ms
89ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&mbl=ZmFsc2U=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 17:37:51 GMT
cache-control: no-store
server: nginx

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 7BD5 358 KB
123 KB 380ms
20ms Script
text/javascript 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

0bfbbc57a6a01182f738b9d582dd16a6b1075954a501f8c995af2a7e5b40d56e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125688
x-xss-protection: 0
expires: Tue, 26 Sep 2023 17:37:51 GMT

GET
H2 200 vans-adapter-google-ima.js Show response
static.adsafeprotected.com/ Frame 7BD5 19 KB
7 KB 15ms
10ms Script
application/javascript 13.225.78.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/vans-adapter-google-ima.js
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.121 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-121.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1dd93cc3f1638f369af566115ae74546e64bdafc4319d9853b5c15a3d3f4970

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: 4UvdbwUsN2CunQyNARaRw4ABpoiv.VmX
content-encoding: gzip
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
date: Mon, 25 Sep 2023 06:05:32 GMT
x-amz-cf-pop: FRA2-C2
age: 127939
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 08 Jul 2021 19:25:58 GMT
server: AmazonS3
etag: W/"8ec0c211dda60907ae57f46e621bc794"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 71tZ1pA3UB790DV5Zaa22UC2S5gWtLElYPeWs65tPjJ4Mtre7YyBJA==

GET
H2 200 gpt_proxy.js Show response
imasdk.googleapis.com/js/sdkloader/ 81 KB
29 KB 370ms
11ms Script
text/javascript 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/gpt_proxy.js

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

152b45567158d8c22200593f50cfd688c75a4df6f68a35a9162362eace9e21ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29449
x-xss-protection: 0
last-modified: Thu, 21 Sep 2023 23:34:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=900
accept-ranges: bytes
expires: Tue, 26 Sep 2023 17:44:29 GMT

GET
H/1.1 200
OK player-style-2cf7e3c125f7b0cc5c9e.css
player-frontend.cnevids.com/player/ Frame 7BD5 90 KB
13 KB 74ms
21ms Stylesheet
text/css 52.222.236.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-51.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 948c1b95f1dbdcb68ad1c83e789f24968a3e487563b42fd5451f4430791b7e30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 20:10:20 GMT
Content-Encoding: gzip
Via: 1.1 82386e4e4f56a0c01411d1aea6f3fd46.cloudfront.net (CloudFront)
x-amz-version-id: R5m98vrL8kZelKVVheKBOtelJMEgrmJE
X-Amz-Cf-Pop: FRA56-P4
Age: 1632452
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 13029
Last-Modified: Thu, 07 Sep 2023 20:00:59 GMT
Server: AmazonS3
ETag: "6f3c3978d344c16ec2263748c6106086"
Content-Type: text/css; charset=utf-8
Cache-Control: max-age=63072000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 0xr66423PxNiqtOXuQg9LVQTfj801KX9kG6C7dFFEbR2njsVnpxwHg==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
H/1.1 200
OK main-b55134862375d34c1afc.js Show response
player-frontend.cnevids.com/player/ Frame 7BD5 972 KB
254 KB 72ms
20ms Script
application/javascript 52.222.236.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://player-frontend.cnevids.com/player/main-b55134862375d34c1afc.js
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/60abade4dc31e5375248cba6.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady89514291
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-51.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 190d0dc58b8d1d9ece2f3cd82d59697e4ebf54e706f87f658e963f4d5ad4bbf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 14:48:34 GMT
Content-Encoding: gzip
Via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
x-amz-version-id: pf7ms_GqlqDmbNvCZjEvrXurhf7..hfS
X-Amz-Cf-Pop: FRA56-P4
Age: 442158
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 259313
Last-Modified: Thu, 21 Sep 2023 14:22:43 GMT
Server: AmazonS3
ETag: "ea0aeeef8eb5160f0a9972e940f1be24"
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=63072000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 5gbBvv3Z0UVgZStmfrsjeKraZjRbBn2FhYeh8Ge-uvkj3ffCpenIKA==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

POST
H2 200 209e82e3c5c55704a176abe943c36152c16fe0fc10ffbe Show response
planebasin.com/submit/817690/ 288 B
795 B 403ms
39ms Fetch
application/json 34.111.134.78
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://planebasin.com/submit/817690/209e82e3c5c55704a176abe943c36152c16fe0fc10ffbe

Requested by

Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.134.78 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

78.134.111.34.bc.googleusercontent.com

Software

Resource Hash

86e4d2cf38117f2220bc7dedd75e69d4640ae34b4ee254cd950a3fc60d4a9783

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 26 Sep 2023 17:37:51 GMT
via: 1.1 google
x-buildnumber: 998028631
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
x-hostname: fen-hoothoot-europe-west1-spot-kjrp
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Tue, 26 Sep 2023 17:37:50 GMT

POST
H2 200 segment Show response
permutive.arstechnica.com/adv/v2/ 14 B
78 B 35ms
32ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/adv/v2/segment?new-session=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 17:37:51 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

GET
BLOB 200
OK 334a9ac3-64b6-460f-a097-324c947f0540
https://arstechnica.com/ Frame 7BD5 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/334a9ac3-64b6-460f-a097-324c947f0540
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H/1.1 200
OK sf-ui-display-medium-webfont.woff2
player-frontend.cnevids.com/assets/fonts/ Frame 7BD5 29 KB
30 KB 421ms
401ms Font
application/font-woff2 52.222.236.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://player-frontend.cnevids.com/assets/fonts/sf-ui-display-medium-webfont.woff2
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-51.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3

