gizmodo.com Open in urlscan Pro
151.101.66.166 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Effective URL:
https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Submission: On May 03 via api (May 3rd 2018, 12:20:48 pm UTC) from US

Summary HTTP 207 Redirects Links 43 Behaviour Indicators

Summary

This website contacted 63 IPs in 7 countries across 48 domains to perform 207 HTTP transactions. The main IP is 151.101.66.166, located in San Francisco, United States and belongs to FASTLY - Fastly, US. The main domain is gizmodo.com.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on April 24th 2018. Valid for: 4 months.

This is the only time gizmodo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	151.101.2.166 151.101.2.166	54113 (FASTLY) (FASTLY - Fastly)
31	151.101.66.166 151.101.66.166	54113 (FASTLY) (FASTLY - Fastly)
1 7	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3 5	216.58.207.78 216.58.207.78	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.85.188.213 52.85.188.213	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	54.154.150.25 54.154.150.25	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	159.180.84.2 159.180.84.2	33047 (INSTART) (INSTART - Instart Logic)
1	216.58.205.226 216.58.205.226	15169 (GOOGLE) (GOOGLE - Google LLC)
4	23.67.129.200 23.67.129.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	178.250.2.74 178.250.2.74	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	104.20.30.2 104.20.30.2	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	104.18.36.50 104.18.36.50	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	23.45.97.170 23.45.97.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.217.21.238 172.217.21.238	15169 (GOOGLE) (GOOGLE - Google LLC)
4	216.58.214.66 216.58.214.66	15169 (GOOGLE) (GOOGLE - Google LLC)
4	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE - Google LLC)
9	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE - Google LLC)
3	64.233.166.156 64.233.166.156	15169 (GOOGLE) (GOOGLE - Google LLC)
1	178.63.12.208 178.63.12.208	24940 (HETZNER-AS) (HETZNER-AS)
3	52.94.220.16 52.94.220.16	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	178.250.0.93 178.250.0.93	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	62.67.193.97 62.67.193.97	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
6	152.195.39.114 152.195.39.114	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
4	172.217.21.225 172.217.21.225	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.14.202 151.101.14.202	54113 (FASTLY) (FASTLY - Fastly)
2 5	138.108.96.100 138.108.96.100	16477 (ACNIELSEN-AS) (ACNIELSEN-AS - ACNIELSEN)
1	54.192.93.164 54.192.93.164	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	18.194.196.182 18.194.196.182	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK - Facebook)
3	151.101.12.175 151.101.12.175	54113 (FASTLY) (FASTLY - Fastly)
1 3	2.19.43.224 2.19.43.224	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.85.184.125 52.85.184.125	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
15	172.217.16.162 172.217.16.162	15169 (GOOGLE) (GOOGLE - Google LLC)
3	104.16.81.165 104.16.81.165	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	52.85.184.168 52.85.184.168	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.23.98.214 23.23.98.214	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE - Google LLC)
3	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.85.184.87 52.85.184.87	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.85.184.44 52.85.184.44	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	62.67.193.96 62.67.193.96	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1	52.35.221.76 52.35.221.76	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.201.97.85 35.201.97.85	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	34.251.108.175 34.251.108.175	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	52.17.218.118 52.17.218.118	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	185.60.216.35 185.60.216.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	23.45.101.180 23.45.101.180	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	62.67.193.43 62.67.193.43	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
2	62.67.193.23 62.67.193.23	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
6	69.172.216.55 69.172.216.55	7415 (ADSAFE-1) (ADSAFE-1 - Integral Ad Science)
4	52.85.184.161 52.85.184.161	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	34.243.69.112 34.243.69.112	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	69.172.216.58 69.172.216.58	7415 (ADSAFE-1) (ADSAFE-1 - Integral Ad Science)
1	52.24.60.121 52.24.60.121	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2.18.232.190 2.18.232.190	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	184.30.208.216 184.30.208.216	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	93.184.221.48 93.184.221.48	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
14	69.172.216.111 69.172.216.111	7415 (ADSAFE-1) (ADSAFE-1 - Integral Ad Science)
1	216.58.207.74 216.58.207.74	15169 (GOOGLE) (GOOGLE - Google LLC)
1	93.184.221.189 93.184.221.189	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	172.217.21.240 172.217.21.240	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.19.198 172.217.19.198	15169 (GOOGLE) (GOOGLE - Google LLC)
4	54.195.243.213 54.195.243.213	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.0.142.205 52.0.142.205	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	34.243.136.23 34.243.136.23	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	52.42.26.208 52.42.26.208	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
207	63

6 151.101.2.166 (San Francisco, United States) 1 redirects

ASN54113 (FASTLY - Fastly, US)

gizmodo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f.kinja-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 151.101.66.166 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

gizmodo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.kinja-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kinja.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.kinja-img.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.234.21 (European Union) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.58.207.78 (Mountain View, United States) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.188.213 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-188-213.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.150.25 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-154-150-25.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.180.84.2 (United States)

ASN33047 (INSTART - Instart Logic, Inc, US)

cdn.digitru.st	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.226 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.67.129.200 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-200.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.74 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: static.criteo.net

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.30.2 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.50 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.97.170 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-97-170.deploy.static.akamaitechnologies.com

scdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.214.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s10-in-f66.1e100.net

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.21.226 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.233.166.156 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: wm-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.63.12.208 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: de716.cxense.com

scomcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.94.220.16 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.93 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 62.67.193.97 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
optimized-by.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 152.195.39.114 (Ashburn, United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.21.225 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f225.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.202 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.108.96.100 (Schaumburg, United States) 2 redirects

