www.zdnet.com Open in urlscan Pro
2a04:4e42:1b::444 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Submission: On December 09 via manual (December 9th 2020, 1:59:30 pm UTC) from PL

Summary HTTP 251 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 38 IPs in 4 countries across 26 domains to perform 251 HTTP transactions. The main IP is 2a04:4e42:1b::444, located in Ascension Island and belongs to FASTLY, US. The main domain is www.zdnet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 24th 2020. Valid for: a year.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	2a04:4e42:1b:... 2a04:4e42:1b::444	54113 (FASTLY) (FASTLY)
6	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:6c0... 2a02:26f0:6c00:19a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.193.188 151.101.193.188	54113 (FASTLY) (FASTLY)
3	151.101.13.194 151.101.13.194	54113 (FASTLY) (FASTLY)
20	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
2	162.247.243.147 162.247.243.147	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	34.102.213.242 34.102.213.242	15169 (GOOGLE) (GOOGLE)
2	13.35.254.118 13.35.254.118	16509 (AMAZON-02) (AMAZON-02)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1 3	172.217.22.38 172.217.22.38	15169 (GOOGLE) (GOOGLE)
8	34.206.27.228 34.206.27.228	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:3::645 2a04:4e42:3::645	54113 (FASTLY) (FASTLY)
2	2a02:26f0:6c0... 2a02:26f0:6c00:287::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
28	104.79.89.133 104.79.89.133	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:81e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE)
3	52.212.177.60 52.212.177.60	16509 (AMAZON-02) (AMAZON-02)
1	52.28.196.64 52.28.196.64	16509 (AMAZON-02) (AMAZON-02)
3	2.16.177.50 2.16.177.50	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
20	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:46:... 2a04:4e42:46::444	54113 (FASTLY) (FASTLY)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2006	15169 (GOOGLE) (GOOGLE)
4 6	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
24	23.212.157.206 23.212.157.206	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE)
1	143.204.90.50 143.204.90.50	16509 (AMAZON-02) (AMAZON-02)
8	34.228.35.190 34.228.35.190	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2.20.189.68 2.20.189.68	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.20.191.18 2.20.191.18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
251	38

38 2a04:4e42:1b::444 (Ascension Island)

ASN54113 (FASTLY, US)

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet1.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet4.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cmg1.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet3.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet2.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:19a::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.188 (United States)

ASN54113 (FASTLY, US)

at.cbsi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.13.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.147 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.213.242 (United States)

ASN15169 (GOOGLE, US)
PTR: 242.213.102.34.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.35.254.118 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-254-118.fra6.r.cloudfront.net

cdn.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.22.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s16-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.206.27.228 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-27-228.compute-1.amazonaws.com

make.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::645 (Ascension Island)

ASN54113 (FASTLY, US)

vidtech.cbsinteractive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:287::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

684dd305.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 104.79.89.133 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-79-89-133.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bea333179fc92527b1d28d0071386440.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.212.177.60 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-177-60.eu-west-1.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.196.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-196-64.eu-central-1.compute.amazonaws.com

www.summerhamster.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.177.50 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-177-50.deploy.static.akamaitechnologies.com

clipcentric-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:46::444 (Ascension Island)

ASN54113 (FASTLY, US)

rev.cbsi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 23.212.157.206 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-212-157-206.deploy.static.akamaitechnologies.com

cbsdfp5832910442.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.90.50 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-90-50.fra50.r.cloudfront.net

ad.clipcentric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.228.35.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-35-190.compute-1.amazonaws.com

tr.clipcentric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.189.68 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-20-189-68.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.191.18 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-20-191-18.deploy.static.akamaitechnologies.com

kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba19 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, EU)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bb072ec3513fd1a9cd21b9b9835ee601.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	googlesyndication.com bea333179fc92527b1d28d0071386440.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com bb072ec3513fd1a9cd21b9b9835ee601.safeframe.googlesyndication.com	460 KB
34	cbsistatic.com zdnet1.cbsistatic.com zdnet4.cbsistatic.com cmg1.cbsistatic.com zdnet3.cbsistatic.com zdnet2.cbsistatic.com	830 KB
31	moatads.com z.moatads.com mb.moatads.com geo.moatads.com px.moatads.com	725 KB
28	doubleclick.net 1 redirects securepubads.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net googleads.g.doubleclick.net	260 KB
24	moatpixel.com cbsdfp5832910442.s.moatpixel.com	10 KB
20	ampproject.org cdn.ampproject.org	387 KB
10	cohesionapps.com cdn.cohesionapps.com make.cohesionapps.com	16 KB
9	clipcentric.com ad.clipcentric.com tr.clipcentric.com	1 KB
9	googletagservices.com www.googletagservices.com	248 KB
9	google.com 4 redirects adservice.google.com www.google.com	2 KB
7	akamaihd.net 2 redirects clipcentric-a.akamaihd.net trial-eum-clientnsv4-s.akamaihd.net kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net	69 KB
6	cookielaw.org cdn.cookielaw.org	107 KB
5	zdnet.com www.zdnet.com urs.zdnet.com	199 KB
4	twitter.com platform.twitter.com	31 KB
4	cbsi.com at.cbsi.com rev.cbsi.com	9 KB
3	fastly.net confiant-integrations.global.ssl.fastly.net	119 KB
3	go-mpulse.net c.go-mpulse.net	52 KB
2	akstat.io 684dd305.akstat.io	708 B
2	nr-data.net bam-cell.nr-data.net	1 KB
1	google.de adservice.google.de	803 B
1	2mdn.net s0.2mdn.net	43 KB
1	summerhamster.com www.summerhamster.com	182 B
1	google.fr adservice.google.fr	803 B
1	cbsinteractive.com vidtech.cbsinteractive.com	281 KB
1	onetrust.com geolocation.onetrust.com	392 B
1	newrelic.com js-agent.newrelic.com	11 KB
251	26

	Domain	Requested by
32	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.zdnet.com confiant-integrations.global.ssl.fastly.net tpc.googlesyndication.com cdn.ampproject.org
24	cbsdfp5832910442.s.moatpixel.com
21	px.moatads.com
20	cdn.ampproject.org	confiant-integrations.global.ssl.fastly.net
20	securepubads.g.doubleclick.net	zdnet3.cbsistatic.com securepubads.g.doubleclick.net www.zdnet.com www.googletagservices.com
15	zdnet1.cbsistatic.com	www.zdnet.com zdnet1.cbsistatic.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com
10	zdnet3.cbsistatic.com	www.zdnet.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com
9	www.googletagservices.com	www.zdnet.com securepubads.g.doubleclick.net rev.cbsi.com
8	tr.clipcentric.com	www.zdnet.com
8	make.cohesionapps.com	cdn.cohesionapps.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
7	www.google.com	4 redirects www.zdnet.com
7	z.moatads.com	zdnet3.cbsistatic.com www.zdnet.com securepubads.g.doubleclick.net
6	cdn.cookielaw.org	www.zdnet.com cdn.cookielaw.org
6	zdnet4.cbsistatic.com	www.zdnet.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com
4	googleads.g.doubleclick.net
4	platform.twitter.com	cdn.cookielaw.org platform.twitter.com
4	www.zdnet.com	zdnet3.cbsistatic.com
3	clipcentric-a.akamaihd.net	www.zdnet.com
3	ad.doubleclick.net	1 redirects www.zdnet.com
3	confiant-integrations.global.ssl.fastly.net	zdnet3.cbsistatic.com confiant-integrations.global.ssl.fastly.net
3	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net zdnet1.cbsistatic.com
2	rev.cbsi.com	www.zdnet.com
2	geo.moatads.com	z.moatads.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	684dd305.akstat.io	zdnet1.cbsistatic.com c.go-mpulse.net
2	cdn.cohesionapps.com	www.zdnet.com cdn.cohesionapps.com
2	bam-cell.nr-data.net	js-agent.newrelic.com
2	at.cbsi.com	zdnet3.cbsistatic.com
2	zdnet2.cbsistatic.com	www.zdnet.com
1	bb072ec3513fd1a9cd21b9b9835ee601.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	ad.clipcentric.com	clipcentric-a.akamaihd.net
1	s0.2mdn.net	www.zdnet.com
1	googleads4.g.doubleclick.net	www.zdnet.com
1	www.summerhamster.com
1	mb.moatads.com	z.moatads.com
1	bea333179fc92527b1d28d0071386440.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.fr	securepubads.g.doubleclick.net
1	vidtech.cbsinteractive.com	zdnet2.cbsistatic.com
1	urs.zdnet.com	zdnet2.cbsistatic.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	js-agent.newrelic.com	www.zdnet.com
1	cmg1.cbsistatic.com	www.zdnet.com
251	48

This site contains links to these domains. Also see Links.

Domain
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
www.techrepublic.com
downloads.zdnet.com
en.wikipedia.org
twitter.com
sansec.io
www.youtube.com
www.cnet.com
redventures.com
www.facebook.com
www.linkedin.com
narratives.zdnet.com
privacyportal.onetrust.com
cbsi.secure.force.com
academy.zdnet.com
onetrust.com

Subject Issuer	Validity	Valid
*.zdnet.com DigiCert SHA2 High Assurance Server CA	`2020-01-24` - `2021-06-18`	a year	crt.sh
*.cbsistatic.com DigiCert SHA2 High Assurance Server CA	`2019-02-22` - `2021-02-26`	2 years	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
akstat.io DigiCert Secure Site ECC CA-1	`2020-05-06` - `2021-08-05`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-23` - `2021-05-07`	6 months	crt.sh
*.onetrust.com DigiCert SHA2 Secure Server CA	`2020-05-21` - `2022-07-27`	2 years	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-21` - `2021-04-22`	a year	crt.sh
*.at.cbsi.com DigiCert SHA2 High Assurance Server CA	`2019-12-17` - `2021-12-21`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
cdn.cohesionapps.com Amazon	`2020-02-17` - `2021-03-17`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
make.cohesionapps.com Amazon	`2020-02-24` - `2021-03-24`	a year	crt.sh
vidtech.cbsinteractive.com Sectigo RSA Organization Validation Secure Server CA	`2020-11-17` - `2021-11-17`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.google.fr GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.moatads.com DigiCert SHA2 Secure Server CA	`2019-03-12` - `2021-06-10`	2 years	crt.sh
*.summerhamster.com Let's Encrypt Authority X3	`2020-11-02` - `2021-01-31`	3 months	crt.sh
aka.clipcentric.com R3	`2020-12-05` - `2021-03-05`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
rev.cbsi.com DigiCert SHA2 High Assurance Server CA	`2020-04-22` - `2022-04-27`	2 years	crt.sh
clipcentric.com Amazon	`2020-03-05` - `2021-04-05`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 20 frames:

Primary Page: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Frame ID: 1673D0B16C8F79D5552EC96FE8B12364
Requests: 134 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: 8CE138C0B4859B627494DE3EEF74BF7A
Requests: 4 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fwww.zdnet.com
Frame ID: EB6E02F94A6FD482561EF87314B43DE0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.cohesionapps.com/cohesion/xs1.html
Frame ID: 01E98E975B4AD59F3831CEFB09C32ABB
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=ZDNet&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1336616035382857730&lang=en&origin=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&siteScreenName=ZDNet&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=550px
Frame ID: 9AF5208BB6CD8456B739EBC3714D2853
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssaXZrjzqe9xJumPUf2W-dqqh39Zp4YAk6MLGvvxeJ1NC78TSR-48aBKSTHuFW-MTr1M3vkJUfn6ZrB24gyAQydoD_9Yl8J1lVIwsi0fGEu3mUyKmCwyYkgMbZ6D-IiJaVdXp9KPKkG2TZ61nl3xsDTluB_5ruw2LhunUOZ1xJBpNkfq8AZbHv1G0IwIV7A9b_mRtAp121llcUuAQta1pQwG-xVVU6NViV8bI5NrykAddHet6xjDpEjxZZF77JioP6Y0u9QFXYzBJXCdg&sig=Cg0ArKJSzAPpm6UizXVIEAE&urlfix=1&adurl=
Frame ID: 20AF1B7DC8B143084270977C076BE9CD
Requests: 19 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 26B5BC5538EFCF32D6B99C5122C8E8A5
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 45DDCE500A57569AEF161C3CBCCB1ADD
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: D9BF17D598B7D5244E2CCA9ABECDDE83
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstCjxH_C4NaWE1Ifh0xl3JJE8xZ2hnkDz0ITWHqO-JucV_QHpHXYjXIaTIf7e9oc2KXIeNRG2nLhGki163oQ8VvuxTJ55k8HEGmXhMQmRh9HEP-qqXt_ZS68mkPEc26ywVkZ64U6MzwUcYuFa75TSshMuZRCJ1PJzXc-JO7P5ORcMIr3_OIz7gzl6Es8LwrvElPf3psDjftW3CRBvg2RRz7Wa0XRGVRPafYTy2ue4WyKs1e2FWyxivCQeUFjOuSARICRF6JiMj5&sig=Cg0ArKJSzNH9VmxgFyyLEAE&urlfix=1&adurl=
Frame ID: 9F88D4977968E230D2BE926AAA5F374B
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAogRgKYY1XnWrbCtGWEXn5f-dKngAnCX4CGG8z5dzKiYvTCd_P6H5KKF9fwPoQAD_pmIlPGbXwwHW6uEMTa7KIJ1onC4TNm-D-cXRjmZmmps7kL0z7E8m9gssA5dsYunzbQ14wCKjvfz5avk2OyTojdNm5EeoqD4xDxpMnn69sBs4Qa3kAtRRadFHiKs6yz2p3JwLOY2QIDydfBqIkH9cVCt81Ps3lJDBIKDjDuATmLcljW80Hr4v9NOCvOch_rgk_H-V1Wij&sig=Cg0ArKJSzMjKkey-XdCHEAE&urlfix=1&adurl=
Frame ID: 762BAEAEE8407E1EA054412160256BD7
Requests: 4 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 230F34578BE815B0D4B3E5D887DAAE31
Requests: 14 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstxDHevzdXnetj3gAVETtm79AKjrL7qp3-0oDDW3tXfKkzVOcHb6kXfJPanlSF5ir7YKqBn-vffagY77GnK-ZLsMC_2Ar5budkMDCkzSCqIJ61IyWOLN6iAIYbYJfB5dGB07AKZB1wKZVqnc6yPoDWVQLW6NXGcHuLEis-sZiVgAEFNdvHqa9Eh9fXF4toB3dI9OWlPpKGu8U-XJaR3pl_FS3DzN04QB_cKE06zlZOq6kYXdvlz8rvQuREoDZ3DgT5LLEB9NARY_xdSUetIVECf-1WB0kt_V60xxmT_3ZpVQOmIl2b8hoaJqqwK9gWvrkZBPO2pwzvUn-7Ejb8&sig=Cg0ArKJSzGONsPsqXgVoEAE&urlfix=1&adurl=
Frame ID: 73D1365109C23E6AE37F16BBD7C82016
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A594AA98D9E66452185CA7D1AF6F46B5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 53E1ABAAE0CDF4CD23296B8DF461F4AB
Requests: 1 HTTP requests in this frame

Frame: https://ad.clipcentric.com/user-9/resources/store.phtml?v200530
Frame ID: 5EC7ABE4B15559BBBFEE6DDC1CDE2480
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: DDAD83EFA37135F5B18E3CC8CE4FC096
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZp_bE1QHRYDsrDKD2pnJ1tcyLZhYkMTOvlIy4zgeFLLC3iaq4qYjUupKVdCIINJynp8X0LP1OBm1E6PX4nl0nShoqUoqxhxVP16FrOGULEqHFVSMS37XpzcoNqAgXcqJ4RNjz62lgZSpyZP2sYo8mS_9y_iJV9VmMA8sqlp0iUGeZe_zEH2VD5ZjXhO62UofZ3bGByh-bX72CeSASWv3Fr5gATeS-HV27zVm0lR8aPG54RJzM0mzBoq8Qp-HVz-J9u1N4FM6d&sig=Cg0ArKJSzM3iYfO44hSuEAE&urlfix=1&adurl=
Frame ID: EE3B969BD58CEEF56CA238CF0AB25AFB
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBSiTgmhDlJKVq77xf4pv3zFFI1JEUDqZwYt98ubRQf1_VG-_Wv98HIo0FO1j5har-kOf24gO7Yi7qCfA0HziwuLbS6FAO20g1RNT3siBaKUcwXgp5-nPf3GRbN5v92hByKEVLgXDr8BCXEKvAkpHTFalIkK_oq0y0yJS5LXpU4lbwt2JPgUBmA-iE8EtV6aA1h46BM0oA-Rty9l7DFH7uZ98EFPnCLoX6ImtOufxxn-TaZj2cQ6h3V8EXv8tJ3piyP8Z0WlWM&sig=Cg0ArKJSzHo-efeyiE5LEAE&urlfix=1&adurl=
Frame ID: 1591C7EBC9D29EE60935907A1DC09706
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: F5BE2EE3A629E98AC31D10FC65C92BB4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

251
Requests

100 %
HTTPS

50 %
IPv6

26
Domains

48
Subdomains

38
IPs

4
Countries

3863 kB
Transfer

10558 kB
Size

4
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: http://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: http://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: http://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: http://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/resource-library/whitepapers/
Title: White Papers

Search URL Search Domain Scan URL

URL: https://downloads.zdnet.com/
Title: Downloads

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/forums/
Title: TechRepublic Forums

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/CSS
Title: CSS language

Search URL Search Domain Scan URL

URL: https://twitter.com/gwillem
Title: Willem de Groot

Search URL Search Domain Scan URL

URL: https://sansec.io/
Title: Sanguine Security (SanSec)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=1eOEoNIlYi0&t=13s
Title: Lessons cybersecurity teams need to learn from hackers to beat them at their own game (ZDNet YouTube)

Search URL Search Domain Scan URL

URL: https://www.cnet.com/how-to/top-cheap-home-security-devices-in-2020-amazon-echo-smart-cam-wyze/?ftag=CMG-01-10aaa1b
Title: Top 6 cheap home security devices in 2020 (CNET)