Request headers

Referer: https://player-frontend.cnevids.com/player/player-style-2cf7e3c125f7b0cc5c9e.css
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: jNwTnDrOXQCtwNbzpCCrw4_AQmswfr1J
Content-Encoding: gzip
Via: 1.1 34fdfb7c7c11559df7e622af2b62f5ca.cloudfront.net (CloudFront)
Date: Tue, 26 Sep 2023 17:37:52 GMT
X-Amz-Cf-Pop: FRA56-P4
x-amz-server-side-encryption: AES256
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 29632
Last-Modified: Thu, 01 Jun 2023 16:30:06 GMT
Server: AmazonS3
ETag: "7d18db04f980971f2a9c5026bbc34bed"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=63072000, public
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: tmwhb5hQdcgsISUI-4xJW1LirxYfqnuQlTJvCAhosJtAOEGzukNJXw==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
H2 200 bridge3.591.2_en.html Show response
imasdk.googleapis.com/js/core/ Frame 66E2 723 KB
232 KB 10ms
8ms Document
text/html 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.591.2_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

80b9b7bcb98fcb97f7c595b97e92a34db3cc45f07ba183e0711c7c06b8082d83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://arstechnica.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 411650
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 236868
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 23:17:01 GMT
expires: Fri, 20 Sep 2024 23:17:01 GMT
last-modified: Thu, 21 Sep 2023 23:07:47 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 7BD5 44 KB
17 KB 419ms
36ms Script
text/javascript 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Sep 2023 17:37:52 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 7BD5 197 KB
53 KB 367ms
23ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-b55134862375d34c1afc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

c8d993ec25ba5115247b7767e396d0ee59f0f3a14bec3355da68caf596767f02

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 26 Sep 2023 17:37:51 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53229
x-xss-protection: 0
pragma: public
x-fb-debug: YTvF+mKf16Jx7CtV/kokAfkE+Z38sD/KM2E/7BDtjLpLjrbrP1VLaNxqthKta1weFKUZZ57lb7E3Z6ciHp/ryg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame 7BD5 48 B
48 B 443ms
110ms Image
image/gif 52.73.210.95
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2023-09-26T17%3A37%3A51.493Z&_c=&_t=Player%20Requested&pHr=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.73.210.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-210-95.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 26 Sep 2023 17:37:52 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 88CA 40 KB
14 KB 364ms
10ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 546
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13893
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 15:57:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 26 Sep 2023 18:28:46 GMT

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 7BD5 50 KB
51 KB 19ms
19ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:31 GMT
x-content-type-options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 275
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51500
Last-Modified: Tue, 25 May 2021 15:04:45 GMT
Server: cloudflare
ETag: "1631177d1131925333a3b2b652f3d8b2"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80a8f3052ff39b46-FRA
timing-allow-origin: *
X-Amz-Cf-Id: HWgWrFwxTQXNZAoqoW6NKUD65Nm7y54DXhC3NnUJ5Ur1GqKJIehPhw==

GET
H/1.1 206
Partial Content 1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7BD5 1 MB
0 69ms
19ms Media
video/mp4 18.66.147.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-35.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://arstechnica.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 26 Sep 2023 03:05:06 GMT
Via: 1.1 544049d1dc4d534822b40b9f9c7529da.cloudfront.net (CloudFront)
Last-Modified: Mon, 24 May 2021 13:51:20 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P4
Age: 52388
ETag: "580642a938142bddde48207109f78d2b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-2480938/2480939
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: qyM-uz7GWJ-oFmLgMi7bwbeKiZQv7HQXm0uzPPF3KqsZQAn3Jm0i4g==
Content-Length: 2480939

GET
H/1.1 206
Partial Content 1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7BD5 568 KB
0 60ms
10ms Media
video/mp4 18.66.147.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dthumbs.mp4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-35.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://arstechnica.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 26 Sep 2023 03:05:06 GMT
Via: 1.1 f7aba4a0337c5f98c4703e2b10f1940a.cloudfront.net (CloudFront)
Last-Modified: Mon, 24 May 2021 13:51:20 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P4
Age: 52388
ETag: "580642a938142bddde48207109f78d2b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-2480938/2480939
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: vwTNs4i5ZiYQC8xLm8mwGZXeUwI9h1UBM33BVxBt7zlpAaXOYPoi9w==
Content-Length: 2480939

GET
H/1.1 200
OK 1c5e052d-9221-44ad-9785-4ca784ceb60dmanifest-ios.m3u8 Show response
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7BD5 918 B
1 KB 39ms
10ms XHR
application/x-mpegurl 18.66.147.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dmanifest-ios.m3u8?videoIndex=0&requester=oo
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-b55134862375d34c1afc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-35.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 005f315d6f7cf50f04161a51e17287b5040b513267560b083a3cf39d0b892ba8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 04:53:40 GMT
Via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P4
Age: 45864
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 918
Last-Modified: Mon, 24 May 2021 13:49:14 GMT
Server: AmazonS3
ETag: "4300fd3b9bba40f219ea54c572764fe0"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,Origin
Accept-Ranges: bytes
X-Amz-Cf-Id: 7v3esV6a_Ku7TudMxB-Crt73KdLDjP6LX6FBco3FfSlsGPwhdr4ApQ==

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
623 B 164ms
125ms Image
image/gif 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2613993160362&event=PermutiveSegmentEntry&ed[segment_id]=%229710%22
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Sep 2023 17:37:51 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 73c2f08f71cb0bd2c7a40fb005c4f84dbd64f8cd
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 5
x-pinterest-rid: 1453628966039874
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 segment Show response
permutive.arstechnica.com/clm/v1/ 49 B
110 B 41ms
41ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/clm/v1/segment?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 4186ebd6aecd1b4daba3b56592882ea6b6121d2f2386a13b0e42e3abf75a4f74

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 17:37:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
content-type: application/json

GET
BLOB 200
OK 040ddef0-b040-4654-b23d-265761b14dfc
https://arstechnica.com/ Frame 7BD5 5 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/040ddef0-b040-4654-b23d-265761b14dfc
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4296fe8b1bcc719a930a026983416dbab46012b29651dcbdbf975f02cb6a8bcf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Length: 4973
Content-Type: application/javascript

GET
BLOB 200
OK 852ebf8d-af72-4851-b83d-1321a1149995
https://arstechnica.com/ Frame 7BD5 68 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/852ebf8d-af72-4851-b83d-1321a1149995
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84c4f20eda3cf2296d177dd9cc3332c951d28211a06765ef5a876d8b71dafcfb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Length: 70012
Content-Type: application/javascript