ASN16477 (ACNIELSEN-AS - ACNIELSEN, US)

secure-dcr.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-us.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.93.164 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-93-164.fra2.r.cloudfront.net

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.196.182 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-196-182.eu-central-1.compute.amazonaws.com

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.60.216.19 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.12.175 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.19.43.224 (European Union) 1 redirects

ASN20940 (AKAMAI-ASN1, US)

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.184.125 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-184-125.fra2.r.cloudfront.net

tag.mtrcs.samba.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
content.jwplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.235.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.217.16.162 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f162.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.81.165 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.184.168 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-184-168.fra2.r.cloudfront.net

sdk.vmh.univision.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.98.214 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-23-23-98-214.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.91.160 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.184.87 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-184-87.fra2.r.cloudfront.net

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.184.44 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-184-44.fra2.r.cloudfront.net

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.67.193.96 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

optimized-by.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.35.221.76 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-35-221-76.us-west-2.compute.amazonaws.com

pixel.mtrcs.samba.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.97.85 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 85.97.201.35.bc.googleusercontent.com

kinja-debug.firebaseio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.251.108.175 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-251-108-175.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.218.118 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-218-118.eu-west-1.compute.amazonaws.com

x.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.60.216.35 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.101.180 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-101-180.deploy.static.akamaitechnologies.com

cdn4.uvnimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.67.193.43 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.67.193.23 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.172.216.55 (New York, United States)

ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US)

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.85.184.161 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-184-161.fra2.r.cloudfront.net

api.vmh.univision.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.243.69.112 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-243-69-112.eu-west-1.compute.amazonaws.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.172.216.58 (New York, United States)

ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.24.60.121 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-24-60-121.us-west-2.compute.amazonaws.com

pixel.mtrcs.samba.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.232.190 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

79423.analytics.edgekey.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ma1196-r.analytics.edgekey.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.208.216 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-30-208-216.deploy.static.akamaitechnologies.com

auth.univision.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 93.184.221.48 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

ssl.p.jwpcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 69.172.216.111 (New York, United States)

ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.74 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f10.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.189 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

entitlements.jwplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.240 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f16.1e100.net

vmscdn-download.storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.19.198 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ams16s31-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.195.243.213 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-195-243-213.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.0.142.205 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-0-142-205.compute-1.amazonaws.com

jwpltx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.243.136.23 (United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-243-136-23.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.42.26.208 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-42-26-208.us-west-2.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	192 KB
19	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	279 KB
16	kinja-static.com x.kinja-static.com f.kinja-static.com	982 KB
13	rubiconproject.com ads.rubiconproject.com fastlane.rubiconproject.com optimized-by.rubiconproject.com beacon-eu2.rubiconproject.com	48 KB
12	doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net pubads.g.doubleclick.net	81 KB
12	kinja-img.com i.kinja-img.com	207 KB
8	skimresources.com 1 redirects s.skimresources.com r.skimresources.com p.skimresources.com x.skimresources.com t.skimresources.com	16 KB
7	facebook.com www.facebook.com	1 KB
7	univision.com sdk.vmh.univision.com api.vmh.univision.com auth.univision.com	318 KB
7	krxd.net cdn.krxd.net beacon.krxd.net	87 KB
7	imrworldwide.com 2 redirects secure-dcr.imrworldwide.com secure-us.imrworldwide.com cdn-gl.imrworldwide.com	48 KB
7	gizmodo.com 1 redirects gizmodo.com	117 KB
6	advertising.com adserver-us.adtech.advertising.com	682 B
6	casalemedia.com 1 redirects dsum-sec.casalemedia.com as-sec.casalemedia.com	4 KB
5	google.nl adservice.google.nl ampcid.google.nl	1 KB
5	google.com ampcid.google.com adservice.google.com	1 KB
4	jwpcdn.com ssl.p.jwpcdn.com	111 KB
4	amazon-adsystem.com c.amazon-adsystem.com aax.amazon-adsystem.com	14 KB
4	google-analytics.com 3 redirects www.google-analytics.com	15 KB
3	edgekey.net 79423.analytics.edgekey.net ma1196-r.analytics.edgekey.net	147 KB
3	lightboxcdn.com www.lightboxcdn.com	121 KB
3	moatads.com z.moatads.com	237 KB
3	samba.tv tag.mtrcs.samba.tv pixel.mtrcs.samba.tv	5 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	facebook.net connect.facebook.net	39 KB
2	agkn.com 2 redirects aa.agkn.com d.agkn.com	1 KB
2	googleapis.com imasdk.googleapis.com vmscdn-download.storage.googleapis.com	498 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	5 KB
2	criteo.com bidder.criteo.com	408 B
2	cxense.com scdn.cxense.com scomcluster.cxense.com	22 KB
2	kinja.com kinja.com	1 KB
1	jwpltx.com jwpltx.com	109 B
1	2mdn.net s0.2mdn.net	11 KB
1	jwplayer.com entitlements.jwplayer.com	210 B
1	jwplatform.com content.jwplatform.com	26 KB
1	uvnimg.com cdn4.uvnimg.com	10 KB
1	firebaseio.com kinja-debug.firebaseio.com	341 B
1	quantcount.com rules.quantcount.com	1 KB
1	chartbeat.net ping.chartbeat.net	213 B
1	chartbeat.com static.chartbeat.com	14 KB
1	npttech.com www.npttech.com	3 KB
1	tinypass.com cdn.tinypass.com	103 KB
1	criteo.net static.criteo.net	20 KB
1	googletagservices.com www.googletagservices.com	6 KB
1	digitru.st cdn.digitru.st	6 KB
1	adsrvr.org 1 redirects insight.adsrvr.org	532 B
1	indexww.com js-sec.indexww.com	30 KB
207	48