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/article/cybersecurity-best-practices-an-open-letter-to-end-users/?ftag=CMG-01-10aaa1b
Title: Cybersecurity best practices: An open letter to end users (TechRepublic)

Search URL Search Domain Scan URL

URL: https://redventures.com/CMG-terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://redventures.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ZDNet/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/zdnet
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ
Title:

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/79ba7c84-ebc2-4740-8d11-bf1cc4501e59/ae88e03f-2b16-4276-9980-27124ba4b2c1
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://cbsi.secure.force.com/CBSi/knowledgehome?referer=zdnet.com
Title: Site Assistance

Search URL Search Domain Scan URL

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/B24946233.286791742;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/B24946233.286791742;dc_pre=CJ-u6reHwe0CFSLBuwgdyPUATA;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 165

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 166

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 167

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 168

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 217

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pzz2rsx5c HTTP 302
https://kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 218

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pzz2rsx5c HTTP 302
https://fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net/eum/results.txt

251 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/ 524 KB
147 KB 136ms
121ms Document
text/html 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a1c415bf7900dd9ac3f47ed0b08dc8828f52e3dbf9103171d52abf54c27f207d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.zdnet.com
:scheme: https
:path: /article/hackers-hide-web-skimmer-inside-a-websites-css-files/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-type: text/html; charset=UTF-8
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
last-modified: Wed, 09 Dec 2020 13:14:13 GMT
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: c2208160-e269-44a0-8728-5a927f75bc85
x-xss-protection: 1; mode=block
date: Wed, 09 Dec 2020 13:59:13 GMT
cache-control: max-age=5400, private
expires: Wed, 09 Dec 2020 14:44:13 GMT
set-cookie: fly_geo={"countryCode": "de"}; max-age=604800; path=/; domain=.zdnet.com; Secure; fly_device=desktop; max-age=604800; path=/; domain=.zdnet.com; Secure; fly_preferred_edition=eu; path=/; domain=.zdnet.com; Secure; fly_default_edition=eu; path=/; domain=.zdnet.com; Secure;
vary: Accept-Encoding, User-Agent
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 149231

GET
H2 200 main-3b1f812b83-rev.css
zdnet1.cbsistatic.com/fly/css/core/ 352 KB
59 KB 22ms
6ms Stylesheet
text/css 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

c4df42cc9a2273c0b450ebd167bea34c77aff089fbe4ca525b009049b83877f2

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78875
vary: Accept-Encoding, Accept
content-length: 59588
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 16:03:44 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "4c704adee5080ddf62eb077fab8acc9c"
strict-transport-security: max-age=31536000
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Dec 2020 16:04:37 GMT

GET
H2 200 controls-cd88305a37-rev.css
zdnet4.cbsistatic.com/fly/css/video/htmlPlayerControls/ 19 KB
4 KB 21ms
6ms Stylesheet
text/css 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet4.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-cd88305a37-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

66e28581da77e9eb915b0f4be570443d21ce24cf25cad6756e15106ded11fd7b

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78875
vary: Accept-Encoding, Accept
content-length: 3952
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 16:03:45 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5de396421d09abe1767e123748ae9bef"
strict-transport-security: max-age=31536000
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Dec 2020 16:04:37 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 13 KB
5 KB 14ms
14ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d0d33ff3cbe6054d46a549c75a09323fc711113b82fde575003df837cb9f4e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Dec 2020 13:59:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jYDzNb7TDeiVgZ0wAySJVQ==
age: 7194
vary: Accept-Encoding
content-length: 4134
cf-request-id: 06e9659aca000064d90537a000000001
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:02 GMT
server: cloudflare
etag: 0x8D89735279FA627
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1886b72a-001e-005d-3328-c928e2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5fef3ed7ab3264d9-FRA

GET
H2 200 optanon-v1.1.0.js Show response
cmg1.cbsistatic.com/privacy/optanon/ 36 KB
36 KB 7ms
6ms Script
text/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cmg1.cbsistatic.com/privacy/optanon/optanon-v1.1.0.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=900
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Nov 2020 17:51:25 GMT
server: ContentServer
age: 2923073
etag: "46e2aa30cbebb708b5fc468d57d56d8b"
x-frame-options: SAMEORIGIN
content-type: text/javascript
cache-control: public, max-age=604800
x-content-type-options: nosniff
strict-transport-security: max-age=900
accept-ranges: bytes
content-length: 36582
x-xss-protection: 1; mode=block
expires: Thu, 05 Nov 2020 19:01:20 GMT

GET
H2 200 catalin-cimpanu.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/ 909 B
1017 B 8ms
6ms Image
image/jpeg 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/catalin-cimpanu.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7cd54b3c177c3f63dd51c2dae4ef7ca4e3cd938c1afb60e4b4e9d78df952ac75

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2569448
vary: Accept-Encoding, Accept
content-length: 871
x-xss-protection: 1; mode=block
last-modified: Fri, 21 Aug 2020 16:49:51 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"eea6e0b6dedefcdd0e40680af3f9f5c0"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Jan 2021 20:15:00 GMT

GET
H2 200 css-logo.jpg
zdnet1.cbsistatic.com/hub/i/2019/03/10/91d922e7-ee54-4234-8be6-3ae62846dcd4/ 38 KB
39 KB 7ms
6ms Image
image/jpeg 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/2019/03/10/91d922e7-ee54-4234-8be6-3ae62846dcd4/css-logo.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b2792de7d1c7ab78af9ecbc9c5ebd3d9cf9adbd8253df75167afb99ed9817d5f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
x-content-type-options: nosniff
x-goog-meta-goog-reserved-file-mtime: 1552233077
age: 2881
vary: Accept-Encoding, Accept
content-length: 39370
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 05 May 2020 00:18:34 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"cebef7a5e8b679fd8657685853f289aa"
strict-transport-security: max-age=31536000
content-language: en
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: image/jpeg
expires: Sun, 07 Feb 2021 13:11:13 GMT

GET
H2 200 require-2.1.2.js Show response
zdnet2.cbsistatic.com/fly/js/libs/ 16 KB
6 KB 8ms
6ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182440
vary: Accept-Encoding, Accept
content-length: 6169
x-xss-protection: 1; mode=block
last-modified: Fri, 04 Dec 2020 18:57:56 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "55f7a0b0c97cc7bba11a09a5707efa07"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Dec 2020 11:18:33 GMT

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame 8CE1 205 KB
50 KB 20ms
7ms Script
application/javascript 2a02:26f0:6c00:19a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:19a::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:13 GMT
Content-Encoding: br
Last-Modified: Tue, 24 Nov 2020 16:43:42 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50393

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 917 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 mag-white01.png
zdnet1.cbsistatic.com/fly/1607443238-asset/bundles/zdnetcss/images/core/ 1 KB
1 KB 6ms
6ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/fly/1607443238-asset/bundles/zdnetcss/images/core/mag-white01.png

Requested by

Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
x-content-type-options: nosniff
age: 78874
vary: Accept-Encoding, Accept
content-length: 1265
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 16:03:52 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Dec 2020 16:04:37 GMT

GET
H2 200 logo.png
zdnet1.cbsistatic.com/fly/1607443238-asset/bundles/zdnetcss/images/core/ 4 KB
4 KB 6ms
6ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/fly/1607443238-asset/bundles/zdnetcss/images/core/logo.png

Requested by

Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
x-content-type-options: nosniff
age: 78875
vary: Accept-Encoding, Accept
content-length: 4105
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 16:03:53 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Dec 2020 16:04:37 GMT

GET
H2 200 Semibold.woff2
zdnet1.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 20ms
7ms Font
font/woff2 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2

Requested by

Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.zdnet.com
Referer: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
x-content-type-options: nosniff
age: 2753844
vary: Accept-Encoding, Accept
content-length: 20344
x-xss-protection: 1; mode=block
last-modified: Thu, 05 Nov 2020 17:19:14 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Sun, 07 Nov 2021 17:00:51 GMT

GET
H2 200 Regular.woff2
zdnet1.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 18ms
6ms Font
font/woff2 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2

Requested by

Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.zdnet.com
Referer: https://zdnet1.cbsistatic.com/fly/css/core/main-3b1f812b83-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:13 GMT
x-content-type-options: nosniff
age: 6532639
vary: Accept-Encoding, Accept
content-length: 20256
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Sep 2020 15:27:12 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2d636d9395b2da27ce67040250333ca4"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Fri, 24 Sep 2021 23:15:07 GMT

GET
H2 200 e70f246a-fd9b-4805-9fd4-fcd89020aca5.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/ 3 KB
2 KB 21ms
21ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/e70f246a-fd9b-4805-9fd4-fcd89020aca5.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0844bd3c4baeabefa82df5e7dab5789c384a63f93799d25d325923c87941b79b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /OEOyq06PFOqP2wdlgJHyA==
age: 1488
vary: Accept-Encoding
content-length: 1219
cf-request-id: 06e9659b4d00002c3a68236000000001
x-ms-lease-status: unlocked
last-modified: Thu, 29 Oct 2020 19:43:56 GMT
server: cloudflare
etag: 0x8D87C42F9703542
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6713cf80-201e-010a-3869-b6873a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5fef3ed87a4e2c3a-FRA

GET
H2 200 nr-1184.min.js Show response
js-agent.newrelic.com/ 27 KB
11 KB 88ms
29ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1184.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-amz-request-id: A21809B1C987C063
x-cache: HIT
content-length: 10624
x-amz-id-2: 5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by: cache-hhn4027-HHN
last-modified: Mon, 28 Sep 2020 16:34:45 GMT
server: AmazonS3
x-timer: S1607522354.081759,VS0,VE0
etag: "3d7f312be60d08a2568e311e4762f3af"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 8759

GET
H2 200 main.default.js Show response
zdnet3.cbsistatic.com/fly/989635-fly/js/ 764 KB
230 KB 7ms
7ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d0f42d21606bd1628ac552a07b729027fdcada18e58b67c8633234cc1f161d6d

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78874
vary: Accept-Encoding, Accept
content-length: 235058
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 16:03:35 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "ca72df39208683e3bccc635d282df135"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Dec 2020 16:04:38 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 8CE1 2 KB
1 KB 46ms
35ms XHR
application/json 2a02:26f0:6c00:19a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5358408&v=1.720.0&if=&sl=0&si=b72f17f2-24e2-4636-8833-305721f7a2ad-ql2s6q&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:19a::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 2b20ea9ccf18bdef3ab660527bfbffe2ee2715386168369b242b1c6b3fe6a3f8

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 858

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 197 B
392 B 17ms
17ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b6a301ead5bcafd1e0010c62997f1468a00333e9b1a3da53bd97da888bcb4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5fef3ed89ff705d8-FRA
cf-request-id: 06e9659b64000005d83e036000000001

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.7.0/ 338 KB
72 KB 27ms
16ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.7.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1e3d87e5966b1193f8e51bec035a9de6de1c02243deb8f2b9bd280a67715112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 39GJ8QXxSjBaTmaIgt+tLg==
age: 6588
vary: Accept-Encoding
content-length: 73268
cf-request-id: 06e9659b90000064d905386000000001
x-ms-lease-status: unlocked
last-modified: Fri, 09 Oct 2020 06:35:45 GMT
server: cloudflare
etag: 0x8D86C1D8DA49AF8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1bed58e2-101e-0049-4551-b6eb86000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5fef3ed8ebaf64d9-FRA

OPTIONS
H2 200 diff
at.cbsi.com/lib/api/v1/zdnet/prod/config/ Frame 0
0 571ms
520ms Other
text/html 151.101.193.188
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.cbsi.com/lib/api/v1/zdnet/prod/config/diff

Protocol

Server

151.101.193.188 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cat,content-type,variant,version
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: *
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-cloud-trace-context: ffd369225d57f3bf3da5442e0130f70b
server: Google Frontend
accept-ranges: bytes
date: Wed, 09 Dec 2020 13:59:14 GMT
via: 1.1 varnish
x-served-by: cache-cdg20761-CDG
x-cache: MISS
x-cache-hits: 0
x-timer: S1607522354.185978,VS0,VE500
vary: Accept-Encoding, Origin
x-abtest: none
strict-transport-security: max-age=300
content-length: 8

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/6NAGEHPQTIMciZyoLrUIDQZlmus/gpt_and_prebid/ 155 KB
36 KB 91ms
29ms Script
text/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/6NAGEHPQTIMciZyoLrUIDQZlmus/gpt_and_prebid/config.js
Requested by: Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b37ea3699ff6f8c4c8edbc1e1f57bdde591af1b56e6fd0b1b4109404ef981872

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Age: 596
X-Cache: HIT
Connection: keep-alive
Content-Length: 36249
x-amz-id-2: wdziCOEfo1QvLb8agctuqinAf/RaWattd2WykF0id79AcnRk8YJh1mBPe9V3I3yic6OnmYjkLnA=
X-Served-By: cache-fra19163-FRA
Last-Modified: Wed, 09 Dec 2020 13:45:37 GMT
Server: AmazonS3
X-Timer: S1607522354.191188,VS0,VE0
ETag: "f48ff42588b05ab7086db626df918ec9"
x-amz-request-id: 8E3FE9FE9FDBB952
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 25

GET
H2 200 diff Show response
at.cbsi.com/lib/api/v1/zdnet/prod/config/ 17 KB
4 KB 21ms
20ms Fetch
application/json 151.101.193.188
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.cbsi.com/lib/api/v1/zdnet/prod/config/diff

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.188 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

4acae18e14c42f09b822234b4a1d44282152ca2c94f307361c4436d205cf6930

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
cat: KslRu2oT7
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
version: v2.20.0
variant: core
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

x-abtest: none
date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415
x-dns-prefetch-control: off
x-cache: HIT
ttl: 900s
content-length: 3746
x-xss-protection: 1; mode=block
x-served-by: cache-cdg20761-CDG
access-control-allow-origin: https://www.zdnet.com
server: Google Frontend
x-timer: S1607522355.707550,VS0,VE1
x-frame-options: SAMEORIGIN
etag: W/189feb89068d447906688e8353753503e9c0d87e
x-download-options: noopen
vary: Accept-Encoding, Origin
strict-transport-security: max-age=300
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: 494eb6965c689d8c4b8a007d174ae820
cache-control: max-age=900
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 55 KB
19 KB 136ms
46ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

539e0e86d94eab027fa175eba432b9916b7910fd66a57b911012c484e3b6ed68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "718 / 612 of 1000 / last-modified: 1607516727"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18977
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:14 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/a652efb7-f570-4ba9-a221-2753b7eb30e8/ 60 KB
14 KB 14ms
14ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/a652efb7-f570-4ba9-a221-2753b7eb30e8/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.7.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ce8d3bfed7339952b7f3a4143df2e3867ab6ea6555d95d3bd44087d4f672bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zmR4HzWDnD/K8NKWX2k29A==
age: 1354
vary: Accept-Encoding
content-length: 14179
cf-request-id: 06e9659c0300002c3a42030000000001
x-ms-lease-status: unlocked
last-modified: Thu, 29 Oct 2020 19:43:59 GMT
server: cloudflare
etag: 0x8D87C42FB4B3E93
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 49f866d8-c01e-0144-5e0a-b442df000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5fef3ed99d6c2c3a-FRA

GET
H/1.1 200
OK NRJS-04e0f5db0886b3b33ff Show response
bam-cell.nr-data.net/1/ 57 B
646 B 207ms
163ms Script
text/javascript 162.247.243.147
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRJS-04e0f5db0886b3b33ff?a=450235099&v=1184.ab39b52&to=ZFMHbUMCXktYWxJZX10ZJFpFCl9WFlkURFlQWgBmQgpeX1Vd&rst=487&ck=1&ref=https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/&ap=308&be=149&fe=317&dc=271&perf=%7B%22timing%22:%7B%22of%22:1607522353692,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:2,%22c%22:2,%22s%22:8,%22ce%22:16,%22rq%22:16,%22rp%22:136,%22rpe%22:152,%22dl%22:143,%22di%22:271,%22ds%22:271,%22de%22:271,%22dc%22:317,%22l%22:317,%22le%22:317%7D,%22navigation%22:%7B%7D%7D&fp=279&fcp=279&at=SBQQGwsYTRQbWUQKS05L&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 5fef3ed9f986ede7-CDG
cf-request-id: 06e9659c3a0000ede706829000000001
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 187ms
126ms Script
application/javascript 34.102.213.242
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://urs.zdnet.com/sdk/urs.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.213.242 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

242.213.102.34.bc.googleusercontent.com

Software

Resource Hash

fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
via: 1.1 google
last-modified: Mon, 13 Apr 2020 17:57:02 GMT
etag: "5e94a7ee-c803"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
alt-svc: clear
content-length: 51203

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.7.0/assets/ 12 KB
3 KB 25ms
24ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.7.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.7.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06b10167b8d0ac41c1b681a2cce2977f08c4bb49f3261d7ff2fce60b0e59f7c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 6g5s6eICehvPXWb9nycIcQ==
age: 2267
vary: Accept-Encoding
content-length: 3328
cf-request-id: 06e9659c3400002c3a3f1be000000001
x-ms-lease-status: unlocked
last-modified: Fri, 09 Oct 2020 06:35:38 GMT
server: cloudflare
etag: 0x8D86C1D890DBAF3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 6f0ee0a3-601e-0046-6d17-b30670000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5fef3ed9ee712c3a-FRA

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/6.7.0/assets/v2/ 45 KB
11 KB 27ms
27ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.7.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.7.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c269c820bb1f57a535cbc2b61ddbd902ef33364e5fd1f827ecaccbd1831c1d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: VdPW9mUL+ZgJ7oO59gDKyw==
age: 4425
vary: Accept-Encoding
content-length: 11094
cf-request-id: 06e9659c3700002c3a509e2000000001
x-ms-lease-status: unlocked
last-modified: Fri, 09 Oct 2020 06:35:40 GMT
server: cloudflare
etag: 0x8D86C1D8A75F320
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 743ef2b2-401e-0037-71d4-b47449000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 5fef3ed9ee742c3a-FRA