GET
BLOB 200
OK baa39287-8143-4325-8418-108ca7d91324
https://arstechnica.com/ Frame 7BD5 68 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://arstechnica.com/baa39287-8143-4325-8418-108ca7d91324
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84c4f20eda3cf2296d177dd9cc3332c951d28211a06765ef5a876d8b71dafcfb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Length: 70012
Content-Type: application/javascript

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 7BD5 50 KB
51 KB 86ms
37ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-b55134862375d34c1afc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/
Origin: https://arstechnica.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:31 GMT
x-content-type-options: nosniff
Via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 276
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51500
Last-Modified: Tue, 25 May 2021 15:04:45 GMT
Server: cloudflare
ETag: "1631177d1131925333a3b2b652f3d8b2"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80a8f3052ff39b46-FRA
timing-allow-origin: *
X-Amz-Cf-Id: T5bEhmEvryAPnCqIEoJrpd88rTux17zPLpHPHc8t1BemIWsLMi4qKw==

GET
H/1.1 200
OK arstechnica_unsolved-mysteries-unsolved-mysteries-of-quantum-leap.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1621877260/ Frame 7BD5 50 KB
51 KB 22ms
21ms Image
image/jpeg 52.222.250.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.222.250.126 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-250-126.fra60.r.cloudfront.net

Software

cloudflare /

Resource Hash

4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=604800
Date: Tue, 26 Sep 2023 17:33:31 GMT
x-content-type-options: nosniff
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 275
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51500
Last-Modified: Tue, 25 May 2021 15:04:45 GMT
Server: cloudflare
ETag: "1631177d1131925333a3b2b652f3d8b2"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
Cache-Control: public, no-transform, max-age=300
Accept-Ranges: bytes
CF-Ray: 80a8f3052ff39b46-FRA
timing-allow-origin: *
X-Amz-Cf-Id: YxOklHEo-ATDAkKx6rZzlL40U7clhHCtI_8Uf375YLY8OFogqC4gcQ==

GET
H/1.1 200
OK 1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768.m3u8 Show response
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7BD5 11 KB
1 KB 17ms
17ms XHR
application/x-mpegurl 18.66.147.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768.m3u8
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-b55134862375d34c1afc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-35.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4fb846048afd0ee79141b669572402fc0a024d937c00977e124405d11cd319fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 03:20:56 GMT
Content-Encoding: gzip
Via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P4
Age: 51416
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 24 May 2021 13:54:58 GMT
Server: AmazonS3
ETag: W/"cc4f278863bddb064b3e70268d5f02f8"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,Origin
X-Amz-Cf-Id: I9E1OXXrKAADe_Zb_Im_-2jlHbfqHLLlPozn71br4MaG0eOjPwublA==

POST
H2 200 3039e45e9fe71e821f996869620ab4b9b6920b7828e9cdefada3 Show response
planebasin.com/ 3 B
64 B 40ms
39ms Fetch
application/json 34.111.134.78
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://planebasin.com/3039e45e9fe71e821f996869620ab4b9b6920b7828e9cdefada3

Requested by

Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.134.78 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

78.134.111.34.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 26 Sep 2023 17:37:51 GMT
via: 1.1 google
x-buildnumber: 998028631
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
x-hostname: fen-hoothoot-europe-west1-spot-kjrp
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H/1.1 200
OK 1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768-00001.ts Show response
dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/ Frame 7BD5 821 KB
805 KB 20ms
20ms XHR
application/x-mpegurl 18.66.147.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/60abade4dc31e5375248cba6/1c5e052d-9221-44ad-9785-4ca784ceb60dfile-1422k-128-48000-768-00001.ts
Requested by: Host: player-frontend.cnevids.com
URL: https://player-frontend.cnevids.com/player/main-b55134862375d34c1afc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-35.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e944e6d1b0904bc0c1298fe828ec727bc6a9b46f0b4799e197a1a2acc46fb685

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Date: Tue, 26 Sep 2023 01:40:39 GMT
Content-Encoding: gzip
Via: 1.1 18c9dea802c00b7c060142aad49f7288.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P4
Age: 57434
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 24 May 2021 13:54:44 GMT
Server: AmazonS3
ETag: W/"9c6e79c618e52ccae61fce8e62e8cd50"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,Origin
X-Amz-Cf-Id: eMEldaLkKKD3BJPqK1q-oSYEBKjosuLJLsaH58rYTb6Fv_OZgiAPcw==

POST
H2 200 events Show response
permutive.arstechnica.com/v2.0/batch/ 201 B
196 B 19ms
19ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/batch/events?enrich=false&sdkp=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: a5dbcaed5ef12e37fd22e8815543bd838cf66314be716f4b9c2aeb1272a0ec7b

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:52 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139

POST
H2 200 85983079bc360e10210629670f640076d00fd0f401ebc02dfceb
planebasin.com/ 2 B
516 B 356ms
23ms Ping
application/json 34.111.134.78
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://planebasin.com/85983079bc360e10210629670f640076d00fd0f401ebc02dfceb

Requested by

Host: shiverscissors.com
URL: https://shiverscissors.com/v2fumwIJOo-LsCB0dlG18VSTW43CpWhUEPJuKeRTzrEQdSPPlMr5GymU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.134.78 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

78.134.111.34.bc.googleusercontent.com

Software

Resource Hash

4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 26 Sep 2023 17:37:53 GMT
via: 1.1 google
x-buildnumber: 998028631
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
x-hostname: fen-hoothoot-europe-west1-spot-kjrp
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Tue, 26 Sep 2023 17:37:52 GMT

POST
H2 200 state Show response
permutive.arstechnica.com/v1.0/ 0
70 B 38ms
38ms XHR
text/plain 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v1.0/state?fetch_unseen=true&k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 17:37:53 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

POST
H2 200 segment Show response
permutive.arstechnica.com/clm/v1/ 49 B
107 B 30ms
30ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/clm/v1/segment?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 4186ebd6aecd1b4daba3b56592882ea6b6121d2f2386a13b0e42e3abf75a4f74

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 17:37:53 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
content-type: application/json