	Domain	Requested by
15	pagead2.googlesyndication.com	securepubads.g.doubleclick.net optimized-by.rubiconproject.com pagead2.googlesyndication.com gizmodo.com
14	dt.adsafeprotected.com	gizmodo.com
12	i.kinja-img.com	gizmodo.com
12	x.kinja-static.com	gizmodo.com www.google-analytics.com
7	www.facebook.com	gizmodo.com
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net gizmodo.com
7	gizmodo.com	1 redirects x.kinja-static.com
6	pixel.adsafeprotected.com	gizmodo.com
6	adserver-us.adtech.advertising.com	js-sec.indexww.com
4	beacon.krxd.net	cdn.krxd.net
4	ssl.p.jwpcdn.com	gizmodo.com
4	static.adsafeprotected.com	pixel.adsafeprotected.com gizmodo.com
4	api.vmh.univision.com	cdn4.uvnimg.com gizmodo.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net
4	as-sec.casalemedia.com	js-sec.indexww.com
4	adservice.google.com	www.googletagservices.com pagead2.googlesyndication.com
4	adservice.google.nl	www.googletagservices.com pagead2.googlesyndication.com
4	ads.rubiconproject.com	gizmodo.com securepubads.g.doubleclick.net
4	f.kinja-static.com	gizmodo.com
4	www.google-analytics.com	3 redirects gizmodo.com
3	beacon-eu2.rubiconproject.com	gizmodo.com
3	optimized-by.rubiconproject.com	ads.rubiconproject.com
3	p.skimresources.com	gizmodo.com
3	www.lightboxcdn.com	gizmodo.com www.lightboxcdn.com
3	z.moatads.com	securepubads.g.doubleclick.net
3	sb.scorecardresearch.com	1 redirects x.kinja-static.com gizmodo.com
3	cdn.krxd.net	x.kinja-static.com cdn.krxd.net
3	connect.facebook.net	x.kinja-static.com connect.facebook.net
3	secure-dcr.imrworldwide.com	1 redirects x.kinja-static.com
3	fastlane.rubiconproject.com	ads.rubiconproject.com
3	aax.amazon-adsystem.com	c.amazon-adsystem.com
3	stats.g.doubleclick.net	gizmodo.com
2	ma1196-r.analytics.edgekey.net	gizmodo.com
2	t.skimresources.com	s.skimresources.com
2	sync.crwdcntrl.net	2 redirects
2	pixel.mtrcs.samba.tv	tag.mtrcs.samba.tv gizmodo.com
2	cdn-gl.imrworldwide.com	secure-dcr.imrworldwide.com cdn-gl.imrworldwide.com
2	sdk.vmh.univision.com	x.kinja-static.com
2	pubads.g.doubleclick.net	gizmodo.com
2	secure-us.imrworldwide.com	1 redirects gizmodo.com
2	bidder.criteo.com	static.criteo.net
2	dsum-sec.casalemedia.com	1 redirects gizmodo.com
2	kinja.com	gizmodo.com x.kinja-static.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	jwpltx.com
1	s0.2mdn.net	imasdk.googleapis.com
1	vmscdn-download.storage.googleapis.com	www.google-analytics.com
1	entitlements.jwplayer.com	gizmodo.com
1	imasdk.googleapis.com	gizmodo.com
1	auth.univision.com	cdn4.uvnimg.com
1	79423.analytics.edgekey.net	cdn4.uvnimg.com
1	content.jwplatform.com	cdn4.uvnimg.com
1	cdn4.uvnimg.com	sdk.vmh.univision.com
1	pixel.quantserve.com	gizmodo.com
1	x.skimresources.com	1 redirects
1	kinja-debug.firebaseio.com	gizmodo.com
1	rules.quantcount.com	secure.quantserve.com
1	r.skimresources.com	s.skimresources.com
1	ping.chartbeat.net	gizmodo.com
1	tag.mtrcs.samba.tv	x.kinja-static.com
1	secure.quantserve.com	x.kinja-static.com
1	static.chartbeat.com	x.kinja-static.com
1	s.skimresources.com	x.kinja-static.com
1	scomcluster.cxense.com	gizmodo.com
1	ampcid.google.nl	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	scdn.cxense.com	gizmodo.com
1	www.npttech.com	gizmodo.com
1	cdn.tinypass.com	gizmodo.com
1	static.criteo.net	js-sec.indexww.com
1	www.googletagservices.com	gizmodo.com
1	cdn.digitru.st	gizmodo.com
1	insight.adsrvr.org	1 redirects
1	c.amazon-adsystem.com	gizmodo.com
1	js-sec.indexww.com	gizmodo.com
207	76

This site contains links to these domains. Also see Links.

Domain
avclub.com
deadspin.com
earther.com
jalopnik.com
jezebel.com
kotaku.com
lifehacker.com
splinternews.com
thetakeout.com
theroot.com
theonion.com
clickhole.com
sploid.gizmodo.com
paleofuture.gizmodo.com
io9.gizmodo.com
fieldguide.gizmodo.com
kinja.com
www.apnews.com
asert.arbornetworks.com
www.darkreading.com
www.blackhat.com
www.jigsawsecurityenterprise.com
blog.talosintelligence.com
www.cyber.nj.gov
threatreconblog.com
www.bloomberg.com
www.axios.com
twitter.com
facebook.com
instagram.com
www.youtube.com
kinja.desk.com
legal.kinja.com
thefmg.com
deals.kinja.com

Subject Issuer	Validity	Valid
univision.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-04-24` - `2018-08-11`	4 months	crt.sh

This page contains 14 frames:

Primary Page: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Frame ID: F24C685AEA3CF73DFC12FEAEF64AC367
Requests: 160 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/12156.js
Frame ID: F59FB92B2775BB4C9F3E186948288DDB
Requests: 13 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/12156.js
Frame ID: 64C95FD7905C9E3FCDBBA25ADFDB9FC1
Requests: 13 HTTP requests in this frame

Frame: data://truncated
Frame ID: A9B3308ABBEE39829E9021BA55EAF063
Requests: 1 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/lightbox.js?mb=1525350035595&lv=1
Frame ID: F005E87EAB148DB7165EBE56E5B48711
Requests: 2 HTTP requests in this frame

Frame: https://p.skimresources.com/?provider_id=53542b75f732ad522da65cc79328fb36&skim_mapping=true
Frame ID: 3DCECD8063F70B9E4038730A79F0D06A
Requests: 1 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/12156.js
Frame ID: 8FF90F59F0BA424D849298986988D0D7
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js
Frame ID: 267CF4AD7F6332AE68E3A0F38E4BCA8
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=927245&campId=728x90&pubId=62611778&chanId=6500258&placementId=196859858&pubCreative=59785319978&pubOrder=229228658&cb=919039810&adsafe_par&impId=&custom=top
Frame ID: 70361BAFA1D87646AC1D2E6349424879
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1599714252&adsafe_par&impId=&custom=left_top
Frame ID: 3D3B1FC67B1A66641002C8BD2B6BD6A4
Requests: 2 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1389353239&adsafe_par&impId=&custom=left
Frame ID: 1C448069955B91A3D174AD1D035EB1F1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js
Frame ID: BCCEB55BF25281755D8E9FAE538A6D4C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js
Frame ID: D27E6F8AA66281B84AB72612C606B75
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.72.js
Frame ID: 3D5C360D6BC9B4FB960A543CC551A120
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243 HTTP 301
https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243 Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^Backbone$/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^React$/i

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^_sf_(?:endpt|async_config)$/i

Criteo (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^criteo/i

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
script /2mdn\.net/i
env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^googletag$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Modernizr$/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^quantserve$/i

Zepto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Zepto$/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^_?COMSCORE$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

webpack (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^webpackJsonp$/i

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Backbone$/i

Page Statistics

207
Requests

3 %
HTTPS

0 %
IPv6

48
Domains

76
Subdomains

63
IPs

7
Countries

3829 kB
Transfer

10818 kB
Size

61
Cookies

43 Outgoing links

These are links going to different origins than the main page.

URL: https://avclub.com/
Title: The A.V. Club

Search URL Search Domain Scan URL

URL: https://deadspin.com/
Title: Deadspin

Search URL Search Domain Scan URL

URL: https://earther.com/
Title: Earther

Search URL Search Domain Scan URL

URL: https://jalopnik.com/
Title: Jalopnik

Search URL Search Domain Scan URL

URL: https://jezebel.com/
Title: Jezebel

Search URL Search Domain Scan URL

URL: https://kotaku.com/
Title: Kotaku

Search URL Search Domain Scan URL

URL: https://lifehacker.com/
Title: Lifehacker

Search URL Search Domain Scan URL

URL: https://splinternews.com/
Title: Splinter

Search URL Search Domain Scan URL

URL: https://thetakeout.com/
Title: The Takeout

Search URL Search Domain Scan URL

URL: https://theroot.com/
Title: The Root

Search URL Search Domain Scan URL

URL: https://theonion.com/
Title: The Onion

Search URL Search Domain Scan URL

URL: https://clickhole.com/
Title: Clickhole

Search URL Search Domain Scan URL

URL: https://sploid.gizmodo.com/
Title: Sploid

Search URL Search Domain Scan URL

URL: https://paleofuture.gizmodo.com/
Title: Paleofuture

Search URL Search Domain Scan URL

URL: https://io9.gizmodo.com/
Title: io9

Search URL Search Domain Scan URL

URL: https://fieldguide.gizmodo.com/
Title: Field Guide

Search URL Search Domain Scan URL

URL: https://kinja.com/tommckay

Search URL Search Domain Scan URL

URL: https://www.apnews.com/dea73efc01594839957c3c9a6c962b8a
Title: alleged Democratic National Committee hackers

Search URL Search Domain Scan URL

URL: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Title: new report

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/attacks-breaches/lojack-attack-finds-false-c2-servers/d/d-id/1331691
Title: Dark Reading

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-14/materials/us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf
Title: detailed knowledge

Search URL Search Domain Scan URL

URL: https://www.jigsawsecurityenterprise.com/single-post/2017/11/01/Malicious-Documents-Targeting-Security-Professionals
Title: include a malicious macro

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Title: a tool

Search URL Search Domain Scan URL

URL: https://www.cyber.nj.gov/threat-profiles/trojan-variants/seduploader
Title: often used

Search URL Search Domain Scan URL

URL: https://threatreconblog.com/2017/02/03/apt28-malicious-document/
Title: similarly modified

Search URL Search Domain Scan URL

URL: https://www.bloomberg.com/view/articles/2017-01-02/u-s-intelligence-got-the-wrong-cyber-bear
Title: has pointed out

Search URL Search Domain Scan URL

URL: https://www.axios.com/fancy-bear-attacks-1525207185-6b3d96dc-7b56-443c-9078-ad4e0c267a6e.html
Title: Fancy Bear is hiding in your laptop’s Lojack

Search URL Search Domain Scan URL

URL: https://twitter.com/thetomzone
Title: Twitter

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer.php?u=http%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%3Futm_medium%3Dsharefromsite%26utm_source%3DGizmodo_facebook
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&via=gizmodo&url=http%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%3Futm_medium%3Dsharefromsite%26utm_source%3DGizmodo_twitter
Title: Tweet

Search URL Search Domain Scan URL

URL: https://facebook.com/gizmodo

Search URL Search Domain Scan URL

URL: https://twitter.com/gizmodo

Search URL Search Domain Scan URL

URL: https://instagram.com/gizmodo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCxFmw3IUMDUC1Hh7qDjtjZQ

Search URL Search Domain Scan URL

URL: https://kinja.desk.com/
Title: Need Help?