GET
H2 200 mpulse-1.0.2.js Show response
zdnet1.cbsistatic.com/fly/js/libs/ 61 KB
12 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447573
vary: Accept-Encoding, Accept
content-length: 12449
x-xss-protection: 1; mode=block
last-modified: Thu, 03 Dec 2020 22:48:05 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "1488465d54b9d0966b8cf9adc27ef39f"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Dec 2020 09:39:40 GMT

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gpt/202012081025/ 188 KB
57 KB 31ms
30ms Script
application/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/6NAGEHPQTIMciZyoLrUIDQZlmus/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dae02973b03903eee0fcf4bf27fdcac25fd7c30646d780f874430cdbdde68609

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Age: 741
X-Cache: HIT
Connection: keep-alive
Content-Length: 57460
x-amz-id-2: DVVdTUOcie7xfRpxxpG8Pu2KY9d7bg8cO9y8Tgd94YB1gHvcYsXRzLnetgLny1MOLKp7U3THCgk=
X-Served-By: cache-fra19163-FRA
Last-Modified: Tue, 08 Dec 2020 16:26:19 GMT
Server: AmazonS3
X-Timer: S1607522354.277927,VS0,VE0
ETag: "c61c6075f327ea2770d16cba36bd76bf"
x-amz-request-id: EB237A9978B2FE02
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 472

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/202012081025/ 78 KB
26 KB 84ms
34ms Script
application/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/202012081025/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/6NAGEHPQTIMciZyoLrUIDQZlmus/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dde887d344b95d356af5e8d8cc053adf7897ce838f1989bbb766ec67b644c7ad

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Age: 792
X-Cache: HIT
Connection: keep-alive
Content-Length: 26057
x-amz-id-2: vhxzxLeC1R3w17iA7SQIxpK+oQ9rMFdSJOLfnLqLRVLzYhQvFJII9Z+dp2UWC9ztYG+M1o8c9Vs=
X-Served-By: cache-fra19163-FRA
Last-Modified: Tue, 08 Dec 2020 16:26:21 GMT
Server: AmazonS3
X-Timer: S1607522354.327140,VS0,VE0
ETag: "8239a7da421fdc9f32eb912c364f44a6"
x-amz-request-id: 6MCZ2T9QFN4SAT3Y
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 580

GET
H2 200 cohesion-latest.min.js Show response
cdn.cohesionapps.com/cohesion/ 53 KB
15 KB 114ms
45ms Script
application/javascript 13.35.254.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.254.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0a5863d133ab335ff4117ab10b0d27c46f2af0617fabf4bddc05f4b03a8d6224

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: "8a2fd5356221e89e2c21fd93f461eedf"
last-modified: Tue, 08 Dec 2020 13:02:05 GMT
server: AmazonS3
age: 1784
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
date: Wed, 09 Dec 2020 13:29:31 GMT
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: kEmnCqpkgYBBn1Mlg4l2Kt76W42Kg81mElDKbrm5dGyVUfOM0grKGw==

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.7.0/otBannerSdk.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4195) /
Resource Hash: 2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 1232
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28698
x-tw-cdn: VZ
Last-Modified: Thu, 01 Oct 2020 21:52:09 GMT
Server: ECS (fcn/4195)
Etag: "a671d4d584ef50954e5cebb21da17065+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 ;ord=1607522354358
ad.doubleclick.net/ddm/ad/lqionmdepp/vnis/vvrlkizwj/ 43 B
632 B 130ms
54ms Image
image/gif 172.217.22.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/ad/lqionmdepp/vnis/vvrlkizwj/;ord=1607522354358?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s16-in-f6.1e100.net

Software

cafe /

Resource Hash

9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 44ms
43ms XHR
application/json 2a02:26f0:6c00:19a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1607522354446&s=110c285ac1e41641867a5ac5b58b479c105572ccc7cf17e24ae9e6612c8531c4
Requested by: Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:19a::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 81df676412dc48b4a04b9b8aa38c14673f3ec0fcc05af5d1491ea88b66d4b731

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 801

GET
H3-Q050 200 pubads_impl_2020120701.js Show response
securepubads.g.doubleclick.net/gpt/ 279 KB
98 KB 100ms
54ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

9ff097bb2a8986d45348ac893bede5cafd713e7164381c9a5e8f4f7aef9e30bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 Dec 2020 09:43:40 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100415
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:14 GMT

GET
H/1.1 200
OK widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html
platform.twitter.com/widgets/ Frame EB6E 0
0 8ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fwww.zdnet.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41A9) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1281342
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 09 Dec 2020 13:59:14 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Thu, 01 Oct 2020 21:50:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41A9)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H2 200 article-1814976a2c-rev.js Show response
zdnet4.cbsistatic.com/fly/js/pages/ 145 KB
38 KB 15ms
12ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet4.cbsistatic.com/fly/js/pages/article-1814976a2c-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

46808371fd0d953a90516d8d73b661b2fbf3d1709b7be3ac38bba82661772b11

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 486609
vary: Accept-Encoding, Accept
content-length: 39118
x-xss-protection: 1; mode=block
last-modified: Thu, 03 Dec 2020 22:48:11 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "76349dad716bf9a6e1f7f98b2ab42449"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 22:49:05 GMT

OPTIONS
H2 200 t
make.cohesionapps.com/v1/ Frame 0
0 303ms
98ms Other 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Protocol: H2
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
make.cohesionapps.com/v1/ Frame 0
0 301ms
99ms Other 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Protocol: H2
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
make.cohesionapps.com/v1/ 91 B
223 B 122ms
121ms XHR
application/json 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash: b83f47192968845203ba2cd5fe212c2625bc4229f3423494af6c71b5bb9c693d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:14 GMT
access-control-allow-credentials: true
content-length: 91
vary: Origin
content-type: application/json

POST
H2 200 t Show response
make.cohesionapps.com/v1/ 92 B
224 B 121ms
121ms XHR
application/json 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash: ef5c24ffc916dfb93a08ffee2e522d8a8308cc02bc6a7c875693f25195eab52e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:14 GMT
access-control-allow-credentials: true
content-length: 92
vary: Origin
content-type: application/json

GET
H2 200 xs1.html
cdn.cohesionapps.com/cohesion/ Frame 01E9 0
0 33ms
28ms Document
text/html 13.35.254.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.254.118 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-254-118.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: cdn.cohesionapps.com
:scheme: https
:path: /cohesion/xs1.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

content-type: text/html
last-modified: Tue, 08 Dec 2020 13:02:05 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: gzip
date: Wed, 09 Dec 2020 13:02:12 GMT
etag: "10b2c1751c2247b1aeccc91060f971cf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: fOiCLAnZOWxqnKORqKFNTZi8st3mbKZEGV31UgVobINxkdxTRcBbcg==
age: 3423

GET
H/1.1 200
OK horizon_tweet.716ef7f4c155526f8ec8e60dbd2fbf56.js Show response
platform.twitter.com/js/ 6 KB
3 KB 9ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.716ef7f4c155526f8ec8e60dbd2fbf56.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4188) /
Resource Hash: b8e8fe9b8ca280dc3c982691064e62ba97c8f2c192a17dfe74430c7cf73cb4de

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 21:49:51 GMT
Server: ECS (fcn/4188)
Age: 1281341
Etag: "15d6bf68a8d65b293e52ddc833724ed4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2195

GET
H2 200 CBSI-PLAYER.js Show response
vidtech.cbsinteractive.com/uvpjs/0.42.297/ 1 MB
281 KB 27ms
6ms Script
application/javascript 2a04:4e42:3::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidtech.cbsinteractive.com/uvpjs/0.42.297/CBSI-PLAYER.js
Requested by: Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
via: 1.1 varnish, 1.1 varnish
age: 4168999
x-cache: HIT, HIT
content-encoding: gzip
content-length: 286838
x-amz-id-2: n53ElNB5hVnkR9qh4cUlg2SOjOhm/ieDwTiWMKEbKvjjvzF40ZAJ27jUeh6G5dcSTKOWVVqV9Rw=
x-served-by: cache-dca17740-DCA, cache-fra19131-FRA
last-modified: Fri, 01 Feb 2019 18:20:56 GMT
server: AmazonS3
x-timer: S1607522355.595528,VS0,VE0
etag: "eb5dd4ed3dcb7641ebbcb604d7ddb038"
vary: Accept-Encoding
x-amz-request-id: 798034E8713D8B8D
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2, 3

GET
H/1.1 200
OK index.html
platform.twitter.com/embed/ Frame 9AF5 0
0 43ms
42ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=ZDNet&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1336616035382857730&lang=en&origin=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&siteScreenName=ZDNet&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4195) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 400
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Wed, 09 Dec 2020 13:59:14 GMT
Etag: "926a30878e3bd5d4f4fe2bb443f263be"
Last-Modified: Tue, 24 Nov 2020 18:00:07 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4195)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 577

GET
H2 200 / Show response
www.zdnet.com/components/breaking-news/xhr/ 1 KB
661 B 117ms
116ms XHR
application/json 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f7f2bdc0e7fe5869f190423c30b3b48778f5d099ed37a35c46933eded6b65f29

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 09 Dec 2020 13:38:51 GMT
x-frame-options: SAMEORIGIN
date: Wed, 09 Dec 2020 13:59:14 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
vary: Accept-Encoding, User-Agent
x-tx-id: f2f99622-5a9f-4a79-82be-83d5418d2f58
content-type: application/json
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Wed, 09 Dec 2020 15:08:51 GMT

GET
H2 200 sansec-css.jpg
zdnet3.cbsistatic.com/hub/i/2020/12/09/7a328e34-e017-4002-ab3c-08c75db84507/ 17 KB
17 KB 7ms
6ms Image
image/jpeg 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/2020/12/09/7a328e34-e017-4002-ab3c-08c75db84507/sansec-css.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d74467262a603ab3b6167db0b5ae6d44265525884fb16980fad00a892fe70bec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
x-goog-meta-imagewidth: 983
age: 2860
x-goog-meta-imageheight: 139
x-goog-meta-imageformat: jpeg
vary: Accept-Encoding, Accept
content-length: 17378
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Dec 2020 13:10:12 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"224ad395b16d1d2f163e5ce1575e52e1"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-meta-contentlength: 17378
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Feb 2021 13:11:35 GMT

GET
H2 200 image-gallery-modal-426b98fe1d-rev.js Show response
zdnet1.cbsistatic.com/fly/js/components/ 5 KB
2 KB 8ms
7ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/js/components/image-gallery-modal-426b98fe1d-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

744ae87db00be85a6a482a3e8036f81aafaa7754be29b05a2330d0fbc8fea803

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 500109
vary: Accept-Encoding, Accept
content-length: 1860
x-xss-protection: 1; mode=block
last-modified: Thu, 03 Dec 2020 18:01:23 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "0830a3390a934a57fd74c4b7955c5533"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 19:04:04 GMT

GET
H2 200 06-intel.png
zdnet4.cbsistatic.com/hub/i/r/2019/06/20/e9c14ebf-b511-4725-b6ce-621dc6da232d/thumbnail/170x128/dcf44c742e8ed3620dcb4716f96722d6/ 9 KB
9 KB 11ms
6ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/06/20/e9c14ebf-b511-4725-b6ce-621dc6da232d/thumbnail/170x128/dcf44c742e8ed3620dcb4716f96722d6/06-intel.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

cd12114dec47fbc56b33e78544e9d3695c63f4b93f692403c57ea8a5ed544f30

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2568767
vary: Accept-Encoding, Accept
content-length: 9142
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Sep 2020 23:28:16 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"8b8eb8979f068a1ee48ceb5002b49922"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Jan 2021 20:26:27 GMT

GET
H2 200 07-airbnb.png
zdnet4.cbsistatic.com/hub/i/r/2019/06/20/5fa78f82-c140-44e3-ab9a-06d07fe54cc7/thumbnail/170x128/f81cbd7de882e757e3eda15bacf3b50c/ 11 KB
11 KB 10ms
5ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/06/20/5fa78f82-c140-44e3-ab9a-06d07fe54cc7/thumbnail/170x128/f81cbd7de882e757e3eda15bacf3b50c/07-airbnb.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b6a88cbbd9bd92273409ea0a0c41fe6ce99e9c2e1cbf0dbacdd75104cab661be

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2568710
vary: Accept-Encoding, Accept
content-length: 11078
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Sep 2020 23:28:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"fa9d322b6bdffb99a6ec989e46d99c9a"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Jan 2021 20:26:28 GMT

GET
H2 200 08-ubiquiti.png
zdnet2.cbsistatic.com/hub/i/r/2019/06/20/294ec80f-9f4f-45f2-b281-9886330f77f0/thumbnail/170x128/fd92f735cc5a916fa38cd4d337f640f0/ 11 KB
11 KB 9ms
5ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/r/2019/06/20/294ec80f-9f4f-45f2-b281-9886330f77f0/thumbnail/170x128/fd92f735cc5a916fa38cd4d337f640f0/08-ubiquiti.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

eed4ffa6bd7fa3ab0bf001674e5c7946c54bd8c6eefd4b10ce29c697d4f04a21

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 1934174
vary: Accept-Encoding, Accept
content-length: 11036
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Sep 2020 23:28:16 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"06b6686565a19741ab93316afff3c9dc"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Jan 2021 04:32:23 GMT

GET
H2 200 09-valve.png
zdnet1.cbsistatic.com/hub/i/r/2019/06/20/729d125f-6308-4465-bfbc-2ce9488da8c6/thumbnail/170x128/9169587c28d6882ef99244e62210f265/ 11 KB
11 KB 11ms
6ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/06/20/729d125f-6308-4465-bfbc-2ce9488da8c6/thumbnail/170x128/9169587c28d6882ef99244e62210f265/09-valve.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b56f149b1992f2c661b3901a0713021aa15eb73c19b94f19e763d588f839121e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 2356720
vary: Accept-Encoding, Accept
content-length: 10765
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Sep 2020 23:28:16 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"1632080bf6daff8fb08c28b9a2328398"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Jan 2021 06:41:07 GMT

GET
H2 200 10-gitlab.png
zdnet1.cbsistatic.com/hub/i/r/2019/06/20/bbf4be25-a115-4e8a-ab6c-2be69510ff93/thumbnail/170x128/98f8cb1fddf543665726b10003308f16/ 12 KB
12 KB 12ms
7ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/06/20/bbf4be25-a115-4e8a-ab6c-2be69510ff93/thumbnail/170x128/98f8cb1fddf543665726b10003308f16/10-gitlab.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

08bd27b9e3833308d8ffd4820a1b53a2ac3f56483271417f05025f340647a7d9

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2568911
vary: Accept-Encoding, Accept
content-length: 12056
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Sep 2020 23:28:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"76a6a94d6b203c7588a37dde7cc3550e"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Jan 2021 20:26:27 GMT

GET
H2 200 disqus-loader-e3cab293df-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 1 KB
825 B 7ms
6ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/disqus-loader-e3cab293df-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

2b1068aa007abf0e405b0840844c67718204a0073dc392337d78427a0dba6854

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94493
vary: Accept-Encoding, Accept
content-length: 667
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 10:29:44 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "62721f7ffb46feece3726ec7e8fa6d89"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Dec 2020 11:44:21 GMT

GET
H2 200 gionee.png
zdnet1.cbsistatic.com/hub/i/r/2020/12/09/ff4b8219-e0d6-46c9-898c-c4bae0f8af0e/thumbnail/170x128/3dfa5872674b2c25ada08701decac7ea/ 26 KB
26 KB 11ms
6ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2020/12/09/ff4b8219-e0d6-46c9-898c-c4bae0f8af0e/thumbnail/170x128/3dfa5872674b2c25ada08701decac7ea/gionee.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

23aa4be6930fc2ce054bf82114fbabd45a0469faef9aed850250c1b031914c5c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 40723
vary: Accept-Encoding, Accept
content-length: 26206
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Dec 2020 02:40:27 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"758dea024bc6e0464c4ba7e0c23632a7"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Feb 2021 02:40:28 GMT

GET
H2 200 fireeye.png
zdnet1.cbsistatic.com/hub/i/r/2020/12/08/32949fb2-f3e0-4de3-822d-78607d3a9d70/thumbnail/170x128/317c49714d2c3c5fc9d79cd3807316f5/ 24 KB
24 KB 11ms
7ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2020/12/08/32949fb2-f3e0-4de3-822d-78607d3a9d70/thumbnail/170x128/317c49714d2c3c5fc9d79cd3807316f5/fireeye.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3b9d8639772adaa69d76f665d1b030976897c238f8f80c9e2f6a4cb6bd45226a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 57844
vary: Accept-Encoding, Accept
content-length: 24218
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 21:55:09 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"73a8ec509b03c821a0eae2e3f9d06469"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Feb 2021 21:55:10 GMT

GET
H2 200 microsoft-cryptography-encryption.png
zdnet4.cbsistatic.com/hub/i/r/2020/01/14/efdb94c3-8524-4692-9a8b-8553ec28eb3e/thumbnail/170x128/2fb6e03e9d0c066bbf8b0777ec1269f3/ 38 KB
39 KB 12ms
7ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2020/01/14/efdb94c3-8524-4692-9a8b-8553ec28eb3e/thumbnail/170x128/2fb6e03e9d0c066bbf8b0777ec1269f3/microsoft-cryptography-encryption.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f54a769fcfcac34a91240c7bb0e30a1f88c7ac35082fa8bcaa501f202f4b6dd5

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 69270
vary: Accept-Encoding, Accept
content-length: 39275
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Sep 2020 05:50:12 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"ca55e9d19bcf4a9d61148af2057d8ab3"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Feb 2021 18:44:44 GMT