POST
H2 201 usage Show response
permutive.arstechnica.com/v2.0/tpd/ 0
87 B 18ms
18ms XHR
text/plain 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/v2.0/tpd/usage?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 26 Sep 2023 17:37:53 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

POST
H2 200 mbox
vidanalytics.taboola.com/putes/ 2 B
151 B 92ms
71ms Ping
text/plain 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidanalytics.taboola.com/putes/mbox
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

x-cache-hits: 0
date: Tue, 26 Sep 2023 17:37:53 GMT
via: 1.1 varnish
x-backend-name: 5i41NEgLZrTBnTzubPzIMu--F_NLB_VIDEO_UI_00102
server: nginx
x-timer: S1695749874.856370,VS0,VE61
x-cache: MISS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 2
x-served-by: cache-fra-eddf8230117-FRA

POST
H2 200 segment Show response
permutive.arstechnica.com/clm/v1/ 49 B
107 B 33ms
33ms XHR
application/json 34.107.161.9
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://permutive.arstechnica.com/clm/v1/segment?k=3c5b06e3-9636-482d-9481-33025da5def5
Requested by: Host: cdn.permutive.app
URL: https://cdn.permutive.app/1dfc40bb-d155-4f15-970e-99450dbfa0e2-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.161.9 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 9.161.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 4186ebd6aecd1b4daba3b56592882ea6b6121d2f2386a13b0e42e3abf75a4f74

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 26 Sep 2023 17:37:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
content-type: application/json

GET
H2 200 userx.20230920-27-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 17 KB
6 KB 11ms
11ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20230920-27-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 989b69cc4a7a74df2bb81583b9bba4187bba1408e28e77adf771d7a9102bc9e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: Af4JxVnJI3vwaax6dyVN7Mi5tqWNHUXv
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:54 GMT
x-amz-request-id: AB25KXHNG1ND709K
age: 22557
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5399
x-amz-id-2: D2LliHCNtBZdSdAmPKC653HK2yQ3nMP7bh2g57eAUAfUE30QaG2mCkWpfZQYoAxOixgtJP/DK9s=
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Tue, 26 Sep 2023 11:21:58 GMT
server: AmazonS3
x-timer: S1695749874.315678,VS0,VE0
etag: "ec3505ddb7b37d1ce4641b0edef9e116"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 17
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 3087

GET
H2 200 distance-from-article.20230920-27-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
2 KB 10ms
9ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/distance-from-article.20230920-27-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bc7692cec5b5fb398b7cb99760f39071969c674103018e07221fbb0046227ce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: 5tzGIrTFdPWtk.hAzHqSU3ZWXTISjxNY
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:54 GMT
x-amz-request-id: S4PKK3M68C7EMD1Q
age: 22586
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1133
x-amz-id-2: prxzQZG87UqBTvXusxw3XZdIgz29VX2m+Gyk0UL7lH+yOOzHcWBrqOzZU9qeiCQMlg+JNsCXX54=
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Tue, 26 Sep 2023 11:21:28 GMT
server: AmazonS3
x-timer: S1695749874.315920,VS0,VE0
etag: "5362edb5947d6818277e58444aa13c42"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 69
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 14484

GET
H2 200 article-detection.20230920-27-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 3 KB
2 KB 10ms
10ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/article-detection.20230920-27-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/condenast1-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ecedae9d9bd8da80442389273ce409f31a27829736bbc659b5aa9d5fd1089495

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: EIfM.zdTFoxMAOcEEKgAAGAthm7pJSNd
content-encoding: gzip
via: 1.1 varnish
date: Tue, 26 Sep 2023 17:37:54 GMT
x-amz-request-id: CK374018WK0R4DF2
age: 22592
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1293
x-amz-id-2: I4XiHWxILF+aL8LgX3PhJO+AtG+EP35pMpP/B57wdHrnAD8Kn6v9Hr0A/LNU4MVhAclOcKqymlM=
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Tue, 26 Sep 2023 11:21:22 GMT
server: AmazonS3
x-timer: S1695749874.315963,VS0,VE0
etag: "68d9b1749f8cf3b949b9a0d0afb3d085"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 68
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 14507

GET
H2 204 abtests
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
506 B 104ms
104ms Image
text/plain 141.226.124.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/abtests?route=US:CH:V&tvi48=10638&tvi50=9563&lti=trecs&ri=24f5d1ab19360a9f2b4aa47fe25d63f4&sd=v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ&ui=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&pi=/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff&wi=-4647761854257520188&pt=text&vi=1695749868851&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1695749874306%7D&tim=19%3A37%3A54.306&id=2721&llvl=2&cv=20230920-27-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.124.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 26 Sep 2023 17:37:54 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H/1.1 200
OK t Show response
elsa.memoinsights.com/ 107 B
461 B 102ms
102ms Script
application/javascript 35.169.143.178
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://elsa.memoinsights.com/t?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&author%5B%5D=Dan%20Goodin&title=Chinese%20hackers%20have%20unleashed%20a%20never-before-seen%20Linux%20backdoor&date=2023-09-18T23%3A25%3A04Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&cb=MEMO.API.callbacks.cbekndfbuqj&v=v3.0.6&t=5000&e=5000&s=0
Requested by: Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.143.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-143-178.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 088d86c22b89a3c9c084980830c9454c8f8b961d48eaf72e51b1c2572c1832a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 17:37:54 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64, Sec-CH-UA-Form-Factor
Connection: keep-alive
Content-Length: 107
content-type: application/javascript