Search URL Search Domain Scan URL

URL: http://legal.kinja.com/content-guidelines-90185358
Title: Content Guide

Search URL Search Domain Scan URL

URL: http://legal.kinja.com/privacy-policy-90190742
Title: Privacy

Search URL Search Domain Scan URL

URL: http://legal.kinja.com/kinja-terms-of-use-1793094100
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://thefmg.com/
Title: Advertising

Search URL Search Domain Scan URL

URL: http://clickhole.com/

Search URL Search Domain Scan URL

URL: http://theonion.com/

Search URL Search Domain Scan URL

URL: http://thetakeout.com/

Search URL Search Domain Scan URL

URL: https://deals.kinja.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243 HTTP 301
https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://insight.adsrvr.org/track/evnt/?adv=5zq9nmk&ct=0:ngtk7da&fmt=3 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03&expiration=1527942034 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03&expiration=1527942034&C=1

Request Chain 41

https://www.google-analytics.com/r/collect?v=1&_v=j67&a=101597222&t=pageview&_s=1&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ul=en-us&de=UTF-8&dt=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&exp=GI_eTFcvSSunxQBiamunzg.1&_u=aGDACEABFAQC~&jid=1309619436&gjid=710747203&cid=1601658218.1525350034&tid=UA-142218-3&_gid=1095497776.1525350034&_r=1&cd42=none&cd43=none&cd48=none&cd50=other&cd51=none&cd52=none&cd53=none&cd58=i%3A631378565.1525350034&cd60=none&cd70=1825706243&cd75=Logged%20out&cd76=none&cd78=standard&cd80=2018-05-02&cd82=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&cd83=article&cd94=nefariousrussiandoingsorsomethingelsenotsure&cd97=654&cd99=Tom%20McKay&cd101=gizmodo&cd103=nefariousrussiandoingsorsomethingelsenotsure%2Ccybersecurity%2Cfancybear%2Chackers%2Chacking%2Clojack&cd105=Gizmodo&cd108=off&cd109=website&cd110=1024%2B&cd111=0&cd115=600%20-%20800&cd117=Privacy%20and%20Security&cd123=scroll&cd124=not%20truncated&cd126=off&cd130=none&z=1240090379 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-3&cid=1601658218.1525350034&jid=1309619436&_gid=1095497776.1525350034&gjid=710747203&_v=j67&z=1240090379

Request Chain 42

https://www.google-analytics.com/r/collect?v=1&_v=j67&a=101597222&t=pageview&_s=1&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ul=en-us&de=UTF-8&dt=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&exp=GI_eTFcvSSunxQBiamunzg.1&_u=aGDACEABFAQC~&jid=1528711589&gjid=1554590147&cid=1601658218.1525350034&tid=UA-142218-33&_gid=1095497776.1525350034&_r=1&cd42=none&cd43=none&cd48=none&cd50=other&cd51=none&cd52=none&cd53=none&cd58=i%3A631378565.1525350034&cd60=none&cd70=1825706243&cd75=Logged%20out&cd76=none&cd78=standard&cd80=2018-05-02&cd82=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&cd83=article&cd94=nefariousrussiandoingsorsomethingelsenotsure&cd97=654&cd99=Tom%20McKay&cd101=gizmodo&cd103=nefariousrussiandoingsorsomethingelsenotsure%2Ccybersecurity%2Cfancybear%2Chackers%2Chacking%2Clojack&cd105=Gizmodo&cd108=off&cd109=website&cd110=1024%2B&cd111=0&cd115=600%20-%20800&cd117=Privacy%20and%20Security&cd123=scroll&cd124=not%20truncated&cd126=off&cd130=none&z=1478927815 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=1528711589&_gid=1095497776.1525350034&gjid=1554590147&_v=j67&z=1478927815

Request Chain 74

https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-803450h&cg=0&cc=1&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rp=&ts=compact&rnd=1525350034957 HTTP 302
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-803450h&cg=0&cc=1&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rp=&ts=compact&rnd=1525350034957&ja=1

Request Chain 101

https://sb.scorecardresearch.com/b?c1=2&c2=6770184&ns__t=1525350035645&ns_c=UTF-8&cv=3.1e&c8=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&c7=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1525350035645&ns_c=UTF-8&cv=3.1e&c8=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&c7=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c9=

Request Chain 114

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=53542b75f732ad522da65cc79328fb36 HTTP 302
https://p.skimresources.com/?provider_id=53542b75f732ad522da65cc79328fb36&skim_mapping=true

Request Chain 122

https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PA5FFACD2-70A6-4C92-AD68-63C1B970EF36&sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&C16=sdkv,bj.6.0.0&retry=0 HTTP 302
https://www.facebook.com/brandlift.php?sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&media_type=dcr&advertiser_id=NA