GET
H2 200 ge-healthcare.jpg
zdnet3.cbsistatic.com/hub/i/r/2020/12/07/994a04f9-d422-4b96-a06c-a1d79b382948/thumbnail/170x128/76fefd5d3d50cfeb8eb1e5e7d10564a1/ 3 KB
3 KB 12ms
8ms Image
image/jpeg 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2020/12/07/994a04f9-d422-4b96-a06c-a1d79b382948/thumbnail/170x128/76fefd5d3d50cfeb8eb1e5e7d10564a1/ge-healthcare.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d11c8f0c92bdc6962b7c34ca3f680b45ba9696060e669524254e3113989c361f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 75534
vary: Accept-Encoding, Accept
content-length: 2638
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 17:00:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"6f61e2b97cb03f9fe522cdf6d52d5a51"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Feb 2021 17:00:26 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
888 B 153ms
150ms XHR
application/json 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

53acd73b82f849ea5fd65fc6be8ae76921e250f3eabb07009387216b9ceab567

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
date: Wed, 09 Dec 2020 13:59:14 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
x-frame-options: SAMEORIGIN
x-tx-id: 69029441-15ab-4a16-b42d-4175ff51898f
content-type: application/json
cache-control: no-cache
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block

GET
H2 200 front-door-carousel-d989216481-rev.js Show response
zdnet1.cbsistatic.com/fly/js/components/ 5 KB
2 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/js/components/front-door-carousel-d989216481-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0aa48808ddef7604ba969db62e4af3a2ba001b7a8751823cf0ab2d430308ea5

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 500279
vary: Accept-Encoding, Accept
content-length: 1542
x-xss-protection: 1; mode=block
last-modified: Thu, 03 Dec 2020 18:01:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "c2713480e5ba946df9474badf8ec3a5a"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 19:01:15 GMT

GET
H2 200 screenshot-2020-12-09-at-07-01-33.png
zdnet3.cbsistatic.com/hub/i/r/2020/12/09/6ac85de7-f488-4eec-8bd6-42de955663f2/thumbnail/170x128/59c4f5bbcbe1348ef631ce9cb0ea085e/ 42 KB
42 KB 7ms
7ms Image
image/png 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2020/12/09/6ac85de7-f488-4eec-8bd6-42de955663f2/thumbnail/170x128/59c4f5bbcbe1348ef631ce9cb0ea085e/screenshot-2020-12-09-at-07-01-33.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

012e5b88dad4652bf27c941961fbfeb1e0d7babb3d9bbfe275a67c1f9328dba4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 11868
vary: Accept-Encoding, Accept
content-length: 43103
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Dec 2020 10:41:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"1d01c49626cb373638fbe8f6c695412e"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Feb 2021 10:41:26 GMT

OPTIONS
H2 200 t
make.cohesionapps.com/v1/ Frame 0
0 103ms
102ms Other 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Protocol: H2
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
make.cohesionapps.com/v1/ Frame 0
0 103ms
103ms Other 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Protocol: H2
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
make.cohesionapps.com/v1/ 91 B
223 B 104ms
104ms XHR
application/json 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash: 1ab0fc3f878b42fc04e9f47977ad87ff511315c5350ae32bfb9ddbff64632ffa

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:14 GMT
access-control-allow-credentials: true
content-length: 91
vary: Origin
content-type: application/json

POST
H2 200 t Show response
make.cohesionapps.com/v1/ 92 B
224 B 133ms
133ms XHR
application/json 34.206.27.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://make.cohesionapps.com/v1/t
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.27.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-27-228.compute-1.amazonaws.com
Software: /
Resource Hash: 8998f538f8666274a4a87ad65aa9d5247e9e4455bf588d32d89917b4cddcf4ac

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:14 GMT
access-control-allow-credentials: true
content-length: 92
vary: Origin
content-type: application/json

GET
H2 200 sansec-css.jpg
zdnet3.cbsistatic.com/hub/i/2020/12/09/7a328e34-e017-4002-ab3c-08c75db84507/ 17 KB
17 KB 6ms
6ms Image
image/jpeg 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/2020/12/09/7a328e34-e017-4002-ab3c-08c75db84507/sansec-css.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d74467262a603ab3b6167db0b5ae6d44265525884fb16980fad00a892fe70bec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
x-goog-meta-imagewidth: 983
age: 2860
x-goog-meta-imageheight: 139
x-goog-meta-imageformat: jpeg
vary: Accept-Encoding, Accept
content-length: 17378
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Dec 2020 13:10:12 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"224ad395b16d1d2f163e5ce1575e52e1"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-meta-contentlength: 17378
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Feb 2021 13:11:35 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2020/12/09/ff4b8219-e0d6-46c9-898c-c4bae0f8af0e/thumbnail/170x128/3dfa5872674b2c25ada08701decac7ea/gionee.png

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

23aa4be6930fc2ce054bf82114fbabd45a0469faef9aed850250c1b031914c5c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 40723
vary: Accept-Encoding, Accept
content-length: 26206
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Dec 2020 02:40:27 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"758dea024bc6e0464c4ba7e0c23632a7"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Feb 2021 02:40:28 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2020/01/14/efdb94c3-8524-4692-9a8b-8553ec28eb3e/thumbnail/170x128/2fb6e03e9d0c066bbf8b0777ec1269f3/microsoft-cryptography-encryption.png

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f54a769fcfcac34a91240c7bb0e30a1f88c7ac35082fa8bcaa501f202f4b6dd5

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 69270
vary: Accept-Encoding, Accept
content-length: 39275
x-xss-protection: 1; mode=block
last-modified: Thu, 10 Sep 2020 05:50:12 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"ca55e9d19bcf4a9d61148af2057d8ab3"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Feb 2021 18:44:44 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2020/12/08/32949fb2-f3e0-4de3-822d-78607d3a9d70/thumbnail/170x128/317c49714d2c3c5fc9d79cd3807316f5/fireeye.png

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3b9d8639772adaa69d76f665d1b030976897c238f8f80c9e2f6a4cb6bd45226a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 57844
vary: Accept-Encoding, Accept
content-length: 24218
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 21:55:09 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"73a8ec509b03c821a0eae2e3f9d06469"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Feb 2021 21:55:10 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2020/12/07/994a04f9-d422-4b96-a06c-a1d79b382948/thumbnail/170x128/76fefd5d3d50cfeb8eb1e5e7d10564a1/ge-healthcare.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d11c8f0c92bdc6962b7c34ca3f680b45ba9696060e669524254e3113989c361f

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 75534
vary: Accept-Encoding, Accept
content-length: 2638
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Dec 2020 17:00:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"6f61e2b97cb03f9fe522cdf6d52d5a51"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Feb 2021 17:00:26 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2020/12/09/6ac85de7-f488-4eec-8bd6-42de955663f2/thumbnail/170x128/59c4f5bbcbe1348ef631ce9cb0ea085e/screenshot-2020-12-09-at-07-01-33.png

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

012e5b88dad4652bf27c941961fbfeb1e0d7babb3d9bbfe275a67c1f9328dba4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:14 GMT
x-content-type-options: nosniff
age: 11868
vary: Accept-Encoding, Accept
content-length: 43103
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Dec 2020 10:41:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"1d01c49626cb373638fbe8f6c695412e"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Feb 2021 10:41:26 GMT

GET
H/1.1 204
No Content / Show response
684dd305.akstat.io/ 0
354 B 43ms
27ms XHR
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd305.akstat.io/?h.pg=article&when=1607522354767&cdim.Site_View=desktop&t_other=custom4%7C146&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=66097649e6d36cdb72396847f88bef48193f1159&h.t=1607522354467&http.initiator=api&rt.start=api&rt.si=65034bd6-0865-4bcd-b353-4e8a5847c71f&rt.ss=1607522355199&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1

Requested by

Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:14 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Wed, 09 Dec 2020 13:59:14 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/cbsprebidheader506831276743/ 227 KB
78 KB 97ms
36ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Requested by: Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 602fab312dd82ffb14508d0e186e809e1e27c55a6e62adf5769a9318dc84ce2f

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:33:52 GMT
server: AmazonS3
x-amz-request-id: A116A0BCFEB1ED44
etag: "6854e8f5c7ee7172d6d2fe20d9d27f10"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=61830
accept-ranges: bytes
content-length: 79827
x-amz-id-2: LrxYof5YTsukS1I7ly5TdwlPH99cfVt8CYvHzVznL7pj2PV98+XZEE53Pk1mD0xi4vrfs+IGyw4=

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 109 B
803 B 36ms
15ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 36ms
16ms Script
application/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 215 KB
38 KB 512ms
512ms XHR
text/plain 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=235808809988837&correlator=4128587370320216&output=ldjh&impl=fifs&eid=21069708%2C21068812&vrg=2020120701&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201209&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=5x5%2C728x90%7C970x250%7C970x66%2C300x250%7C300x600%7C300x1050%2C300x250%2C371x771%2C320x50%7C11x11%2C300x250%2C728x90%7C970x250%7C970x66&fluid=0%2C0%2C0%2C0%2C0%2Cheight%2C0%2C0&prev_scp=pos%3Dnav%26sl%3Dnav-ad%253FT-1000%7Cpos%3Dtop%26sl%3Dleader-plus-top%253FT-1000%7Cpos%3Dtop%26sl%3Dmpu-plus-top%253FT-1000%7Cpos%3Dmiddle%26sl%3Dmpu-middle%253FT-1000%7Cpos%3Dtop%26sl%3Ddynamic-showcase-top%253FT-1000%7Cpos%3Dtop%26strnativekey%3D8ec3a4f3%26sl%3Dsharethrough-top%253FT-1000%7Cpos%3Dbottom%26sl%3Dmpu-bottom%253FT-1000%7Cpos%3Dbottom%26sl%3Dleader-plus-bottom%253FT-1000&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cdeveloper%26tag%3Dcms%26pid%3Dhosa-css%252Ccisco-css%26prodtype%3Dcards%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dhackers-hide-web-skimmer-inside-a-websites-css-files%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Duk%26subses%3D5%26session%3Da%26pv%3D1%26vguid%3D69395634-6539-4fe4-bf44-f0eb77a4e48d&cookie_enabled=1&bc=31&abxe=1&lmt=1607519653&dt=1607522355061&dlt=1607522353835&idt=940&frm=20&biw=1600&bih=1200&oid=3&adxs=0%2C-20%2C1050%2C1050%2C1015%2C215%2C1050%2C436&adys=0%2C365%2C485%2C2512%2C1711%2C1622%2C3394%2C3941&adks=2072725681%2C3581870410%2C1925781520%2C3289239044%2C3970605601%2C2484431570%2C3509234736%2C519614694&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x4400%7C1600x90%7C370x250%7C370x250%7C370x771%7C770x11%7C370x250%7C1210x90&msz=1600x5%7C1600x90%7C370x250%7C370x250%7C370x771%7C770x11%7C370x250%7C1210x90&ga_vid=144417116.1607522355&ga_sid=1607522355&ga_hid=1446691362&fws=4%2C4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

bc51619cf2b5baa2efe360987415bc94058e23bfa66ba7482c2764e14cd67303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38226
x-xss-protection: 0
google-lineitem-id: 5536907755,-1,-1,-1,4825966980,4745189935,-1,5467211422
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138330866815,-1,-1,-1,138247024569,138239344481,-1,138322013913
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
bea333179fc92527b1d28d0071386440.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 50ms
14ms Other
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://bea333179fc92527b1d28d0071386440.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 26ms
6ms Other
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
1 KB 143ms
143ms XHR
application/json 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/989635-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

90c131e200bcdfbaa55486dbe5d0882f918237f52973d2246fdece0fccdb8aa8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
date: Wed, 09 Dec 2020 13:59:15 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
x-frame-options: SAMEORIGIN
x-tx-id: e38d8a15-f70c-4821-9658-93f5c457c5a6
content-type: application/json
cache-control: no-cache
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block

GET
H2 200 show-hide-1.0-7bf562809f-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 2 KB
857 B 8ms
6ms Script
application/javascript 2a04:4e42:1b::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/show-hide-1.0-7bf562809f-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 538842
vary: Accept-Encoding, Accept
content-length: 671
x-xss-protection: 1; mode=block
last-modified: Tue, 01 Dec 2020 17:26:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "1c8ce85d6bd0ad6228f0b265a2eeb2b1"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 08:18:32 GMT

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 283 B
458 B 135ms
48ms Script
text/html 52.212.177.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&callback=MoatNadoAllJsonpRequest_90847229
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.177.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-177-60.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: b337eb7225defc9d923988e2ea5cc1001b8b76bc765e5ce321a017a7c702d7d9

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "a29d65abd764cc0975ca8efc6b116885a4df205b"
content-length: 283
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 126 B
300 B 140ms
52ms Script
text/html 52.212.177.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&i=CBS_PREBID_HEADER1&hp=1&wf=1&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1607522355150&de=186008198974&rx=228977579066&m=0&ar=a63e245-clean&iw=b2c8261&q=1&cb=0&cu=1607522355150&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=undefined&bd=undefined&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A279%3A279%3A317%3A271&fs=186589&na=304394288&cs=0&callback=DOMlessLLDcallback_90847229
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.177.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-177-60.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: c2e70fffd1703183d4c7fd5a2ef5b52bc16bfbfacaab0d8686c43166e0e450b7

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "3e381e80a19f389cd3af9441775e9e134de51e6f"
content-length: 126
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 127 B
302 B 133ms
46ms Script
text/html 52.212.177.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&i=CBS_PREBID_HEADER1&hp=1&wf=1&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1607522355150&de=186008198974&rx=228977579066&m=0&ar=a63e245-clean&iw=b2c8261&q=2&cb=0&cu=1607522355150&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=undefined&bd=undefined&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A279%3A279%3A317%3A271&fs=186589&na=253350673&cs=0&callback=MoatDataJsonpRequest_90847229
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.177.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-177-60.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: f835c82d786b060f757effaeb7b6e8e8f9cec6e389ba1181c419742b01331795

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "63d08e635b580bb34cf4a00af8457d40301e6450"
content-length: 127
content-type: text/html; charset=UTF-8

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 31ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&t=1607522355150&de=164229831465&d=CBS_PREBID_HEADER1%3ADesktop%3A-%3A-&i=YIELD_INTELLIGENCE_INTERNAL1&ar=a63e245-clean&iw=b2c8261&zMoatRendered=0&zMoatSlotTargetingLoaded=0&zMoatSlotTargetingSet=0&zMoatPageDataTargetingSet=0&zMoatSafetyTargetingSet=0&zMoatEmptySlot=0&zMoatNadoDataLoadTime=Not%20Loaded&zMoatAllDataLoadTime=Not%20Loaded&bo=zdnet.com&bd=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&ac=1&bq=11&f=0&na=1432374402&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:15 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H2 200 bcn
www.summerhamster.com/ 43 B
182 B 107ms
33ms Image
image/gif 52.28.196.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.summerhamster.com/bcn?fe=1607522355360&y=2.0.1105&elg=839471260&flg=68&x=zzz.cgqhw.frp%2Fduwlfoh%2Fkdfnhuv-klgh-zhe-vnlpphu-lqvlgh-d-zhevlwhv-fvv-ilohv%2F&vqwo=1&deo=0&g0=vg%3A%3Aer%2Cxd%3A%3Aqexd%3A%3Aqsu%7Cvg%3A%3Ask%3A%3Aqsk%3A%3Aqsu%7Cgisl%3A%3Alp%2Clqi%2Cqh%3A%3Aqoe%3A%3Aqsu%3A%3Axuo%3D%2F%2Fdg.grxeohfolfn.qhw%2Fggp%2Fdg%2Fotlrqpghss%2Fyqlv%2Fyyuonlczm%2F%3Brug%3D1607522354358%3F%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cddg%2Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.des_re_halvw%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Csu%3A%3Aid%3A%3Auivv%3A%3Aqsu&hu=0&g2=0%3A%3A0%3A%3A0%3A%3A0%3A%3A0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.196.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-196-64.eu-central-1.compute.amazonaws.com
Software: Jetty(9.2.10.v20150310) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
server: Jetty(9.2.10.v20150310)
content-length: 43
access-control-allow-methods: *
content-type: image/gif

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 20AF 0
0 44ms
43ms Fetch
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssaXZrjzqe9xJumPUf2W-dqqh39Zp4YAk6MLGvvxeJ1NC78TSR-48aBKSTHuFW-MTr1M3vkJUfn6ZrB24gyAQydoD_9Yl8J1lVIwsi0fGEu3mUyKmCwyYkgMbZ6D-IiJaVdXp9KPKkG2TZ61nl3xsDTluB_5ruw2LhunUOZ1xJBpNkfq8AZbHv1G0IwIV7A9b_mRtAp121llcUuAQta1pQwG-xVVU6NViV8bI5NrykAddHet6xjDpEjxZZF77JioP6Y0u9QFXYzBJXCdg&sig=Cg0ArKJSzAPpm6UizXVIEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 ad.js Show response
clipcentric-a.akamaihd.net/ad/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/ Frame 20AF 135 KB
37 KB 399ms
320ms Script
text/javascript 2.16.177.50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://clipcentric-a.akamaihd.net/ad/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/ad.js?q=1604705524
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.177.50 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-177-50.deploy.static.akamaitechnologies.com
Software: Apache/2.2.34 /
Resource Hash: 6f61194871255096b51c078ecffd02a93699b2cda3bc71c8c48cea2a5511a5b2

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: br
last-modified: Thu Jan 1 00:00:00 1970
server: Apache/2.2.34
cache-control: max-age=3600
content-length: 37902
content-type: text/javascript

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 20AF 76 KB
29 KB 36ms
16ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29426
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 20AF 320 KB
107 KB 30ms
30ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:24:39 GMT
server: AmazonS3
x-amz-request-id: A1A0B3F940F1DAC9
etag: "6a6dcf414007d90f491fd34c0ded6f44"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56936
accept-ranges: bytes
content-length: 108768
x-amz-id-2: UR43//usmS5qM1+drhO+VGGwyXg2cnXCFBwLWVAMph1p2VgbAm2TDGDUM47RWoyL9kOfX+yVfbU=

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 26B5 180 KB
51 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 127324
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Tue, 08 Dec 2020 02:37:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Dec 2021 02:37:11 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 26B5 13 KB
5 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 26B5 90 KB
27 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:50 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 26B5 3 KB
1 KB 39ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 26B5 41 KB
13 KB 37ms
13ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445296
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:39 GMT

GET
DATA 200
OK truncated
/ Frame 26B5 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75a04d5ba97483d6d20c1a26bfe8d96a69d19ff3782670b43a361062e45c3bae

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

200

B24946233.286791742;dc_pre=CJ-u6reHwe0CFSLBuwgdyPUATA;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/ Frame 20AF
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/B24946233.286791742;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/B24946233.286791742;dc_pre=CJ-u6reHwe0CFSLBuwgdyPUATA;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_fo...