GET
H2 204 supply-feature
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
506 B 104ms
104ms Image
text/plain 141.226.124.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/supply-feature?route=US:CH:V&tvi48=10638&tvi50=9563&lti=trecs&ri=24f5d1ab19360a9f2b4aa47fe25d63f4&sd=v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ&ui=77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c&pi=/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff&wi=-4647761854257520188&pt=text&vi=1695749868851&d=%7B%22event_type%22%3A%22distance_from_article%22%2C%22event_state%22%3A%22reported%22%2C%22event_value%22%3A%221465.140625%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=19%3A37%3A54.354&id=7388&llvl=2&cv=20230920-27-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.124.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 26 Sep 2023 17:37:54 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 204 bulk-metrics Show response
ch-trc-events.taboola.com/condenast-arstechnica/log/3/ 0
521 B 106ms
105ms XHR
text/plain 141.226.124.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ch-trc-events.taboola.com/condenast-arstechnica/log/3/bulk-metrics?tvi48=10638&tvi50=9563&route=US%3ACH%3AV&lti=trecs&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230920-27-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.124.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://arstechnica.com
pragma: no-cache
date: Tue, 26 Sep 2023 17:37:55 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 204 bulk Show response
trc.taboola.com/condenast-arstechnica/log/3/ 0
610 B 114ms
113ms XHR
image/gif 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/condenast-arstechnica/log/3/bulk?tvi48=10638&tvi50=9563&route=US%3ACH%3AV&lti=trecs&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230920-27-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 104
date: Tue, 26 Sep 2023 17:37:55 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 97439
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230117-FRA
pragma: no-cache
server: nginx
x-timer: S1695749875.328955,VS0,VE104
content-type: image/gif
access-control-allow-origin: https://arstechnica.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
701 B 11ms
10ms Image
image/png 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://arstechnica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
date: Tue, 26 Sep 2023 17:37:55 GMT
via: 1.1 varnish
x-amz-request-id: 1V3H9VCVPBG1B2M0
age: 11420
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: ecEkqIT2UiXx3kNvrYZW8vzeO4j3+ukvjDCTHGC9cb5Y1awQ9zHumBitHqhNLm54Y/VcUMLqVJ0=
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1695749875.348731,VS0,VE0
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
content-type: image/png
abp: 24
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 6141

Verdicts & Comments Add Verdict or Comment

157 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.taboola.com/condenast-arstechnica/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_fd91e62ff925f8e39b912c07b52a7462_77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c_1695749868_1695749868_CNawjgYQ1O1cGLOaxpStMSABKAEw4QE4kaQOQLe-DkjdztkDUPgDWABgAGio-rr6-8Cv0m5wAQ
.arstechnica.com/	1970-01-20 17:12:05	Name: ars_user Value: 0%2CGuest
arstechnica.com/	1970-01-20 23:48:05	Name: usprivacy Value: 1---
.arstechnica.com/	1970-01-20 15:02:30	Name: session_seen_posts Value: 0
.arstechnica.com/	1970-01-20 15:45:41	Name: seen_posts Value:
arstechnica.com/	1970-01-20 23:48:05	Name: __srret Value: 1
.taboola.com/	1970-01-20 23:48:05	Name: t_gid Value: 77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c
.taboola.com/	1970-01-20 23:48:05	Name: t_pt_gid Value: 77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c
.adscale.de/	1970-01-20 23:44:45	Name: uu Value: 4115335c25164e8a83bde8fba698d297
.rubiconproject.com/	1970-01-20 23:48:05	Name: khaos Value: LN0LOTUI-1P-1490
.rubiconproject.com/	1970-01-20 23:48:05	Name: audit Value: 1\|ToWrTfOtAD6M9w6l1VdEOhvdR027EUu2W5bi5E51Q+ZlUPMAGcoueQHKj2b9jyy+4YOKYwHnuiQkEa5N2k7U1SEEFoCDRlfYBn0LdTvpHNwhd3BJ9Iks+KfGnvA7ZeXh3OlDu/ORdD8=
.adscale.de/	1970-01-20 23:44:45	Name: cct Value: 1695749870168
arstechnica.com/	1970-01-20 23:48:05	Name: __srui Value: 699f4b59-5c93-11ee-8711-4ab0e8edb927
.doubleclick.net/	1970-01-21 00:24:05	Name: IDE Value: AHWqTUniefw72g0Kvp538aksRfXcOEMaQbLxtyRYS2kQ6lyD1RUiuo8ju2slmlo8Y_k
.contextweb.com/	1970-01-20 23:40:53	Name: V Value: d5YfLORwKl7W
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: bc9f049620348fc2
.bidswitch.net/	1970-01-20 23:48:05	Name: tuuid Value: a1f287ba-f63d-4131-a612-2ae893c09fc2
.bidswitch.net/	1970-01-20 23:48:05	Name: c Value: 1695749870
.bidswitch.net/	1970-01-20 23:48:05	Name: tuuid_lu Value: 1695749870
.criteo.com/	1970-01-21 00:24:05	Name: uid Value: bfa7acdd-6acd-48a0-87da-14dfb1e18e12
.arstechnica.com/	1970-01-20 19:24:38	Name: permutive-id Value: 3c4e9c51-9757-4b50-b1e5-bd9d540e3eef
.3lift.com/	1970-01-20 17:12:05	Name: tluid Value: 2593420777758272592395
.openx.net/	1970-01-20 23:48:05	Name: i Value: 4c12eba7-9d26-084b-12be-f5c39903ee21\|1695749870
.bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co/	1970-01-20 17:13:32	Name: pxid Value: 33527a37-75ae-4eb6-ac6e-7553642bf9f8
.mfadsrvr.com/	1970-01-21 00:38:29	Name: tuuid Value: 12abd0a7-8fb7-4d87-a254-a985a737844c
.mfadsrvr.com/	1970-01-21 00:38:29	Name: c Value: 1695749870
.mfadsrvr.com/	1970-01-21 00:38:29	Name: tuuid_lu Value: 1695749870
.mediago.io/	1970-01-20 23:48:05	Name: __mguid_ Value: 199e3e9baf07863b2v7fp400ln0lou2y
.yahoo.com/	1970-01-20 23:48:27	Name: A3 Value: d=AQABBO4WE2UCEITe6gsWRq8TdqtBncjlwn4FEgEBAQFoFGUcZQAAAAAA_eMAAA&S=AQAAAkTB6r9EDCFibfi2ckyt0wg
.mfadsrvr.com/	1970-01-21 00:38:29	Name: ssh Value: !taboola,1695749870
arstechnica.com/	1970-01-20 23:48:05	Name: OneTrustWPCCPAGoogleOptOut Value: true
permutive.arstechnica.com/	1970-01-21 00:38:29	Name: permutive-id-HttpOnly Value: 3c4e9c51-9757-4b50-b1e5-bd9d540e3eef
.arstechnica.com/	1970-01-20 23:48:05	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+Sep+26+2023+19%3A37%3A51+GMT%2B0200+(Central+European+Summer+Time)&version=202306.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=dd6bad73-6b4f-4eb8-ac07-77b3dd11da9a&interactionCount=0&landingPath=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2023%2F09%2Fnever-before-seen-linux-backdoor-is-a-windows-malware-knockoff%2F&groups=C0001%3A1%2CC0003%3A0%2CC0004%3A0%2CC0002%3A0%2CSTACK42%3A0
.arstechnica.com/	1970-01-21 00:31:17	Name: _awl Value: 2.1695749871.5-d5717264ea028edf2b873a2bec2dc55b-6763652d6575726f70652d7765737431-0
.pinterest.com/	1970-01-20 23:48:05	Name: ar_debug Value: 1
.ct.pinterest.com/	1970-01-20 23:48:05	Name: _pinterest_ct_ua Value: "TWc9PSZqczQ4b0R2eG90ZUR1ME5jRGFyUnJmN3NMbzFSMFFLYlp0R3FnUXp2STRlNDhkQUpGN1VxaU5DVUVldVFwbEtKTEtFL1pBV3FYMmRuZ0lJbE9NM3RReGxsNjUzMHZDTnBGMzhkbU9SdEJ4bz0mM3NRYlRDQXFYY0JDaTQxN1VkS3l6T0JiV244PQ=="
arstechnica.com/	1970-01-20 23:48:05	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3D77c1265d-1697-44a2-89d1-ad8412fa86b3-tuctc0c9c6c
arstechnica.com/	1970-01-20 15:02:30	Name: _dd_s Value: logs=1&id=eb66610b-4ba7-4f80-99cf-2b47de2d6e3d&created=1695749870885&expire=1695750770885