Request Chain 190

https://www.google-analytics.com/r/collect?v=1&_v=j67&a=101597222&t=event&ni=1&_s=1&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ul=en-us&de=UTF-8&dt=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Video&ea=Video%20Load&el=mcp-3512357&exp=GI_eTFcvSSunxQBiamunzg.1&_u=aGDACEABFAQC~&jid=949655478&gjid=2141631661&cid=1601658218.1525350034&tid=UA-142218-33&_gid=1095497776.1525350034&_r=1&cd42=3512357&cd50=JWP%208.2.4&cd83=article&cd101=gizmodo&cd105=Gizmodo&cd16=article&cd41=clip&cd44=76-80&cd45=Watch%20This%3A%20Sister%20Margaret%27s%20School%20for%20Wayward%20Girls%20Brings%20Deadpool%20%26%20Drinks%20to%20NYC&cd62=none&cd63=gizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&cd65=0&cd120=gizmodo&cd121=outstream&cd122=none&cd129=MCP&z=787086670 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=949655478&_gid=1095497776.1525350034&gjid=2141631661&_v=j67&z=787086670

Request Chain 201

https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e HTTP 302
https://d.agkn.com/pixel/5500/?age=&gender=&st=&sk=&pd=&cbr=&mip=&dm=&py=&l0=https://beacon.krxd.net/data.gif?_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e&_kua_seg=000&_kua_zip=&_kua_age=&_kua_gender=&_k_adadvisor_key= HTTP 302
https://beacon.krxd.net/data.gif?_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e&_kua_seg=000&_kua_zip=&_kua_age=&_kua_gender=&_k_adadvisor_key=

207 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request researchers-find-mysterious-russia-linked-malware-that-1825706243 Show response
gizmodo.com/
Redirect Chain

http://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

663 KB
113 KB

25ms
6ms

Document
text/html

151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

107c92665d84078f1286590e8cc60e47b5d9d4f2ec449ba18784b829cab75b2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /researchers-find-mysterious-russia-linked-malware-that-1825706243
pragma: no-cache
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control: no-cache
:authority: gizmodo.com
cookie: geocc=DE
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
x-kinja-build: 2929
x-kinja-revision: 22a6af722fda9cc912e993f08b10607303b0b0f4
content-security-policy-report-only: default-src https: 'unsafe-inline' 'self'; media-src https: blob:; worker-src https: blob:; img-src data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; block-all-mixed-content; report-uri https://kinja-debug.firebaseio.com/csp.json
x-cache: MISS, MISS, HIT
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
status: 200
x-kinja: kinja-mantle-kube03-54120415-3j3q4 #2929
x-cdn-fetch: mantle-default
content-length: 114770
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8135-JFK, cache-hhn1521-HHN
x-feature: remove_cx_api=on
x-timer: S1525350034.999586,VS0,VE1
vary: Accept-Encoding, X-Feature-Hash, X-Forwarded-Proto, X-Geo-Segment
content-type: text/html; charset=utf-8
via: 1.1 varnish 1.1 varnish
cache-control: stale-if-error=86400, stale-while-revalidate=300
x-geo-segment: B
set-cookie: geocc=DE;path=/;
accept-ranges: bytes
x-kinja-server: kinja-mantle-kube03-54120415-3j3q4
x-cache-hits: 0, 1

Redirect headers

Date: Thu, 03 May 2018 12:20:33 GMT
Via: 1.1 varnish 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Kinja-Build: 2929
X-Kinja-Server: kinja-mantle-kube02-1046009411-rrq8v
X-Cache: MISS, MISS, MISS
X-Kinja: kinja-mantle-kube02-1046009411-rrq8v #2929
Connection: keep-alive
x-cdn-fetch: mantle-default
Content-Length: 0
X-XSS-Protection: 1; mode=block
X-Served-By: cache-jfk8136-JFK, cache-hhn1536-HHN
X-Geo-Segment: B
Vary: Accept-Encoding, X-Feature-Hash, X-Forwarded-Proto, X-Geo-Segment
Location: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Cache-Control: stale-if-error=86400, stale-while-revalidate=300
Set-Cookie: geocc=DE;path=/;
Accept-Ranges: bytes
X-Timer: S1525350033.474783,VS0,VE500
X-Kinja-Revision: 22a6af722fda9cc912e993f08b10607303b0b0f4
X-Cache-Hits: 0, 0

GET
H/1.1 200
OK 183957-12515575323306.js Show response
js-sec.indexww.com/ht/p/ 99 KB
30 KB 22ms
5ms Script
text/javascript 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 6fd6abee896c1d2a13662d19177e6368792f3620353e3e506f55a7b333fb6533

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 May 2018 12:10:44 GMT
Server: Apache
ETag: "da309d-18bf9-56b4c17c49d01"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3071
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 29837
Expires: Thu, 03 May 2018 13:11:45 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 6ms
5ms Script
text/javascript 216.58.207.78
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

216.58.207.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 Apr 2018 18:13:11 GMT
server: Golfe2
age: 5863
date: Thu, 03 May 2018 10:42:51 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 14353
expires: Thu, 03 May 2018 12:42:51 GMT

GET
H/1.1 200
OK apstag.js Show response
c.amazon-adsystem.com/aax2/ 44 KB
13 KB 44ms
31ms Script
application/javascript 52.85.188.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 52.85.188.213 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-188-213.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 182dbe17e9b8a4666a3625fee302aded0186d7fd74d0d209c7e871ffd328b734

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Wed, 02 May 2018 20:10:59 GMT
Content-Encoding: gzip
Server: Server
Age: 58174
ETag: 602208cbba73bcf156046815f9b16029
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 f9448dbaac49aad821506cba2852f911.cloudfront.net (CloudFront)
Cache-Control: public, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: y5GJEqa-ffAF4tSTzPbNKemXPcAdUX_DMfhUSW5eFw4CUPTa_U_8SA==