42 B
76 B

55ms
53ms

Image
image/gif

172.217.22.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/B24946233.286791742;dc_pre=CJ-u6reHwe0CFSLBuwgdyPUATA;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s16-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N7384.3861580VIACOMCBS/B24946233.286791742;dc_pre=CJ-u6reHwe0CFSLBuwgdyPUATA;dc_trk_aid=480369388;dc_trk_cid=140485965;ord=1803274646;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 17072390809368823545
tpc.googlesyndication.com/simgad/ Frame 26B5 15 KB
15 KB 31ms
14ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17072390809368823545?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkFskVLl9XgrYUutv57oPhva4V-zQ

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b81182fb0c54d6fbca7295ea0805c4621169352bcfe1b09480925d46798b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 05 Dec 2020 13:39:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Nov 2020 09:02:15 GMT
server: sffe
age: 346796
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15035
x-xss-protection: 0
expires: Sun, 05 Dec 2021 13:39:19 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 26B5 2 KB
3 KB 29ms
14ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10217
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 26B5 295 B
389 B 29ms
14ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55635
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 26B5 0
0 15ms
14ms Image
text/html 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQduXJlHXjWQQO77GlG2MfiAoK3wV-LUYnh2qxmUwI9Jt4xjjrxxPV6ozcM2MM6wsTyxDwe0ZRuXiYgj_Bqi83153tWg
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 26B5 0
0 45ms
44ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CVS-SM9jQX7H_CZvC7_UPlomQ8ASSrd2MYL6976fzDNv86oIBEAEgzJGuImD7gYCAiAqgAa3GmqYCyAEC4AIAqAMByAMIqgSsAk_QB6vl57ciYCPiRRieHteNf5tz_lqYYtot9APGiCe96-W-xT246Zx3ta-ADFllVODqXFul3zqQXUMKhffXnMeQS2nS5cYuG9HnxlTsX2FGgrqjXGRGWU276oBTaz7wSzdi4Kk9qvORsq_85UohOi9YS6sQOd2jSSq3adgVs8LF1k-QKK1GhXLBq032LNfEl02f1pFx2ZyGiP4FbvgcZT3s_NBSkKkgsFp2qI9hnncw1TKPHeWyYjOIXaV7NT_f5fBJOApvvCNyBTkF_a9D8SH_PC4fVwxtVxnDOb0QJOsqxij-mEWvqOpjKRFluDiz_my0ow-muSGSXhIfuqKsbG-AuhhgZMmx96yen-9W41eB-PgAvFPnMkJwSKXxI4iK2698JgVTkr2qw5m0qsAE4qHHvKQD4AQBkgUECAQYAZIFBAgFGASgBgKAB7u55dkBqAfVyRuoB_DZG6gH8tkbqAeUmLECqAel3xuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQo6Yn0ggJCIDhgBAQARgdgAoDyAsB2BMCshcaChgIARIUcHViLTE5OTE2Nzk2MjQzMzEzNjk&sigh=sXdw3fPlEyI&tpd=AGWhJmshXNZMrvSDHz-83tQgE8cSqXlBJlYCfMRO3aBTx802iA
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187f0e2d2331f649e0afc51f0567cf23ef47d57283aa928313452eb1a559efb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28447
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 44ms
41ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBS_PREBID_HEADER1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&m=0&ar=a63e245-clean&iw=b2c8261&q=3&cb=0&cu=1607522355150&ll=2&lm=0&ln=0&em=0&en=0&d=25365849%3A465723849%3A4676441751%3A138290752599&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A279%3A279%3A317%3A271&fs=186589&na=307107916&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:15 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 45DD 180 KB
50 KB 39ms
20ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 127324
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Tue, 08 Dec 2020 02:37:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Dec 2021 02:37:11 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 45DD 13 KB
5 KB 32ms
14ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 45DD 90 KB
27 KB 39ms
21ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:50 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 45DD 3 KB
1 KB 38ms
20ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 45DD 41 KB
14 KB 30ms
13ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445296
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:39 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 45DD 2 KB
2 KB 10ms
5ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10217
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 45DD 295 B
320 B 10ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55635
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
DATA 200
OK truncated
/ Frame 45DD 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 598dbfa656457e82d8e05c68307e9005023b0602809e19a8e53bf0331d3c2e5a

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame D9BF 180 KB
50 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 127324
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Tue, 08 Dec 2020 02:37:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Dec 2021 02:37:11 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame D9BF 13 KB
5 KB 33ms
21ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame D9BF 90 KB
27 KB 27ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:50 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame D9BF 3 KB
1 KB 33ms
21ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame D9BF 41 KB
13 KB 31ms
20ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445296
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:39 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D9BF 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10217
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D9BF 295 B
320 B 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55635
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
DATA 200
OK truncated
/ Frame D9BF 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a1017287b32c11256d4c56583149b01dfe4b7c7e622f5dc0e7e7c696ccf992a

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9F88 0
0 51ms
51ms Fetch
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstCjxH_C4NaWE1Ifh0xl3JJE8xZ2hnkDz0ITWHqO-JucV_QHpHXYjXIaTIf7e9oc2KXIeNRG2nLhGki163oQ8VvuxTJ55k8HEGmXhMQmRh9HEP-qqXt_ZS68mkPEc26ywVkZ64U6MzwUcYuFa75TSshMuZRCJ1PJzXc-JO7P5ORcMIr3_OIz7gzl6Es8LwrvElPf3psDjftW3CRBvg2RRz7Wa0XRGVRPafYTy2ue4WyKs1e2FWyxivCQeUFjOuSARICRF6JiMj5&sig=Cg0ArKJSzNH9VmxgFyyLEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 adKit.min.js Show response
rev.cbsi.com/common/js/ Frame 9F88 6 KB
2 KB 355ms
150ms Script
application/javascript 2a04:4e42:46::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rev.cbsi.com/common/js/adKit.min.js?874998703

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:46::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 0
x-cache: MISS
content-length: 2149
x-served-by: cache-lga21946-LGA
access-control-allow-origin: *
last-modified: Thu, 16 Apr 2020 15:02:48 GMT
server: AmazonS3
x-timer: S1607522356.922252,VS0,VE62
etag: "e524dc608d5c7c30eef57b6ed95dc6a8"
strict-transport-security: max-age=300
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9F88 76 KB
29 KB 49ms
34ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29426
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 9F88 320 KB
107 KB 31ms
30ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:24:39 GMT
server: AmazonS3
x-amz-request-id: A1A0B3F940F1DAC9
etag: "6a6dcf414007d90f491fd34c0ded6f44"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56936
accept-ranges: bytes
content-length: 108768
x-amz-id-2: UR43//usmS5qM1+drhO+VGGwyXg2cnXCFBwLWVAMph1p2VgbAm2TDGDUM47RWoyL9kOfX+yVfbU=

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 762B 0
0 49ms
47ms Fetch
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAogRgKYY1XnWrbCtGWEXn5f-dKngAnCX4CGG8z5dzKiYvTCd_P6H5KKF9fwPoQAD_pmIlPGbXwwHW6uEMTa7KIJ1onC4TNm-D-cXRjmZmmps7kL0z7E8m9gssA5dsYunzbQ14wCKjvfz5avk2OyTojdNm5EeoqD4xDxpMnn69sBs4Qa3kAtRRadFHiKs6yz2p3JwLOY2QIDydfBqIkH9cVCt81Ps3lJDBIKDjDuATmLcljW80Hr4v9NOCvOch_rgk_H-V1Wij&sig=Cg0ArKJSzMjKkey-XdCHEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 762B 76 KB
29 KB 42ms
32ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29426
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 762B 320 KB
107 KB 32ms
32ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:24:39 GMT
server: AmazonS3
x-amz-request-id: A1A0B3F940F1DAC9
etag: "6a6dcf414007d90f491fd34c0ded6f44"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56936
accept-ranges: bytes
content-length: 108768
x-amz-id-2: UR43//usmS5qM1+drhO+VGGwyXg2cnXCFBwLWVAMph1p2VgbAm2TDGDUM47RWoyL9kOfX+yVfbU=

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 230F 180 KB
50 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 127324
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Tue, 08 Dec 2020 02:37:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Dec 2021 02:37:11 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 230F 13 KB
5 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 230F 90 KB
27 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:50 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 230F 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 446375
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 09:59:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 09:59:40 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 230F 41 KB
13 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 445296
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Fri, 04 Dec 2020 10:17:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Dec 2021 10:17:39 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 230F 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10217
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 230F 295 B
320 B 8ms
8ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202012081025/wrap.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55635
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
DATA 200
OK truncated
/ Frame 230F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a2f3e7b384d7b36ec7f4370104991b34a4fb2c91fe8205d61c1993d819a42fa

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 73D1 0
0 123ms
42ms Fetch
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstxDHevzdXnetj3gAVETtm79AKjrL7qp3-0oDDW3tXfKkzVOcHb6kXfJPanlSF5ir7YKqBn-vffagY77GnK-ZLsMC_2Ar5budkMDCkzSCqIJ61IyWOLN6iAIYbYJfB5dGB07AKZB1wKZVqnc6yPoDWVQLW6NXGcHuLEis-sZiVgAEFNdvHqa9Eh9fXF4toB3dI9OWlPpKGu8U-XJaR3pl_FS3DzN04QB_cKE06zlZOq6kYXdvlz8rvQuREoDZ3DgT5LLEB9NARY_xdSUetIVECf-1WB0kt_V60xxmT_3ZpVQOmIl2b8hoaJqqwK9gWvrkZBPO2pwzvUn-7Ejb8&sig=Cg0ArKJSzGONsPsqXgVoEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 73D1 41 KB
15 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 08 Dec 2020 12:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92568
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Dec 2021 12:16:27 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 73D1 76 KB
29 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29426
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 73D1 320 KB
107 KB 37ms
29ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:24:39 GMT
server: AmazonS3
x-amz-request-id: A1A0B3F940F1DAC9
etag: "6a6dcf414007d90f491fd34c0ded6f44"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56936
accept-ranges: bytes
content-length: 108768
x-amz-id-2: UR43//usmS5qM1+drhO+VGGwyXg2cnXCFBwLWVAMph1p2VgbAm2TDGDUM47RWoyL9kOfX+yVfbU=

GET
H2 200 Leaderboard_Flytrap_FR__728x90_.jpg
s0.2mdn.net/9322973/ Frame 73D1 43 KB
43 KB 43ms
7ms Image
image/jpeg 2a00:1450:4001:81f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9322973/Leaderboard_Flytrap_FR__728x90_.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6f9af3dc90ba848c8845262027b1d256e4062574efcb3ce6d54d8bcc68f6e91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 08:57:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Nov 2020 22:17:01 GMT
server: sffe
age: 18121
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43630
x-xss-protection: 0
expires: Thu, 10 Dec 2020 08:57:14 GMT

GET
H3-Q050 200 4613978470201167742
tpc.googlesyndication.com/simgad/ Frame 45DD 23 KB
23 KB 16ms
8ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4613978470201167742?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmTj3BWU0xOw3AZopPIvbAHjtdvbw

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1dade8d350eabf6450db7df41e512ee50cb12b424554a4debffe924d8657cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Dec 2020 21:22:49 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Nov 2016 02:14:10 GMT
server: sffe
age: 578186
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23108
x-xss-protection: 0
expires: Thu, 02 Dec 2021 21:22:49 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 45DD 0
0 43ms
15ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQT34vLgKME4iVDFTGNpvmixAUZrCMh88Dm8_XCYpjo3dw0VBIIJS4zEzRkuWLtTZ9luGrIXSlFiNpeBVRFmlca9iGJKQ
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 45DD 0
0 58ms
51ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2j85M9jQX7L_CZvC7_UPlomQ8ATunr3AYO7u8K_cDJbTy3kQASDMka4iYPuBgICICqABrveZ0gPIAQKpAlZmjV6MP6o-4AIAqAMByAMIqgSsAk_Q_D2oLs5DkRG9yU0YkriocUR1qIEJ6moqYshXvQbcK7S-DGuTDk98UZ3ugZEluU0lW4AakMR3J-7vF1WMHLDH1LDUDec31i-g_G8CMXcD56hF0_zkkE8pC1wsTBvrAtc-w-VwUP-8p6PXQaahn37M3LhLnSXMoEihTbMdLNkOMUhYZGuP1HRbtSKMI-kgL6XUWMq8L4SyZfBvCOoAeqXUqi09TqI2M1SOdUBE6QfqCWhmMt8mN2TIN1q8DWVLm_Xmd_CaaMhAp-rJzGCYoJFKnsY1NQ2H2J9FgMFSRLDYz-MdXpDZizllfayJY6NE3TomQc5K1y1zyMNvS4q1MXlc1PVlxy78yZphu0QmAceCL3JoU9fvY7dejF5P7A4ykuh3JF7vCOufBCMKR8AEpNjm7cQD4AQBkgUECAQYAZIFBAgFGASgBgKAB7qI5i2oB9XJG6gH8NkbqAfy2RuoB5SYsQKoB6XfG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDYhRTSCAkIgOGAEBABGB2ACgPICwHYEwyyFxoKGAgBEhRwdWItMTk5MTY3OTYyNDMzMTM2OQ&sigh=npuLPP6Ufd4&tpd=AGWhJmuQj3pUg07GzFQVkNUK95n-2KpzuaAK9i-r0jsELv_4EQ
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 14611287507068055669
tpc.googlesyndication.com/simgad/ Frame D9BF 130 KB
130 KB 24ms
17ms Image
image/gif 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14611287507068055669

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f459e6848709ab9158b88523a4d075a05ee8ac162418f08f194ff6b0d85655fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 09:53:42 GMT
x-content-type-options: nosniff
age: 14733
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133288
x-xss-protection: 0
last-modified: Sat, 10 Oct 2020 08:08:34 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Dec 2021 09:53:42 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame D9BF 0
0 40ms
13ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRaHNTPJ67Vj6Cl5n-4p6B9bmIxE1tRErT4McsPs_o-Q2IwUAqhtSjFf4C1bC5PytoiFaxcq5EGQr81U7n3uM4T_VEP8A
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D9BF 0
0 58ms
52ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CW9l4M9jQX7P_CZvC7_UPlomQ8ASC2uaeYNvw85K7DNzZHhABIMyRriJg-4GAgIgKoAGt3IqIA8gBA-ACAKgDAcgDCKoEpwJP0F14yBjOcemdC6SmErPFHe_tjn-UrD1sE31hHtk7YLTEFcD5dJe7qh1wpFD8ogs7BqYRugHBtaMLWC8ca50ITEadJZWdL0RoAbdiP5kYszkfm8bYsqLOhVBWntYfnb1zn7cgDYQJlFvxUkE9tWReZ1ismlH12-vu37lrn1v5iAB8HSMLOm2wmKQeESFrWEfXhayTwLoTl_mVLTUvq6KxE8dET_XJVYTnLAKJUxyNy27eZMiPjtrF_1LgRP2RvaAkwrDGUam5OzzT_fsBUZWO53k3qRql7QLPMfHA5S7WAIsPNTGMMlyP7vRAQz6RHUuwp2s9x1VGy4loqigjfx7JytHJSq7WFwsHd-Ky-mubbnEv5QzuI5qFZsnELHjeqwyIsXqTSvHSwATTmt-_4QHgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGA4AHzeLMeKgH1ckbqAfw2RuoB_LZG6gHlJixAqgHpd8bqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcDEIkv0ggJCIDhgBAQARgdgAoDyAsB2BMMshcaChgIARIUcHViLTE5OTE2Nzk2MjQzMzEzNjk&sigh=naXFpzuw1QU&tpd=AGWhJmu2k4QHap1HxtHYFgaD4SstwkR1dQchjE6CxKkrNYof6g
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 14361536548272915197
tpc.googlesyndication.com/simgad/ Frame 230F 30 KB
30 KB 20ms
14ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14361536548272915197?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkLTln1QBfsfTP9VwyFAclUni232w

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300898c3220ce69e5b3118ce94aa8cd7a9b9ec70a48fde3a51c9a3a81fab9d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 06 Dec 2020 08:04:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 13 Nov 2020 03:46:46 GMT
server: sffe
age: 280486
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31047
x-xss-protection: 0
expires: Mon, 06 Dec 2021 08:04:29 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 230F 0
0 57ms
51ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C3XFwM9jQX7T_CZvC7_UPlomQ8ATV5N28YLH2h77tDPzVz6fCHhABIMyRriJg-4GAgIgKoAH7t-3FAsgBAuACAKgDAcgDCKoEpwJP0OEQpVgt-xuva61qq1qmm2j8JdiNozjCw9lkQycarMzx-6QoyIEHYjBW96b5bA0QDsr178lD6RW4V7Q7PsUXqANInRy9VaBw4Wjjq8lgY7nDTdichmAUIOMeTf5abjyHAHGH8wypZ6g-6gNT7A0_13eDldywX5CdB5VyHuQSNkcbD91BifYbLdGK_RNMT7RppooyPXno22gBTaz1bIlc9dGO6tO1jJ4hOhrm0VHXx-xoN8Cd-kBoXUHhGJe85S7qAWozZXpPYp1Kh4gDZrVY1Pea6DLTnBP2RA_jy0uv4HmMemI15nKge5F0ltJ9jSZtRkfitTfWrjaeUaIaZpCTgXFGENRSvVV6-i7QCwXFrNIw6QXkJL3HOGiUgx14hOny82FjXAQdwATJ952PqwPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAH8bGRugGoB9XJG6gH8NkbqAfy2RuoB5SYsQKoB6XfG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBChxwPSCAkIgOGAEBABGB2ACgPICwHYEw2yFxoKGAgBEhRwdWItMTk5MTY3OTYyNDMzMTM2OQ&sigh=eydoB1kCK4E&tpd=AGWhJmtUN1AjbdaXrSI-4ZMvg4NaI3YA7kfLbSUdw7Q1-vdIbw
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 63ms
19ms XHR
application/json 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020120701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d34b0bafad5303d54168df7fac5a6d609f05dd913ec79a1333de63c35e99933a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6308
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 20AF 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8059c10da99c25115af13c06ffb29d6161de3a3a6742ad00961beab349af517