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads-static.conde.digital
api.cnevids.com
api.condenast.io
arstechnica.com
assoc-na.associates-amazon.com
bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co
bh.contextweb.com
c.amazon-adsystem.com
capture.condenastdigital.com
cdn.arstechnica.net
cdn.cookielaw.org
cdn.mediavoice.com
cdn.memo.co
cdn.permutive.app
cdn.permutive.com
cdn.taboola.com
cds.taboola.com
ch-trc-events.taboola.com
cm.g.doubleclick.net
config.aps.amazon-adsystem.com
connect.facebook.net
ct.pinterest.com
dis.criteo.com
dp8hsntg6do36.cloudfront.net
dwgyu36up6iuz.cloudfront.net
eb2.3lift.com
elsa.memoinsights.com
geolocation.onetrust.com
gum.criteo.com
ib.adnxs.com
id5-sync.com
ih.adscale.de
imasdk.googleapis.com
match.adsrvr.org
match.taboola.com
mb.moatads.com
p.skimresources.com
pagead2.googlesyndication.com
permutive.arstechnica.com
pips.taboola.com
pixel.adsafeprotected.com
pixel.rubiconproject.com
planebasin.com
player-frontend.cnevids.com
player.cnevids.com
plugin.mediavoice.com
polarcdn-terrax.com
pr-bh.ybp.yahoo.com
r.skimresources.com
rtb.mfadsrvr.com
s.skimresources.com
s0.2mdn.net
securepubads.g.doubleclick.net
segment-data.zqtk.net
shiverscissors.com
simage2.pubmatic.com
ssbsync.smartadserver.com
static.adsafeprotected.com
sync-t1.taboola.com
sync.taboola.com
t.skimresources.com
tg.socdm.com
trace.mediago.io
trc.taboola.com
u.ipw.metadsp.co.uk
u.openx.net
vidanalytics.taboola.com
www.datadoghq-browser-agent.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
z-na.associates-amazon.com
z.moatads.com
104.16.112.202
104.18.131.236
104.18.41.170
104.19.144.23
104.19.149.54
108.138.1.25
108.156.69.71
13.224.189.39
13.225.78.121
13.225.78.91
13.225.83.103
13.248.245.213
130.162.160.243
141.226.124.48
141.226.224.32
141.226.228.48
141.95.98.65
142.250.184.232
142.250.185.170
142.250.185.66
142.250.186.38
15.197.193.217
151.101.0.239
151.101.192.84
151.101.193.44
151.139.128.10
157.240.251.9
172.217.16.194
172.64.155.119
178.250.1.11
178.250.7.11
18.189.149.173
18.197.117.175
18.238.243.129
18.238.243.94
18.66.147.35
198.47.127.205
202.241.208.57
205.234.175.175
208.93.169.131
216.58.206.34
216.58.212.130
23.32.185.123
3.120.12.191
3.66.159.214
34.107.161.9
34.111.134.78
34.149.178.20
34.98.64.218
35.169.143.178
35.190.59.101
35.190.91.160
35.201.67.47
35.208.249.213
35.210.239.72
35.241.9.51
37.252.171.149
44.215.116.28
52.222.236.51
52.222.250.126
52.73.210.95
54.172.92.248
54.77.73.229
63.33.177.221
63.34.148.139
69.173.144.138
81.17.55.108
005f315d6f7cf50f04161a51e17287b5040b513267560b083a3cf39d0b892ba8
0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c
029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca
030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06
0396be2ab58ec30babd0838d7e37d6407475d4361be85ee7451dbac9186add57
0622208799920b6a0cd84617733b0df25deba855ce6bb5f4ba06d2a5d67ec553
06b33c040105224101afcdaacd82b6dfb3ea1bf9ef3d7478cf5fa163a0ad65e0
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
088d86c22b89a3c9c084980830c9454c8f8b961d48eaf72e51b1c2572c1832a9
08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e
09b627933e01faa4979dc5661f7e616c7db1c12ea1984ca0549bdb253d24da9b
0b5c6a8d4a856db56da956eced8af9a5eb6e0a89dc67de5ffc4c83513472a3cc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bfbbc57a6a01182f738b9d582dd16a6b1075954a501f8c995af2a7e5b40d56e
0e09024ab9d75e3cb7d6ec91068af15e78fe4d124c8210207b9ec63a24ec1145
1097abb6f0992cccc79428374463e7f23b99dae5eb85d7317b20bd57c96031bb
1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4
152b45567158d8c22200593f50cfd688c75a4df6f68a35a9162362eace9e21ea
16518a981bbe659ea6a0b0c085d0c2a20992fa1808947636e19f6bae2b57d376
16708dda2536b4b3782313db4a6ec8456cd84da7ae0f56d7d2455e68fc9bc4f0
16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8
17a60971acd82c65cd57863f07cbc2fc9124483c6fb6f9bfa270019c058a479c
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
190d0dc58b8d1d9ece2f3cd82d59697e4ebf54e706f87f658e963f4d5ad4bbf8
1bf55bc00dbf13180884211c3d301729e67b81f3456225c1fbf97d271d636509
1c7dcc8216c6f82da2998ceeac2523632c7f9bffe510824b6d082621201f2012
1defb6bc54a7ee9c066136908360e8455c23ee9ad0dec9924e7255d7948cd4be
1f466b08649eef5ad16c20f6d7207bf8818cb107b6241950dbc568cdffc03d63