GET
S 200 blog-dc8716d0cfff7b8bbe68f4cc453c3a25.css
x.kinja-static.com/assets/stylesheets/ 297 KB
47 KB 8ms
6ms Stylesheet
text/css 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/stylesheets/blog-dc8716d0cfff7b8bbe68f4cc453c3a25.css

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d52f6446f7a356e62e7bc76704d2fac0a47c55cc91f48d793ee330dc74f4d00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25
x-cache: HIT
status: 200
content-length: 48187
x-amz-id-2: ODnyWpWLxQwyF8LOoLfMAM9hBTJREigM1yK7V7pMPJT+iLPG4ouWwAc8bs/0uJKH3KUuupu2Gmo=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Tue, 01 May 2018 21:16:55 GMT
server: AmazonS3
x-timer: S1525350034.025781,VS0,VE0
etag: "dc8716d0cfff7b8bbe68f4cc453c3a25"
vary: Accept-Encoding
x-amz-request-id: E6EEB96D4B7C10D2
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: text/css
x-cache-hits: 2

GET
S 200 insets-d3ad599d95be2b97b205409e0948aa8c.css
x.kinja-static.com/assets/stylesheets/ 11 KB
2 KB 13ms
11ms Stylesheet
text/css 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/stylesheets/insets-d3ad599d95be2b97b205409e0948aa8c.css

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

97c36bd8da51b8644fd0c36f77a5979c8211c06c5d46c3fbf321685881077c5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
x-cache: HIT
status: 200
content-length: 1629
x-amz-id-2: GLgFUkqnGTTOkqGQhIeNvGCoUtx3Kt8EOz+h4AithBKyQXogAmR4N+OKY/rEx0Q/r4c9k1TxsJo=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Fri, 27 Apr 2018 13:57:19 GMT
server: AmazonS3
x-timer: S1525350034.025791,VS0,VE0
etag: "d3ad599d95be2b97b205409e0948aa8c"
vary: Accept-Encoding
x-amz-request-id: 6A2AADFB9CAF96F4
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: text/css
x-cache-hits: 3

GET
S 200 accountwithtoken Show response
kinja.com/api/profile/ 197 B
786 B 95ms
93ms Script
text/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://kinja.com/api/profile/accountwithtoken?jsonp=_fasttoken&newFollows=true

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

deb92c913d71236b2858e4300db9d6a4621990eb5b37df700b9fc2748e17be66

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
age: 0
x-cache: MISS, MISS, MISS
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
status: 200
x-cdn-fetch: mantle-setcookie
content-length: 193
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8144-JFK, cache-hhn1521-HHN
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1525350034.044103,VS0,VE88
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:34 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache, no-store, private
x-geo-segment: B
accept-ranges: bytes, bytes, bytes
x-cache-hits: 0, 0

GET
S 200 kj1ngvvppb5076hmtoic.jpg
i.kinja-img.com/gawker-media/image/upload/s--uv9g6j-g--/c_fill,f_auto,fl_progressive,g_center,h_80,q_80,w_80/ 5 KB
5 KB 8ms
6ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--uv9g6j-g--/c_fill,f_auto,fl_progressive,g_center,h_80,q_80,w_80/kj1ngvvppb5076hmtoic.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

85e94f159c66113652b89039b3365e44228249d38d2d093fe2ea4ccfb9472078

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 148797
edge-cache-tag: 429468575498938781067121269940512012335,459964070155708088631028234589179437065,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="kj1ngvvppb5076hmtoic.webp"
content-length: 4718
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Tue, 01 May 2018 18:58:38 GMT
server: kinja
x-timer: S1525350034.044124,VS0,VE0
etag: "ffd1f39015fe6f4859afa0c3ca34cb47"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 2

GET
S 200 d1c5sopl9dlsix88r9xn.jpg
i.kinja-img.com/gawker-media/image/upload/s--S6nQMtEz--/c_scale,f_auto,fl_progressive,q_80,w_800/ 41 KB
41 KB 7ms
6ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--S6nQMtEz--/c_scale,f_auto,fl_progressive,q_80,w_800/d1c5sopl9dlsix88r9xn.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

416eefc3d00286cfd0507a0b74f2df7dc72ef991086589f4954f98fb85d4d0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 81877
edge-cache-tag: 323022578379470042523243180940351318330,245327155580432878289714243680681350917,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="d1c5sopl9dlsix88r9xn.webp"
content-length: 41844
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 06:02:25 GMT
server: kinja
x-timer: S1525350034.045071,VS0,VE1
etag: "5b44ce19e5a37d844d039c331a5465c2"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 aclfbjaj0bsjknzxba1m.jpg
i.kinja-img.com/gawker-media/image/upload/s--kEFtkbNr--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/ 24 KB
25 KB 13ms
13ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--kEFtkbNr--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/aclfbjaj0bsjknzxba1m.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

5135d16d46efb61f5ef80af7e7936147829e3c072f31e136994ef1c3ad7c83c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 85899
edge-cache-tag: 385433467829636468459571594559038347203,451924316491425164131034351513909104720,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="aclfbjaj0bsjknzxba1m.webp"
content-length: 25006
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 06:00:13 GMT
server: kinja
x-timer: S1525350034.045417,VS0,VE1
etag: "7308ce5e44d435cc9c95349cd9eb7dbb"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 nhsda6vztvwbszpoebaz.jpg
i.kinja-img.com/gawker-media/image/upload/s--5zB-m-SZ--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/ 8 KB
8 KB 15ms
14ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--5zB-m-SZ--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/nhsda6vztvwbszpoebaz.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