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBS_PREBID_HEADER1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1607522355150&de=685281704966&rx=228977579066&m=0&ar=a63e245-clean&iw=b2c8261&q=4&cb=0&cu=1607522355150&ll=2&lm=0&ln=0&em=0&en=0&d=25365849%3A465723849%3A4676441751%3A138290752599&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A279%3A279%3A317%3A271&fs=186589&na=243327202&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:15 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120701.js?21069708

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:15 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 73D1 0
22 B 43ms
42ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqaA42wuJxmFNDwbL371d2ofBqidrFFFT1n0GrZEyFWPZcCis9uxUJoAlwz1VxedyKaSRD012T9ZbQXY4auNIO9doPsmRyInN7Qb_1n1K4tp7flBNlI7lBzh9Pj0t_ApmcvnxkS1bt5VqKZJxLxuLnH_xVB8tAFz6MyhrE_EhMz609pGIg6jNtT95WBSMORMTx6aP5RR8PV14Pxgh9Yipfw5sjtF4CwB4aGlwOWiyApAh9mTnVv5SY8ojDiCLjCzeACGm6fZM&sig=Cg0ArKJSzN-RyJKZiQb4EAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 762B 0
22 B 44ms
44ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDPGNFAN4_AOtFaPrU1ARCiEQXUcOSQCaqfHgOUWGNSIp7-20mU4jCYvSOlKXF6aAhz7WQ7S3Q-lpMb1vHIfillbxX_tROy0msiSFAxkKoiyr1KR07umUiPnqf9Fn-NN_tTNuSy7SoEfLunXVWfw6P95a3VbaBcrv-inSU3tnMSABvPFM0tcoWaal142utj8iYwMeHB_9rmDyYdSDYwHr-RsoUbQTl7WZi_6Mjxt_UHNOxgwH4884us_3NeBd8SogLpZQ4xELr4gI&sig=Cg0ArKJSzBmzzDZerpwCEAE&urlfix=1&adurl=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame A594 0
0 6ms
6ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 08 Dec 2020 15:34:42 GMT
expires: Wed, 08 Dec 2021 15:34:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 80673
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 73D1 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8cb4560277333fa8d85c16c422ab0e0ba3369aa6b73316293f880e825851fe89

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 108ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=8&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29131449&L2id=2740158191&L3id=5467211422&L4id=138322013913&S1id=23605329&S2id=23619609&ord=1607522355929&r=35490331248&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=bottom&zMoatPT=article&zMoatSL=leader-plus-bottom%3FT-1000&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 108ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=8&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29131449&L2id=2740158191&L3id=5467211422&L4id=138322013913&S1id=23605329&S2id=23619609&ord=1607522355929&r=35490331248&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=bottom&zMoatPT=article&zMoatSL=leader-plus-bottom%3FT-1000&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 26B5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
39ms

Image
text/html

2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 09 Dec 2020 13:59:15 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame D9BF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

45ms
39ms

Image
text/html

2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 45DD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
40ms

Image
text/html

2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 230F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
40ms

Image
text/html

2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 17072390809368823545
tpc.googlesyndication.com/simgad/ Frame 26B5 15 KB
15 KB 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17072390809368823545?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkFskVLl9XgrYUutv57oPhva4V-zQ

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b81182fb0c54d6fbca7295ea0805c4621169352bcfe1b09480925d46798b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 05 Dec 2020 13:39:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Nov 2020 09:02:15 GMT
server: sffe
age: 346797
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15035
x-xss-protection: 0
expires: Sun, 05 Dec 2021 13:39:19 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 26B5 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10218
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 26B5 295 B
325 B 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55636
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 20AF 0
45 B 43ms
42ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvS9L_FS6EbLPsbiZigvhAH_OrLYYOxaDfU3Be_AN7kgtT5qKOoW0WMPTwtyR-Hl_bdekx5pRsYwr5fD6tE1N-lzweLzgPtB9EAzZyuipTI7VXEPL5p18UY_71TzF1oP2WTGOE79F4RlssDTSYz64i43wOm8plcMJi36JZ7HniRZPfg-k0vjG8P-LT9Li2THQ5OwqPcvF44LJKCVlf1xYMC0bIZkTNxpfgAGIQNA6pHK1By9CDJbxhlrAMvk6dDRgosA3vW_oloHoEwQFW2&sig=Cg0ArKJSzBZkSZyR4lbYEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBS_PREBID_HEADER1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1607522355150&de=663539910940&rx=228977579066&m=0&ar=a63e245-clean&iw=b2c8261&q=5&cb=0&cu=1607522355150&ll=2&lm=0&ln=0&em=0&en=0&d=25365849%3A465723849%3A4676441751%3A138290752599&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A279%3A279%3A317%3A271&fs=186589&na=654632786&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 4613978470201167742
tpc.googlesyndication.com/simgad/ Frame 45DD 23 KB
23 KB 8ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4613978470201167742?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmTj3BWU0xOw3AZopPIvbAHjtdvbw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1dade8d350eabf6450db7df41e512ee50cb12b424554a4debffe924d8657cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Dec 2020 21:22:49 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Nov 2016 02:14:10 GMT
server: sffe
age: 578187
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23108
x-xss-protection: 0
expires: Thu, 02 Dec 2021 21:22:49 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 45DD 2 KB
2 KB 9ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10218
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 45DD 295 B
322 B 11ms
8ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55636
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
H3-Q050 200 14611287507068055669
tpc.googlesyndication.com/simgad/ Frame D9BF 130 KB
130 KB 12ms
9ms Image
image/gif 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14611287507068055669

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f459e6848709ab9158b88523a4d075a05ee8ac162418f08f194ff6b0d85655fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 09:53:42 GMT
x-content-type-options: nosniff
age: 14734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133288
x-xss-protection: 0
last-modified: Sat, 10 Oct 2020 08:08:34 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 Dec 2021 09:53:42 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D9BF 2 KB
2 KB 10ms
8ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10218
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D9BF 295 B
322 B 10ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55636
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
H3-Q050 200 14361536548272915197
tpc.googlesyndication.com/simgad/ Frame 230F 30 KB
30 KB 14ms
12ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14361536548272915197?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkLTln1QBfsfTP9VwyFAclUni232w

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300898c3220ce69e5b3118ce94aa8cd7a9b9ec70a48fde3a51c9a3a81fab9d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 06 Dec 2020 08:04:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 13 Nov 2020 03:46:46 GMT
server: sffe
age: 280487
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31047
x-xss-protection: 0
expires: Mon, 06 Dec 2021 08:04:29 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 230F 2 KB
2 KB 10ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 10218
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 10 Dec 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 230F 295 B
323 B 14ms
12ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Dec 2020 22:32:00 GMT
x-content-type-options: nosniff
server: cafe
age: 55636
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 09 Dec 2020 22:32:00 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 53E1 0
0 11ms
5ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Wed, 09 Dec 2020 13:11:01 GMT
expires: Thu, 09 Dec 2021 13:11:01 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2895
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 9F88 55 KB
19 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: rev.cbsi.com
URL: https://rev.cbsi.com/common/js/adKit.min.js?874998703

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fd650d3808a6cf9fbde6bfe98b07ac3d1abd8c23541ae017cdea8b7be918180

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "718 / 194 of 1000 / last-modified: 1607516727"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 18975
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 29ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBS_PREBID_HEADER1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1607522355150&de=668070202638&rx=228977579066&m=0&ar=a63e245-clean&iw=b2c8261&q=6&cb=0&cu=1607522355150&ll=2&lm=0&ln=0&em=0&en=0&d=25365849%3A465723849%3A4676441751%3A138290752599&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A279%3A279%3A317%3A271&fs=186589&na=1370941862&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2 200 store.phtml
ad.clipcentric.com/user-9/resources/ Frame 5EC7 0
0 150ms
64ms Document
text/html 143.204.90.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.clipcentric.com/user-9/resources/store.phtml?v200530
Requested by: Host: clipcentric-a.akamaihd.net
URL: https://clipcentric-a.akamaihd.net/ad/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/ad.js?q=1604705524
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.90.50 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-90-50.fra50.r.cloudfront.net
Software: Apache/2.2.34 /
Resource Hash

Request headers

:method: GET
:authority: ad.clipcentric.com
:scheme: https
:path: /user-9/resources/store.phtml?v200530
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

content-type: text/html; charset=UTF-8
content-length: 2976
date: Fri, 04 Dec 2020 18:38:34 GMT
server: Apache/2.2.34
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0997.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: mhcnaMWTeoR6Olw8IJE1kK5xxidDyMx-eE_arztFty8R6mjwp3Dong==
age: 415242

GET
H2 200 cbsi_ads_skyboxKit.js Show response
rev.cbsi.com/common/js/ Frame 20AF 12 KB
3 KB 98ms
98ms Script
application/javascript 2a04:4e42:46::444
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rev.cbsi.com/common/js/cbsi_ads_skyboxKit.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:46::444 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4dbdcbed018562c656e6c5b5515ef82736596af03d573b06a50951d802f1e725

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 1041
x-cache: HIT
content-length: 2691
x-served-by: cache-lga21946-LGA
access-control-allow-origin: *
last-modified: Fri, 23 Oct 2020 17:13:17 GMT
server: AmazonS3
x-timer: S1607522356.242956,VS0,VE0
etag: "d0afa4a98aa5509aad29266c3dca9dbb"
strict-transport-security: max-age=300
content-type: application/javascript
via: 1.1 varnish
accept-ranges: bytes
x-cache-hits: 49

GET
DATA 200
OK truncated
/ Frame DDAD 750 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9cac3eeba1fc86e06fdc013a4c52742e9b4bd14b7be6517321127d4515095ce

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 E=in,im,fi
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=42/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
137 B 313ms
97ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=42/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=in,im,fi
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H2 200 xlr9vC2d.webp
clipcentric-a.akamaihd.net/file/1068966/ad_q75/1604705147/ Frame 20AF 16 KB
16 KB 36ms
34ms Image
image/webp 2.16.177.50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clipcentric-a.akamaihd.net/file/1068966/ad_q75/1604705147/xlr9vC2d.webp
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.177.50 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-177-50.deploy.static.akamaitechnologies.com
Software: Apache/2.2.34 /
Resource Hash: 72abfb31f44d9d6ae87bfbebfe2e1eef8d44e58bd6f1603c764d029e9bcfae3e

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: max-age=31536000
last-modified: Fri, 06 Nov 2020 23:32:08 GMT
server: Apache/2.2.34
content-length: 16342
content-type: image/webp

GET
H2 200 w4dKN9Ed.webp
clipcentric-a.akamaihd.net/file/1068964/ad_q75/1604705147/ Frame 20AF 15 KB
15 KB 43ms
41ms Image
image/webp 2.16.177.50
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clipcentric-a.akamaihd.net/file/1068964/ad_q75/1604705147/w4dKN9Ed.webp
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.177.50 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-177-50.deploy.static.akamaitechnologies.com
Software: Apache/2.2.34 /
Resource Hash: 9b4ca722833450a27d0f22918f250ba5882cadc1af54ac014d7c06f2b9805b1c

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: max-age=31536000
last-modified: Fri, 06 Nov 2020 23:32:07 GMT
server: Apache/2.2.34
content-length: 14862
content-type: image/webp

GET
H2 200 E=ls:load%20CBSi%20js%20file.0,li
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=46/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 314ms
98ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=46/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=ls:load%20CBSi%20js%20file.0,li
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H2 200 E=ls:Super%20Billboard.0
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=50/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 313ms
97ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=50/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=ls:Super%20Billboard.0
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H2 200 E=ls:hotspots%20collapsed.0
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=67/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 386ms
171ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=67/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=ls:hotspots%20collapsed.0
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H2 200 E=ls:on%20scroll%20full%20collapse.0
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=67/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 386ms
171ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=67/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=ls:on%20scroll%20full%20collapse.0
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H2 200 E=ls:custom%20ad%20controls.0
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=69/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 313ms
98ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=69/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=ls:custom%20ad%20controls.0
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=94&fi=1&apd=188&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=510506788845&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=94&fi=1&apd=188&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=510506788845&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 60ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=94&fi=1&apd=188&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=510506788845&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 59ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=296&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29131449&L2id=2740158191&L3id=5467211422&L4id=138322013913&S1id=23605329&S2id=23619609&ord=1607522355929&r=35490331248&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=bottom&zMoatPT=article&zMoatSL=leader-plus-bottom%3FT-1000&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 58ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=111&fi=1&apd=205&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=510506788845&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 58ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=9&fi=1&apd=17&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=685281704966&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 29ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=9&fi=1&apd=17&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=685281704966&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=9&fi=1&apd=17&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=685281704966&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 33ms
31ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=15&fi=1&apd=23&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=685281704966&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 32ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=663539910940&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=663539910940&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 31ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=11&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=663539910940&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=668070202638&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 31ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=668070202638&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 pubads_impl_2020120301.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9F88 279 KB
98 KB 42ms
41ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

dc3842d1ad8fde688d7b47fb100be5a4bcf18b97af2dd23d02dbb3713f6d520b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Dec 2020 09:42:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100510
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=17&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=668070202638&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 31ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F17072390809368823545%3Fsqp%3D4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg%26rs%3DAOga4qkFskVLl9XgrYUutv57oPhva4V-zQ&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&bq=11&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=970&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&cu=1607522355150&m=1081&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=0&ag=94&an=0&gf=94&gg=0&ix=94&ic=94&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=94&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=188&cd=0&ah=188&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=1870795686&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 31ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=21&fi=1&apd=41&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=67075449&L2id=2774809331&L3id=5536907755&L4id=138330866815&S1id=23605329&S2id=23619609&ord=1607522355777&r=297584849591&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad%3FT-1000&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 31ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=21&fi=1&apd=41&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=67075449&L2id=2774809331&L3id=5536907755&L4id=138330866815&S1id=23605329&S2id=23619609&ord=1607522355777&r=297584849591&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad%3FT-1000&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 31ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=21&fi=1&apd=41&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=67075449&L2id=2774809331&L3id=5536907755&L4id=138330866815&S1id=23605329&S2id=23619609&ord=1607522355777&r=297584849591&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad%3FT-1000&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1

200
OK

results.txt Show response
kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net/eum/ Frame 8CE1
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pzz2rsx5c
https://kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

126ms
29ms

XHR
text/plain

2.20.191.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.20.191.18 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-20-191-18.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Wed, 09 Dec 2020 13:59:16 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net/eum/ Frame 8CE1
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pzz2rsx5c
https://fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

51ms
6ms

XHR
text/plain

2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a02:26f0:6c00::210:ba19 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net/eum/results.txt
Date: Wed, 09 Dec 2020 13:59:16 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9F88 109 B
803 B 51ms
28ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9F88 109 B
781 B 44ms
30ms Script
application/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9F88 17 KB
5 KB 91ms
90ms XHR
text/plain 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3483658999074040&correlator=626337098270383&output=ldjh&impl=fifs&eid=21068773%2C21069702%2C21068811&vrg=2020120301&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201209&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=372x142%2C372x142&prev_scp=env%3Dprod%26session%3Da%26subses%3D5%26ptype%3Darticle%26vguid%3D69395634-6539-4fe4-bf44-f0eb77a4e48d%7Cenv%3Dprod%26session%3Da%26subses%3D5%26ptype%3Darticle%26vguid%3D69395634-6539-4fe4-bf44-f0eb77a4e48d&cookie=ID%3D23a148d739323a76%3AT%3D1607522355%3AS%3DALNI_Mah0kXFWAjovZNlwABDVIpzcE4KeA&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1607522356&dt=1607522356376&dlt=1607522355662&idt=697&frm=23&biw=1600&bih=1200&isw=371&ish=771&oid=3&adxs=-12245933%2C-12245933&adys=-12245933%2C-12245933&adks=3261246841%2C3261246840&ucis=txim241cthm4%7Cy2jq1w65nu4p&ifi=1&ifk=3139088205&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0%7C0x0&msz=0x0%7C0x0&ga_vid=200790897.1607522356&ga_sid=1607522356&ga_hid=1508345117&fws=256%2C256&ohw=0%2C0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