1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378
20660a9ef7ec454c15b2dc62b3db084e0cc9f74c5bb6de71a96fb1a54aef00f8
20696781e686ad80a8e82078a48b617b5b1e0cdc1cc5e69adb0e83180b7dbd4b
240b8cad9e591f690ab9f22cf725f5e866db19653c3002040631ff2d7179b935
241df04a32e1a0a4da58eb35f672c5f0b4e1fa131475803ce3222bf493632d5e
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27348ba4b98bd80f1038496ec5dea6ad865680540058fb085b8ca199b8aaf4c5
28ed651acc8b89aa0ff6d9d19d3026c41bf80b05a4a5bfbd9805e68add5e6cdf
29637e0647104ccc5d5583e652db29ce99e947c858c3d9502960e7ea7f1aea19
2a979c6a3345d7f1a4c1d769f8e391b84e11b4af338bd99c3243deee51213ada
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
3059a982a71dd23c723000226fffebca5e28cf1be474afa7de0ebe1120492bff
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
321b6d434acaa0d2b57801f86fb4ad3444a8e946ac7a07453108515456c7fbcb
35fb4ac258b8026473b1b8858416d0a62e5a559ccd58aadbd83ac6c5ebdfe583
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
392c32f20b9f867852a946a6ed1c5e21476df9619083548b6585d80a3b5f9bd4
3ad77d287a5a40f8cc211ca4bfa3fae99e4ec8178df32b18bfaaad175c5e1dcb
3b0209841325362235c221628e471145726897e4e1c9b210b6e6b2217fdf2ee8
3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c
3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a
3f2cf5f857c617761a251ceef8f6ed452a7690e21f16eff0a70dddf9beea8633
3ffb2898bfdc64f6aa63183418b7c42a529f37505c70f68270abf62d90d6babe
4046579e6e4eb157620e7ed218f64cca8b290ba6269d762df786c3c5e069cc5e
4087f1bfd7ecba347ea98b2d866ef3140df3a87fc2884b44b157c82cc99192fd
4186ebd6aecd1b4daba3b56592882ea6b6121d2f2386a13b0e42e3abf75a4f74
4296fe8b1bcc719a930a026983416dbab46012b29651dcbdbf975f02cb6a8bcf
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
46a9ddb1f206a46900872e0a832750ae06925528f81883a3d3517fdb42aefb6d
46ef1fc84c21011a1a5794b389c0fa7adae622326617bc87835e8b17c524ae49
4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd
49ac1501c28bdd468dc1c32a98a2cae287639d9f4c34f22bc29c006eb085d5eb
4bc7f443f57d55c7eba98816a3d1054bdcee0cc74f4c1302f82056d118f141bb
4d04b7d4a062fa7873d675612b23bd067cf886a0de7759d617e14bf1641d5105
4d7b91ed4a7804e22b94e4873af273def73469e80b740bd9787e287003058868
4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8
4fb846048afd0ee79141b669572402fc0a024d937c00977e124405d11cd319fe
51390b40fe41cf2c19204d4592784c751b54d4c2dc72869ce5eab3a11ba91877
5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
560bf130580f795cffabe8de5f2c69ec3f92921e1841ae6e55d516a046805cc7
56f8838a24cb0cc47dc34a19d6b84d6ce8bf8086b1682bbb990abc13b1e2da65
571479d52cd675db5573fe46973c62cba6d8224a76136fcefeb90f7dc42a6391
576b3a57aedb0ee6471245d8d079ce89b27123154c214cedf48707d714f3c29a
5be5b0170ad4bbd2be91182d137933e7de9c7e86b09ec855a4bac015ebfd746f
5c413de57e629fbba188d440b4d7e5f2e4458ce3be46973223d8b44caf071f52
617e0f9fee7ef0ca891735246b4b5a61caa3622db4a4256685b061c9f43bd053
62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
65d564651fbe230fc1103f76cbd09646a957923807d999c0bcdce19e5b42205a
66ee85cd105abef9d914fdae436f835a05e8cce2842bb283521c7e268a20ccae
6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a
7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3
7475f5c70d3b6020b6f4621b2e69fba3360bea00a913e60b085af165b93842ec
74b06d01f4a9d3962f65e38f0b8220772f88651487ef8e648d8f7d35d34923a3
76a942b00d27a492f8c322bd161121bf2c010d6453ded0cc0788477bc1c7f61d
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207
7d91c04c657709af03f6dad61d375c3208d18ab5ff7851c2472007dc05201342
7e5cc51adbe2dcaa5b277d98f2d220480bba6d99ca031e4aa5ceace2a76f895e
7fa4de6ff22e83ba167f496fab7c2d37f216dcb0158d0b2a80712945d27c317d
7fc88c65d46e83b3f3e9f098f05fd639480332fc3718cd714725e2e4633af4e8
807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752
80b9b7bcb98fcb97f7c595b97e92a34db3cc45f07ba183e0711c7c06b8082d83
82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391
83a366075eb2387c6d9f848f42b08df0546027333eccf5813edf95ba45709be2
84c4f20eda3cf2296d177dd9cc3332c951d28211a06765ef5a876d8b71dafcfb
85c33811c2b04e4e02babe2fd6bd7ac0035f93e95827116429bbda2cf9c6c95d
85db95dbe15c810a710ca6d9094a2a29f2eeea05791cc7aaab7af8939684b978
86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a
86e4d2cf38117f2220bc7dedd75e69d4640ae34b4ee254cd950a3fc60d4a9783