7c20e56a8b8f2be7b5c1a42c809c574f5a2ac66a5853312b4aa6bc65f4d057de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4569
x-xss-protection: 0
google-lineitem-id: 4746066197,4746066197
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239479696,138239375540
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
bb072ec3513fd1a9cd21b9b9835ee601.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 9F88 0
0 50ms
15ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://bb072ec3513fd1a9cd21b9b9835ee601.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 9F88 0
0 7ms
7ms Other
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 15ms
15ms Image
image/gif 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020120701&jk=235808809988837&bg=!l5SllLTNAAUbEDgJG1gfA94OfYSTiwIAAABtUgAAAA5oAQcKANv03i2A1X-qXguuCMl_B_RY_uYNYS5e7Rb9uvhp6XVil5p-dW3n45qEnXddPhGTqmvQAnUOdiAJV2DOSUywYcTpB5_bnXH2ghRB4fF1WUWRcQ6TJ3yDfW1w7juh844CfZofTopNdCx_8ePsALgSjMqXthFWa88tSygmFaOCNJYfJFn1B4BDjIOKqLpiSK1MQWWqHYPTTa4UBxvkRq9yIrEpbGJGWxlZ2hZ5ySZDEC1QGjR9lRO1sJCIBxAgDLm7fLmujAikMY-irbib9kN7HZV63lJjS16LXYKMP5OZAbZWc7s2whGOFuE9PIpOaCPzsCoeqnJah40uiLqLQAXDUcWCxxzqxsqxwd3GdYHxCHS8Rk3dw4mGo1ij-K-QI-RPWDJu7BKXuXRxHVmjA34nerBMvkwA1j975j_XlaIfnh2kGqlz5ePIW5yWByXLyD_dtMzyFMP0po5r73yssy-s5ysRMt1W-nu5LmPGgoDBa6xI0sgJzrSHzqi2y-qHwhx-KNJchPQCDmA3QCkMRuna8WWwHc6o0eyGAUZmz2Bph0vS_4QH0h31T70VwBfpcIzCwtDqkR7XX4TdGjkrFic9F1w-COZZNFshuoKSHsA0tigfb88Y9x4EORUlJCdmFBiGEVzpXy5ruWLQlkc6coM7QMVtxZb8RG_VZdf_lOv3Bs_e_EPDGHqA8mPqhlqCPE36-OXjPZeYJhKyjWaeFrYPyv_eblJSWwnCEhPF6HiGoj4I7b3qKuh_mhafUxnVeCoUTn-TJnlqa0VBMAuhY0AzlYeOXX54JWLcxJMG9j69M09ZYlbVrwEAsWYcXCsksT2-OGysatMzsR8LE3TleuKHA1Vr0O21ei1gh1CkXJXpe_0T-ZjXikU

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F4613978470201167742%3Fsqp%3D4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4%26rs%3DAOga4qmTj3BWU0xOw3AZopPIvbAHjtdvbw&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=600&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=685281704966&rx=228977579066&cu=1607522355150&m=1095&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=0&ag=9&an=0&gf=9&gg=0&ix=9&ic=9&ez=1&aj=1&pg=100&pf=0&ib=1&cc=0&bw=9&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=17&cd=0&ah=17&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=1322417835&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9F88 0
22 B 43ms
43ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu06xz1OrYZpOaxYSfMqVxzUV472WNGs1RSkLkf1wvEu-lYVK_FUYH0nBhF3dVsUyMwd7IqQKolxAspcWi5W9yZFSB_pF_2LZVOnj-R5-_HuOSIK7-sY2OPtW79Gu-wdTed9-jAKKKuQ3mBcXnIQE0MsgMoymNPDKQz1BJZ39Y4bVPD8SGXE90MbTd5onxHo2sM5tVth5iOn_J8ab-JLAgxdAySyF9p5fcXVw724-Z9iceBEIIhSKUPZrpSn87wdOM1oThVwOH8C0Q&sig=Cg0ArKJSzKxNpLrzlIP3EAE&urlfix=1&adurl=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F14611287507068055669&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=663539910940&rx=228977579066&cu=1607522355150&m=1100&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=6&cd=0&ah=6&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=186589&na=1683237189&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=181&fi=1&apd=201&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=67075449&L2id=2774809331&L3id=5536907755&L4id=138330866815&S1id=23605329&S2id=23619609&ord=1607522355777&r=297584849591&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad%3FT-1000&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE3B 0
0 45ms
44ms Fetch
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvZp_bE1QHRYDsrDKD2pnJ1tcyLZhYkMTOvlIy4zgeFLLC3iaq4qYjUupKVdCIINJynp8X0LP1OBm1E6PX4nl0nShoqUoqxhxVP16FrOGULEqHFVSMS37XpzcoNqAgXcqJ4RNjz62lgZSpyZP2sYo8mS_9y_iJV9VmMA8sqlp0iUGeZe_zEH2VD5ZjXhO62UofZ3bGByh-bX72CeSASWv3Fr5gATeS-HV27zVm0lR8aPG54RJzM0mzBoq8Qp-HVz-J9u1N4FM6d&sig=Cg0ArKJSzM3iYfO44hSuEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE3B 76 KB
29 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29426
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame EE3B 320 KB
107 KB 31ms
30ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:24:39 GMT
server: AmazonS3
x-amz-request-id: A1A0B3F940F1DAC9
etag: "6a6dcf414007d90f491fd34c0ded6f44"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56935
accept-ranges: bytes
content-length: 108768
x-amz-id-2: UR43//usmS5qM1+drhO+VGGwyXg2cnXCFBwLWVAMph1p2VgbAm2TDGDUM47RWoyL9kOfX+yVfbU=

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1591 0
0 46ms
45ms Fetch
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBSiTgmhDlJKVq77xf4pv3zFFI1JEUDqZwYt98ubRQf1_VG-_Wv98HIo0FO1j5har-kOf24gO7Yi7qCfA0HziwuLbS6FAO20g1RNT3siBaKUcwXgp5-nPf3GRbN5v92hByKEVLgXDr8BCXEKvAkpHTFalIkK_oq0y0yJS5LXpU4lbwt2JPgUBmA-iE8EtV6aA1h46BM0oA-Rty9l7DFH7uZ98EFPnCLoX6ImtOufxxn-TaZj2cQ6h3V8EXv8tJ3piyP8Z0WlWM&sig=Cg0ArKJSzHo-efeyiE5LEAE&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1591 76 KB
29 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 29426
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 1591 320 KB
107 KB 31ms
30ms Script
application/x-javascript 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 21:24:39 GMT
server: AmazonS3
x-amz-request-id: A1A0B3F940F1DAC9
etag: "6a6dcf414007d90f491fd34c0ded6f44"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=56935
accept-ranges: bytes
content-length: 108768
x-amz-id-2: UR43//usmS5qM1+drhO+VGGwyXg2cnXCFBwLWVAMph1p2VgbAm2TDGDUM47RWoyL9kOfX+yVfbU=

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9F88 74 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187f0e2d2331f649e0afc51f0567cf23ef47d57283aa928313452eb1a559efb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607379317188095"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28447
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9F88 8 KB
7 KB 41ms
26ms XHR
application/json 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020120301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13d5d51629e96725a1d83716a870ab5491115f2587db8f7710706a73ab5c65be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6413
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 31ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F14361536548272915197%3Fsqp%3D4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4%26rs%3DAOga4qkLTln1QBfsfTP9VwyFAclUni232w&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=668070202638&rx=228977579066&cu=1607522355150&m=1104&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5&cd=0&ah=5&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=186589&na=1620136847&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H2 200 E=ls:on%20scroll%20full%20collapse.1
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=370/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 98ms
98ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=370/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=ls:on%20scroll%20full%20collapse.1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame DDAD 801 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b526196d510bc11f40effba13f1b9e1792120b1f40b453695e8d7dcc05cf38d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F88 16 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020120301.js?21069702

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame EE3B 0
22 B 43ms
42ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsszZn3FvnIlF7oEuolSm-OVzmR8H9TfXO9HS_JMzIc4-G3C_Rh9bbnZs0mtHBGZJJUygXguL8xhVnJK2wCV7ci2KRgLd6h10KjEAA0Q9A_zd1PFBvWwtsGKxD3tsns4zkcMSrPvAvXfsTXoOotvYdmHNp2yWS-w5lYvWaUmgQGbZL0NuRTBDgsUehQEqaxxRpNyty1865uroH-iaH6h8TwOvmurMaCLdBpJWPOfS6walFhRkihoGurZCmuFD9D93uHsB5QVcNlGm08&sig=Cg0ArKJSzDyjLTs1BIiqEAE&urlfix=1&adurl=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 35ms
34ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=8&cm=12&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1607522356548&de=215817368620&m=0&ar=a63e245-clean&iw=6dd421e&q=30&cb=0&ym=0&cu=1607522356548&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4746066197%3A138239375540&zMoatPT=article&zMoatW=372&zMoatH=142&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatSN=a&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=372x142&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A279%3A279%3A317%3A271&iq=na&tt=na&tu=&tp=&fs=186589&na=801938604&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1591 0
22 B 43ms
43ms Image
image/gif 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkOaLvoOgf7oXrNP7jMYDUPo5EDIv4ZHK4ARLNvB0EJEkW8yHCa5yLtloJyc40Qz67JoBGoSpUBTnZVvoTx4B0Do8iVj3qrnNreHpnk339lo9RbZSorUmYMbZCWFKDVmGO5Qy97XYaWOEvtRu9O20e2PYGbhtxXjrlBmb4H0S7qngRX2z4bufvzlmMtaOUzXvL1HdV89110ehBZ5IQvE230s6RD5aS-B5xHUS2nAY4KAwJSGhlPV6XndWkf7HqDGfba41vsnL3KZM&sig=Cg0ArKJSzKuikPk1wfX_EAE&urlfix=1&adurl=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame F5BE 0
0 6ms
5ms Document
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Wed, 09 Dec 2020 13:11:01 GMT
expires: Thu, 09 Dec 2021 13:11:01 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2895
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 204
No Content /
684dd305.akstat.io/ 0
354 B 51ms
38ms Other
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd305.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:16 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Wed, 09 Dec 2020 13:59:16 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F88 0
23 B 16ms
15ms Image
image/gif 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020120301&jk=3483658999074040&bg=!sbKlspLNAAXKjztByljB9_KUeaQrfQIAAABFUgAAAA1oAQcKAa6BH8PdQ6h1Cq5J4i1GwoUqhZ25-sluxPr7tC26Bfsq5mFOw2o6BpctE3ALVNxqwbM0GpR8oHdKMc3OWvKUxLCHAplWHWS_ZmJf20HMLh7bZqLwsUufQhoOG2-yXpp3NJaOWlgMw2BiUWIi4YvmCTwRhh9sNhIFwNuk6MPWieQ9PA5OdLtW7Pv8_uKLl6-aTNgrge8SSDBaBae3gCn3h7rvIUjKJFf1Q9rUcIblCIXmktfSudCCeCHYP3nYjJF0TLSTT9E7ind8pFq51gD0pTbMf0PWtFUElpt7fSnBIqGFZF3iIhndSYFsx-JVClOcIjphkWOGV-hbrQ-qVv0eCC82rn0GTo7ReVynoaPx9wANh4bpw0UklFx9x8Cvx2j-AdJhHC-DF9gtQQGEea66wfOd56BeusePOyvhLJDyOEUfh6TIQTLpGmsKhW8cA8aJ_lSaHbp7H9dItmsW3mNOzAvurKwUbag-4MsA9b5rtcs-WXd2Qgo83g1g2I-Fv71MKhJ41dq72-TM9enX0C1-5VDOQTp_mFBFn5z-hMmSuFfZJZR35l0gC9xYvcbhH6QDmQG8foCyTSYe4gf-o66NJYv5eB8JH5dRN-UcPTS83cw5ONK_zf1gfo6ALYb8gJywO0zrf9xhGwOclBfr7OWLppaySul6rBR5m_CmsEm885pgSfQwpEhlGBBl41y5MpyLGQ069HnRUVt1h9YL9YHp2K5CsR_Rg7KW66-ti-wji4DOFxNAPEIbiwzeoKZspplpfbBDXtds9DCdPDmHnoDZBZ_4cKuVpyl08wS9WyD8hNL6xzU1M7H-MIXdRL6mM0r9vEHJkgf_8kJzLQDHxirm7dtx9T4Ml1Xp8O93FqcTPHTe2ZUZ3YWE9Pjog_yHqkG8Z9m4ozEBaAreMlZzMiYSnGSPC5Jr9rStCxGRezoiQS_ufB3nQDh38qIzaPPXbylxvSjiJBTSpBYv8O2SgpfLturhgnLgEP700ZcDqXSAlAS5uYhsiwiqZLu8Aw5dlkiW1ELyWajanDIUt6gEefIo4-O5EkqI10mMlp1CiC86lbdaM0vXFIgxmXlp6AsMbzSrV1asq4BAwkX9Qg6MXB8n1TRubdE-IkShh7wOOD7eWNv67Djl21PKEdEvwXOEBoL1y1Ew_lU_Ld9QeQ86jwi7

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 26B5 42 B
94 B 21ms
20ms Image
image/gif 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstRTdqBnoGZnp1ixeZLOQCiqDPfAEL_-BZmcDCBnyTRCFaWfjnoekASH26-J0MvH1zWToXs9C8o2p2fSMr6Jf5mzGoufQc102Q9seFn313_79B6oyEJD8sM0ptsQQ&sai=AMfl-YSlhPzB4ddtAJENtnieUUWnFmMSqbbGNwkwF_iO7Ii9awzA5RyWo-8f5oycoKUrRrgkl_d68MGsnstF-oqS-NGXvDdGHAThdSK6gPrGTqfnR0tCGMTJojH0B8A&sig=Cg0ArKJSzAxcf0OK57k9EAE&cid=CAASF-RoV5diH5XEYHihCymvWz2wWbMivWfA&id=ampim&o=315,390&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=274&tls=1275&g=100&h=100&tt=1275&r=v&avms=ampa&adk=3581870410

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 45DD 42 B
66 B 19ms
19ms Image
image/gif 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssP-7ecZ3Gd9rSzH_rgE0HLsNA9Hwjc7hnPjiI9XsS977dS4usR0j0yGlxhtvejPvmvvJuJtWMFcJBbYReSb9VeXcS0xeTRIS94CY1NQNVhQSEUCsL89MOesWVDiA&sai=AMfl-YRHHm7JkSSn8CJ30RW945ZTT45TvYP8AZ8g6ZfvNQOclXKhsv3UUWOyVeUAWbk6bCVPF35t48P-oJztbbvB2lLJSFG9NKJWYCQXTxlh1GKU5gSylKFQRaz79o8&sig=Cg0ArKJSzDhO9UfVztjIEAE&cid=CAASF-RoJIP1GzFeGg-FxubJnhApcc3ey96Z&id=ampim&o=1050,510&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=226&tls=1226&g=100&h=100&tt=1226&r=v&avms=ampa&adk=1925781520

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 E=wi
tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=1018/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/ Frame 20AF 35 B
136 B 99ms
98ms Image
image/gif 34.228.35.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.clipcentric.com/s/B=244/F=1068986/C=105721/P=22/A=105720/L=21/V=23/S=TOaLnfSR/Z=1/I=120.730748.1607522356141/U=www.zdnet.com/T=1018/M=i/D=d/PO=zdnet.com/LO=5536907755/VO=138330866815/E=wi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.35.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-228-35-190.compute-1.amazonaws.com
Software: Apache/2.2.34 /
Resource Hash: 6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 13:59:17 GMT
cache-control: no-cache
server: Apache/2.2.34
content-length: 35
content-type: image/gif

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 20AF 42 B
66 B 14ms
14ms Image
image/gif 2a00:1450:4001:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuSztXSo4n9t_9tjdmHNFJnLXWDK2_Bjl6BsDJs4PUC0Qis6TLQKZHYOOSBE-QS8zZ7Jo27TRwW-pDuTphpqL64fY39N2dGTP4zcjT9VUA&sig=Cg0ArKJSzB3oHEfmiggCEAE&adk=2072725681&tt=-1&bs=1600%2C1200&mtos=1075,1075,1075,1075,1075&tos=1075,0,0,0,0&p=0,0,105,1600&mcvt=1075&rs=0&ht=0&tfs=363&tls=1437&mc=1&lte=-1&bas=0&bac=0&met=ce&avms=nio&niot_obs=249&niot_cbk=315&md=2&btr=0&cpmav=0&lm=2&rst=1607522355627&dlt&rpt=986&isd=0&msd=0&xdi=0&ps=1600%2C4968&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-5-11-11-0-0-0&tvt=1434&is=1600%2C105&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&r=v&id=osdim&vs=4&uc=12&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20201207

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 31ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=970&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&cu=1607522355150&m=2125&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=1143&an=94&gi=1&gf=1143&gg=94&ix=1143&ic=1143&ez=1&ck=1143&kw=1035&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1143&bx=94&ci=1143&jz=1035&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1035&cd=188&ah=1035&am=188&rf=0&re=1&ft=706&fv=0&fw=706&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=372362556&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 35ms
34ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1035&tet=1143&fi=1&apd=1237&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=510506788845&t=iv&os=1&fi2=0&div1=1&ait=706&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:17 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 31ms
30ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=847&tet=1041&fi=1&apd=1049&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25365849&L2id=465723849&L3id=4676441751&L4id=138290752599&S1id=uk-zdnet&S2id=security&ord=1607522355150&r=685281704966&t=iv&os=1&fi2=0&div1=1&ait=706&zMoatVGUID=0&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=0&zMoatPT=0&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:17 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=970&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&cu=1607522355150&m=2125&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=1143&an=1143&gi=1&gf=1143&gg=1143&ix=1143&ic=1143&ez=1&ck=1143&kw=1035&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1143&bx=1143&ci=1143&jz=1035&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1035&cd=1035&ah=1035&am=1035&rf=0&re=1&ft=706&fv=706&fw=706&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=413016329&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=970&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&cu=1607522355150&m=2126&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=1143&an=1143&gi=1&gf=1143&gg=1143&ix=1143&ic=1143&ez=1&ck=1143&kw=1035&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1143&bx=1143&ci=1143&jz=1035&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1035&cd=1035&ah=1035&am=1035&rf=0&re=1&ft=706&fv=706&fw=706&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=398147337&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=600&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=685281704966&rx=228977579066&cu=1607522355150&m=2127&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=1041&an=9&gi=1&gf=1041&gg=9&ix=1041&ic=1041&ez=1&ck=1041&kw=847&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1041&bx=9&ci=1041&jz=847&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=847&cd=17&ah=847&am=17&rf=0&re=1&ft=706&fv=0&fw=706&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=1900749223&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=600&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=685281704966&rx=228977579066&cu=1607522355150&m=2127&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=1041&an=1041&gi=1&gf=1041&gg=1041&ix=1041&ic=1041&ez=1&ck=1041&kw=847&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1041&bx=1041&ci=1041&jz=847&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=847&cd=847&ah=847&am=847&rf=0&re=1&ft=706&fv=706&fw=706&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=385790525&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=600&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=685281704966&rx=228977579066&cu=1607522355150&m=2127&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=1041&an=1041&gi=1&gf=1041&gg=1041&ix=1041&ic=1041&ez=1&ck=1041&kw=847&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1041&bx=1041&ci=1041&jz=847&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=847&cd=847&ah=847&am=847&rf=0&re=1&ft=706&fv=706&fw=706&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=1169549700&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:17 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 30ms
29ms Image
image/gif 23.212.157.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1005&tet=1186&fi=1&apd=1206&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=67075449&L2id=2774809331&L3id=5536907755&L4id=138330866815&S1id=23605329&S2id=23619609&ord=1607522355777&r=297584849591&t=iv&os=1&fi2=0&div1=1&ait=904&zMoatVGUID=69395634-6539-4fe4-bf44-f0eb77a4e48d&zMoatCURL=zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files&zMoatPS=nav&zMoatPT=article&zMoatSL=nav-ad%3FT-1000&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=1&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.157.206 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-212-157-206.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Dec 2020 13:59:17 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 09 Dec 2020 13:59:17 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 34ms
34ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=970&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&cu=1607522355150&m=6161&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=5180&an=1143&gi=1&gf=5180&gg=1143&ix=5180&ic=5180&ez=1&ck=1143&kw=1035&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5180&bx=1143&ci=1143&jz=1035&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5072&cd=1035&ah=5072&am=1035&rf=0&re=1&ft=4743&fv=706&fw=706&wb=2&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=2055798052&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:21 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:21 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=600&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=685281704966&rx=228977579066&cu=1607522355150&m=6162&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=5078&an=1041&gi=1&gf=5078&gg=1041&ix=5078&ic=5078&ez=1&ck=1041&kw=847&aj=1&pg=100&pf=100&ib=1&cc=1&bw=5078&bx=1041&ci=1041&jz=847&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4884&cd=847&ah=4884&am=847&rf=0&re=1&ft=4743&fv=706&fw=706&wb=2&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=1691377928&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:21 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:21 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=970&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=510506788845&rx=228977579066&cu=1607522355150&m=6365&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=1&ag=5384&an=5180&gi=1&gf=5384&gg=5180&ix=5384&ic=5384&ez=1&ck=1143&kw=1035&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5384&bx=5180&ci=1143&jz=1035&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5274&cd=5072&ah=5274&am=5072&rf=0&re=1&ft=4947&fv=4743&fw=706&wb=2&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&tc=0&fs=186589&na=706932018&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:21 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:21 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
30ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=663539910940&rx=228977579066&cu=1607522355150&m=6366&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5069&cd=6&ah=5069&am=6&rf=0&re=1&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=186589&na=996117105&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:21 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:21 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 30ms
29ms Image
image/gif 104.79.89.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=uk-zdnet&zMoatAdUnit2=security&wf=1&vb=8&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBS_PREBID_HEADER1&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%5Elv%3Ch%2CeI8!A2QnbjPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&th=3917275517&tf=nMzjG---CSa7H-XSSptC-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=0%2C0%2C0%2C0%2C%2C1%2C0%2C0%2Cprobably%2Cprobably&os=&qp=00000&is=BBBBB2BBEYBvGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbGBC4ehueB57NG9aJeRzBqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&pcode=cbsprebidheader506831276743&ql=&qo=0&vf=1&vg=100&bq=11&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-hide-web-skimmer-inside-a-websites-css-files%2F&id=1&ii=4&f=0&j=&t=1607522355150&de=668070202638&rx=228977579066&cu=1607522355150&m=6367&ar=a63e245-clean&iw=b2c8261&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4968&le=1&lf=144&lg=1&lh=11&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A279%3A279%3A317%3A271&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5063&cd=5&ah=5063&am=5&rf=0&re=1&wb=1&cl=0&at=0&d=25365849%3A465723849%3A4676441751%3A138290752599&bo=uk-zdnet&bd=security&gw=cbsprebidheader506831276743&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=186589&na=1243299941&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.133 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 13:59:21 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 09 Dec 2020 13:59:21 GMT

POST
H/1.1 200
OK NRJS-04e0f5db0886b3b33ff Show response
bam-cell.nr-data.net/events/1/ 24 B
489 B 143ms
143ms XHR
image/gif 162.247.243.147
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/NRJS-04e0f5db0886b3b33ff?a=450235099&v=1184.ab39b52&to=ZFMHbUMCXktYWxJZX10ZJFpFCl9WFlkURFlQWgBmQgpeX1Vd&rst=10487&ck=1&ref=https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 09 Dec 2020 13:59:24 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
CF-Ray: 5fef3f1829c4ede7-CDG
Content-Length: 24
cf-request-id: 06e965c31d0000ede7f8802000000001

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zdnet.com/	1969-12-31 23:59:59	Name: fly_default_edition Value: eu
.zdnet.com/	1969-12-31 23:59:59	Name: fly_preferred_edition Value: eu
.zdnet.com/	1970-01-19 14:42:07	Name: fly_device Value: desktop
.zdnet.com/	1970-01-19 14:42:07	Name: fly_geo Value: {"countryCode": "de"}

33 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 397) Message: Found registered service worker: [object ServiceWorkerRegistration]
console-api	info	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 382) Message: Registration of service worker /service-worker.js successful with scope:https://www.zdnet.com/
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: _injectQueryStringGCP functional
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_chartbeat performance
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_tealium functional
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 94) Message: Loading iframes
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 94) Message: Loading iframes
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Service loaded: script_sourcepoint with class optanon-category-4
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Service loaded: script_cohesion with class optanon-category-2
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Service loaded: script_twitterwidgets with class optanon-category-5
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_urban_airship targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_taboola targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_async_load targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 240) Message: %c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api	log	(Line 21) Message: Skybox - ClipCentric ::: creative id = 138330866815, pos = nav
console-api	log	(Line 86) Message: blank creative loaded: 138239344481 (11 x 11, pos=top, slot=sharethrough-top)
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/
console-api	log	URL: https://www.zdnet.com/article/hackers-hide-web-skimmer-inside-a-websites-css-files/(Line 164) Message: Dynamic Showcase Center container ::: creative id = 138247024569
console-api	log	(Line 57) Message: %c CBSi Skybox v2.3.015 background:#0080ff; color:#fff; border-radius:2px;
console-api	log	(Line 64) Message: [s] loaded
console-api	log	(Line 64) Message: [s] collapsed
console-api	log	URL: https://rev.cbsi.com/common/js/cbsi_ads_skyboxKit.js(Line 1) Message: %c CBSi Skybox Kit v4.25 background:#369; color:#fff; border-radius:2px;
console-api	log	(Line 86) Message: blank creative loaded: 138239479696 (372 x 142, pos=, slot=dynamic_showcase__0)
console-api	log	(Line 86) Message: blank creative loaded: 138239375540 (372 x 142, pos=, slot=dynamic_showcase__1)
console-api	log	(Line 64) Message: [s] collapsed

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd305.akstat.io
ad.clipcentric.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
adservice.google.fr
at.cbsi.com
bam-cell.nr-data.net
bb072ec3513fd1a9cd21b9b9835ee601.safeframe.googlesyndication.com
bea333179fc92527b1d28d0071386440.safeframe.googlesyndication.com
c.go-mpulse.net
cbsdfp5832910442.s.moatpixel.com
cdn.ampproject.org
cdn.cohesionapps.com
cdn.cookielaw.org
clipcentric-a.akamaihd.net
cmg1.cbsistatic.com
confiant-integrations.global.ssl.fastly.net
fiaqj6abeejrukqce3ygyaaaabp5bwbu-pzz2rs-5ec3e2635-clienttons-s.akamaihd.net
geo.moatads.com
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
js-agent.newrelic.com
kjtbe4qccs6uix6q3a2a-pzz2rs-cfcd90480-clientnsv4-s.akamaihd.net
make.cohesionapps.com
mb.moatads.com
pagead2.googlesyndication.com
platform.twitter.com
px.moatads.com
rev.cbsi.com
s0.2mdn.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
tr.clipcentric.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
urs.zdnet.com
vidtech.cbsinteractive.com
www.google.com
www.googletagservices.com
www.summerhamster.com
www.zdnet.com
z.moatads.com
zdnet1.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
104.79.89.133
13.35.254.118
143.204.90.50
151.101.114.110
151.101.13.194
151.101.193.188
162.247.243.147
172.217.18.98
172.217.22.38
2.16.177.50
2.20.189.68
2.20.191.18
216.58.206.2
23.212.157.206
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:b944
2606:4700::6810:9440
2a00:1450:4001:802::2004
2a00:1450:4001:808::2001
2a00:1450:4001:80b::2001
2a00:1450:4001:816::2001
2a00:1450:4001:816::2002
2a00:1450:4001:81a::2004
2a00:1450:4001:81d::2002
2a00:1450:4001:81e::2002
2a00:1450:4001:81f::2006
2a00:1450:4001:820::2001
2a02:26f0:6c00:19a::11a6
2a02:26f0:6c00:287::11a6
2a02:26f0:6c00::210:ba19
2a04:4e42:1b::444
2a04:4e42:3::645
2a04:4e42:46::444
34.102.213.242
34.206.27.228
34.228.35.190
52.212.177.60
52.28.196.64
012e5b88dad4652bf27c941961fbfeb1e0d7babb3d9bbfe275a67c1f9328dba4
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06b10167b8d0ac41c1b681a2cce2977f08c4bb49f3261d7ff2fce60b0e59f7c0
0844bd3c4baeabefa82df5e7dab5789c384a63f93799d25d325923c87941b79b
08bd27b9e3833308d8ffd4820a1b53a2ac3f56483271417f05025f340647a7d9
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0a5863d133ab335ff4117ab10b0d27c46f2af0617fabf4bddc05f4b03a8d6224
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
13d5d51629e96725a1d83716a870ab5491115f2587db8f7710706a73ab5c65be
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c
187f0e2d2331f649e0afc51f0567cf23ef47d57283aa928313452eb1a559efb4
1ab0fc3f878b42fc04e9f47977ad87ff511315c5350ae32bfb9ddbff64632ffa
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9
1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
23aa4be6930fc2ce054bf82114fbabd45a0469faef9aed850250c1b031914c5c
2b1068aa007abf0e405b0840844c67718204a0073dc392337d78427a0dba6854
2b20ea9ccf18bdef3ab660527bfbffe2ee2715386168369b242b1c6b3fe6a3f8
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15
2b526196d510bc11f40effba13f1b9e1792120b1f40b453695e8d7dcc05cf38d
2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3b9d8639772adaa69d76f665d1b030976897c238f8f80c9e2f6a4cb6bd45226a
46808371fd0d953a90516d8d73b661b2fbf3d1709b7be3ac38bba82661772b11
477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb
4a2f3e7b384d7b36ec7f4370104991b34a4fb2c91fe8205d61c1993d819a42fa
4acae18e14c42f09b822234b4a1d44282152ca2c94f307361c4436d205cf6930
4dbdcbed018562c656e6c5b5515ef82736596af03d573b06a50951d802f1e725
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
539e0e86d94eab027fa175eba432b9916b7910fd66a57b911012c484e3b6ed68
53acd73b82f849ea5fd65fc6be8ae76921e250f3eabb07009387216b9ceab567
55b6a301ead5bcafd1e0010c62997f1468a00333e9b1a3da53bd97da888bcb4d
598dbfa656457e82d8e05c68307e9005023b0602809e19a8e53bf0331d3c2e5a
602fab312dd82ffb14508d0e186e809e1e27c55a6e62adf5769a9318dc84ce2f
6300898c3220ce69e5b3118ce94aa8cd7a9b9ec70a48fde3a51c9a3a81fab9d1
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
66e28581da77e9eb915b0f4be570443d21ce24cf25cad6756e15106ded11fd7b
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6b9b81182fb0c54d6fbca7295ea0805c4621169352bcfe1b09480925d46798b5
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019
6f61194871255096b51c078ecffd02a93699b2cda3bc71c8c48cea2a5511a5b2
72abfb31f44d9d6ae87bfbebfe2e1eef8d44e58bd6f1603c764d029e9bcfae3e
744ae87db00be85a6a482a3e8036f81aafaa7754be29b05a2330d0fbc8fea803
75a04d5ba97483d6d20c1a26bfe8d96a69d19ff3782670b43a361062e45c3bae
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
7c20e56a8b8f2be7b5c1a42c809c574f5a2ac66a5853312b4aa6bc65f4d057de
7cd54b3c177c3f63dd51c2dae4ef7ca4e3cd938c1afb60e4b4e9d78df952ac75
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81df676412dc48b4a04b9b8aa38c14673f3ec0fcc05af5d1491ea88b66d4b731
8998f538f8666274a4a87ad65aa9d5247e9e4455bf588d32d89917b4cddcf4ac
8a1017287b32c11256d4c56583149b01dfe4b7c7e622f5dc0e7e7c696ccf992a
8cb4560277333fa8d85c16c422ab0e0ba3369aa6b73316293f880e825851fe89
90c131e200bcdfbaa55486dbe5d0882f918237f52973d2246fdece0fccdb8aa8
9291d9d87d61a0608d3a6b508cb92fa452e2ad612696a66716201dffdf968927
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
9b4ca722833450a27d0f22918f250ba5882cadc1af54ac014d7c06f2b9805b1c
9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0
9ce8d3bfed7339952b7f3a4143df2e3867ab6ea6555d95d3bd44087d4f672bd1
9d0d33ff3cbe6054d46a549c75a09323fc711113b82fde575003df837cb9f4e0
9fd650d3808a6cf9fbde6bfe98b07ac3d1abd8c23541ae017cdea8b7be918180
9ff097bb2a8986d45348ac893bede5cafd713e7164381c9a5e8f4f7aef9e30bc
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a0aa48808ddef7604ba969db62e4af3a2ba001b7a8751823cf0ab2d430308ea5
a1c415bf7900dd9ac3f47ed0b08dc8828f52e3dbf9103171d52abf54c27f207d
a1dade8d350eabf6450db7df41e512ee50cb12b424554a4debffe924d8657cc6
a26dbd7b877b153f4afb810fe7d49ae6c1cb06bc2bc7d8c664c4c164ce465a72
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a8059c10da99c25115af13c06ffb29d6161de3a3a6742ad00961beab349af517
a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2792de7d1c7ab78af9ecbc9c5ebd3d9cf9adbd8253df75167afb99ed9817d5f
b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094
b337eb7225defc9d923988e2ea5cc1001b8b76bc765e5ce321a017a7c702d7d9
b37ea3699ff6f8c4c8edbc1e1f57bdde591af1b56e6fd0b1b4109404ef981872
b56f149b1992f2c661b3901a0713021aa15eb73c19b94f19e763d588f839121e
b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42
b6a88cbbd9bd92273409ea0a0c41fe6ce99e9c2e1cbf0dbacdd75104cab661be
b83f47192968845203ba2cd5fe212c2625bc4229f3423494af6c71b5bb9c693d
b8e8fe9b8ca280dc3c982691064e62ba97c8f2c192a17dfe74430c7cf73cb4de
bc51619cf2b5baa2efe360987415bc94058e23bfa66ba7482c2764e14cd67303
c269c820bb1f57a535cbc2b61ddbd902ef33364e5fd1f827ecaccbd1831c1d42
c2e70fffd1703183d4c7fd5a2ef5b52bc16bfbfacaab0d8686c43166e0e450b7
c4df42cc9a2273c0b450ebd167bea34c77aff089fbe4ca525b009049b83877f2
cd12114dec47fbc56b33e78544e9d3695c63f4b93f692403c57ea8a5ed544f30
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0f42d21606bd1628ac552a07b729027fdcada18e58b67c8633234cc1f161d6d
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d11c8f0c92bdc6962b7c34ca3f680b45ba9696060e669524254e3113989c361f
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41
d34b0bafad5303d54168df7fac5a6d609f05dd913ec79a1333de63c35e99933a
d6f9af3dc90ba848c8845262027b1d256e4062574efcb3ce6d54d8bcc68f6e91
d74467262a603ab3b6167db0b5ae6d44265525884fb16980fad00a892fe70bec
dae02973b03903eee0fcf4bf27fdcac25fd7c30646d780f874430cdbdde68609
dc3842d1ad8fde688d7b47fb100be5a4bcf18b97af2dd23d02dbb3713f6d520b
dde887d344b95d356af5e8d8cc053adf7897ce838f1989bbb766ec67b644c7ad
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9cac3eeba1fc86e06fdc013a4c52742e9b4bd14b7be6517321127d4515095ce
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d
eed4ffa6bd7fa3ab0bf001674e5c7946c54bd8c6eefd4b10ce29c697d4f04a21
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5c24ffc916dfb93a08ffee2e522d8a8308cc02bc6a7c875693f25195eab52e
f1e3d87e5966b1193f8e51bec035a9de6de1c02243deb8f2b9bd280a67715112
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f459e6848709ab9158b88523a4d075a05ee8ac162418f08f194ff6b0d85655fe
f54a769fcfcac34a91240c7bb0e30a1f88c7ac35082fa8bcaa501f202f4b6dd5
f7f2bdc0e7fe5869f190423c30b3b48778f5d099ed37a35c46933eded6b65f29
f835c82d786b060f757effaeb7b6e8e8f9cec6e389ba1181c419742b01331795
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

www.zdnet.com Open in urlscan Pro 2a04:4e42:1b::444 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

251 Requests

100 %HTTPS

50 %IPv6

26 Domains

48 Subdomains

38 IPs

4 Countries

3863 kBTransfer

10558 kBSize

4 Cookies

24 Outgoing links

Redirected requests

251 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdnet.com Open in urlscan Pro
2a04:4e42:1b::444 Public Scan

Screenshot
Live screenshot

Full Image

251
Requests

100 %
HTTPS

50 %
IPv6

26
Domains

48
Subdomains

38
IPs

4
Countries

3863 kB
Transfer

10558 kB
Size

4
Cookies

251 HTTP transactions
16 data transactions