89a04f1809b96eca28e1646ccc40bfa7b714142a610b41e40082bbebca8ea6c6
8b46b307807e5cec27d9bb578a14f0d90ff3ace1eaaf6c7e682734337c0e0378
8b72952d3fd656ee6594f0d9735d928113ad1d590705b14f77abf75f1d4d5d69
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dc40a5096530714279199bd98ffbe44f3108bf9dd183ec74d85f69705d86e25
91eabae06def7894e0b0e2ddc0b6e52936901b1dcae3a88d2055dcaed2894a11
9431bc6d1a6d036a70c92dfc9000d7965f939671a59705bdd01c3e652048ed9a
948c1b95f1dbdcb68ad1c83e789f24968a3e487563b42fd5451f4430791b7e30
94c8d3cdec068da4c6410807027011851e1e3b88d21953f5069d5a1acc2ad5fe
989b69cc4a7a74df2bb81583b9bba4187bba1408e28e77adf771d7a9102bc9e2
9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2bd43c80adc73ae26472a90ec3bd9df44a5b7d2dafb133b8660efd800c719b1
a4b516c88139845d962dc7d766587ad4062bc40c0f84b8aab837c0f799aa43a4
a5dbcaed5ef12e37fd22e8815543bd838cf66314be716f4b9c2aeb1272a0ec7b
a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01
aa3b9513abbbf65a2c8483122648fce1b39b1afa2a69bdf863242f1411baba58
ae9e030c99d4aa20f6a2692e49269d730bbccdce57f985fd3880f75dce5e4c81
b6219572ff2614c0f7b38815e5f2d8bac96c758d0e455152d2afd7f417395dc4
b923c564473d30245b19bc93eaa384225d8ca55118931f89df58e4de539ecb77
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc7692cec5b5fb398b7cb99760f39071969c674103018e07221fbb0046227ce0
c04c88027d9c7fc7b6eabbd7d2927062161e0c012aece1ff7cdd87a9ef7f8452
c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34
c1dd93cc3f1638f369af566115ae74546e64bdafc4319d9853b5c15a3d3f4970
c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2
c390e14d82304a2d9f01faedb819791a5553764c90bd4830c3a27b6108006644
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220
c8d993ec25ba5115247b7767e396d0ee59f0f3a14bec3355da68caf596767f02
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a
cb52c9b5c6b4f30eb9580d4414ecd97d408ffb0579fc9792f379da7e9e43221c
cba2ea8a5c8a1482e3215c4eca8c019a9a6f239d30ee2b4040fc1121ea67c94b
ce4b865cf3629aa782468de4e0c9aa7dbd539d654d90c4779613f11d55a13d2e
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0883dc51f5a465d72c91dc84ff0f9bd25913fe00718e16ce7e18a5c54ed2c50
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d2438f306200d5370bbe42e88464fdcd6b5f1eba1c29bf077d574e6d241eaf26
d251fd29e28ab21162d41460457570b34e863f86b4845e0cf2be736875e24c86
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3
d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d9d092a1d58c2ce4ad8018fbe856d99a03d16395c3161c53fa970cc7382a6a0f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de24551bd4396fc8579b2d87ce01944553dd48fb52775d14373725a50efa0c37
de5e37739b5797e8ba9dba4a2dcb65f37c36a65fe839cb306162e21c74ba166e
def2a184135eba029f8f785b3ed69edc5f36b368226ce1fcfeda4f5aa301d1b6
e19f32a9fd5fb67f23f7a4db0640622314c70ac1f02b83cd9f75d228a8b87762
e1ecb7f0b8bda1e5b43f2fc26f0f566c46ff6d5a94b5794c6be7b8242acc6663
e213cf8f887633ac8924c0390bb121f259a895ab8432013f5b6e1c37727802aa
e336ff50623cff960c2396944be4392139f63dcc032e5f3428d81489fdfe697a
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74b9cb9d8871d300d2a1d36ce2cd00dfbfe0c5d8066d1d415c4ce620a919d47
e8830a414dfeb4c0e0f519d3419f69849df9226f329357c938333dbf2c956f63
e944e6d1b0904bc0c1298fe828ec727bc6a9b46f0b4799e197a1a2acc46fb685
ecedae9d9bd8da80442389273ce409f31a27829736bbc659b5aa9d5fd1089495
ee487c98e8e014c353b73ee8c1008298c95b1c5dbb828b63dfe68a022b1dd352
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5070f02c82cd5ac7d09e469fc9c90c21799ee4da016c8cb9d713df5d40ba904
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d
f9d9e96c4439beeca49a1a10f9dffe6f5cd0b604d13aa13af170d0bc62d8ca1b
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

arstechnica.com Open in urlscan Pro 18.189.149.173 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

193 Requests

90 %HTTPS

0 %IPv6

51 Domains

73 Subdomains

59 IPs

8 Countries

4762 kBTransfer

15451 kBSize

38 Cookies

69 Outgoing links

Page URL History

Redirected requests

193 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

arstechnica.com Open in urlscan Pro
18.189.149.173 Public Scan

Screenshot
Live screenshot

Full Image

193
Requests

90 %
HTTPS

0 %
IPv6

51
Domains

73
Subdomains

59
IPs

8
Countries

4762 kB
Transfer

15451 kB
Size

38
Cookies

193 HTTP transactions
6 data transactions