4b3ba19fae3d133581e461ec6c9fe23e05600441dac4655b81764674cd835e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 85899
edge-cache-tag: 348865051179900477325045607653235605345,451924316491425164131034351513909104720,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="nhsda6vztvwbszpoebaz.webp"
content-length: 8342
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 06:00:16 GMT
server: kinja
x-timer: S1525350034.045450,VS0,VE1
etag: "bbbedcd78103724cd93b0422c0cd9e03"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 arbn6gtdqsxjrh4i0xjf.jpg
i.kinja-img.com/gawker-media/image/upload/s--sFaXoVnP--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/ 7 KB
7 KB 11ms
11ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--sFaXoVnP--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/arbn6gtdqsxjrh4i0xjf.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

ab7511d243469359febdc3499a03d7b0fe9581a12d91500e5004df733606689e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 85899
edge-cache-tag: 446351682705308072855318082621519391661,451924316491425164131034351513909104720,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="arbn6gtdqsxjrh4i0xjf.webp"
content-length: 7236
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 06:00:20 GMT
server: kinja
x-timer: S1525350034.045545,VS0,VE0
etag: "e7188222be30284a469492c769832315"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 239

GET
S 200 vuzyvrnsjo9b67gr3tls.jpg
i.kinja-img.com/gawker-media/image/upload/s--PGD1zqFU--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/ 25 KB
26 KB 16ms
16ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--PGD1zqFU--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/vuzyvrnsjo9b67gr3tls.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

f1b3f799d2f851a41e5d0a5f35b4c383423b5b280b9a4e89ec1646c16cb00a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 81565
edge-cache-tag: 252784207645995624107419537360398552757,451924316491425164131034351513909104720,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="vuzyvrnsjo9b67gr3tls.webp"
content-length: 26006
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 06:00:30 GMT
server: kinja
x-timer: S1525350034.045587,VS0,VE1
etag: "6daebd5e5acd90f558935961d39faf68"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 zrel9pnjfofajjoobv0u.jpg
i.kinja-img.com/gawker-media/image/upload/s--HSaF4aMF--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/ 17 KB
18 KB 15ms
15ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--HSaF4aMF--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/zrel9pnjfofajjoobv0u.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

f4714639ca6d3e61851b2500c1adc152888679acb0b9790df65b2bbb77e657b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 146766
edge-cache-tag: 518346367305321387495199664282276914962,451924316491425164131034351513909104720,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="zrel9pnjfofajjoobv0u.webp"
content-length: 17760
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Tue, 01 May 2018 19:08:05 GMT
server: kinja
x-timer: S1525350034.050576,VS0,VE0
etag: "12bd5a46c16bbf0e57b223c8d04cef93"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 fungpdv06hxvme58hfxv.jpg
i.kinja-img.com/gawker-media/image/upload/s--d9SoBmQs--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/ 28 KB
28 KB 10ms
10ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--d9SoBmQs--/c_fill,f_auto,fl_progressive,g_north,h_264,q_80,w_470/fungpdv06hxvme58hfxv.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

cdaba277f11909a02e5dbb8f1aa7b25b25aa84c08efe590b9c75c47fe486f097

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 148148
edge-cache-tag: 324624021830681325375323850026850507587,451924316491425164131034351513909104720,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="fungpdv06hxvme58hfxv.webp"
content-length: 28242
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Tue, 01 May 2018 19:01:28 GMT
server: kinja
x-timer: S1525350034.056848,VS0,VE1
etag: "657b05140f25d8c7243fe5e9e728cf00"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 kj1ngvvppb5076hmtoic.jpg
i.kinja-img.com/gawker-media/image/upload/s--e9apKBpK--/c_fill,f_auto,fl_progressive,g_center,h_200,q_80,w_200/ 8 KB
9 KB 9ms
9ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--e9apKBpK--/c_fill,f_auto,fl_progressive,g_center,h_200,q_80,w_200/kj1ngvvppb5076hmtoic.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

f6fcf56d5a42a87621a5cde9f4698aeb4e8d4977080d6e421bb8b8ba2fd36ddf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 148797
edge-cache-tag: 429468575498938781067121269940512012335,515572748103209154759035336811864552388,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="kj1ngvvppb5076hmtoic.webp"
content-length: 8584
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Tue, 01 May 2018 18:58:38 GMT
server: kinja
x-timer: S1525350034.056841,VS0,VE0
etag: "1b855aed870a15da186c5b83a793e50f"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 2

GET
S 200 elizabethserif-light-webfont.woff2
f.kinja-static.com/assets/fonts/elizabeth-serif/ 30 KB
31 KB 26ms
6ms Font
binary/octet-stream 151.101.2.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/elizabeth-serif/elizabethserif-light-webfont.woff2?09162015

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.2.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

99486805226925c8956af4060209f84d8069fae36333d280a88afa276aecdd97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 17
x-cache: HIT
status: 200
access-control-max-age: 2592000
content-length: 31076
x-amz-id-2: R8UFuT9RdpI+CBLevZK2U6WKQ3Ok5A84l6lkKmy3MsrT46ee5B/+29XMLw+liajK0IZoepsGa30=
x-served-by: cache-hhn1539-HHN
last-modified: Thu, 19 Apr 2018 21:32:19 GMT
server: AmazonS3
x-timer: S1525350034.081275,VS0,VE1
etag: "acb4f13c9cdae79df0e584c0a18e6ab3"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-request-id: ECF80535176E5BBC
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
S 200 proxima_nova_cond_reg-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 27 KB
28 KB 36ms
17ms Font
binary/octet-stream 151.101.2.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_reg-webfont.woff2?08252015

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.2.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8fe5f0c4bdaf3e031a6172679193e88d3a24c7deb6e3c7e2b2a477061cc1ad81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 12
x-cache: HIT
status: 200
access-control-max-age: 2592000
content-length: 28044
x-amz-id-2: hW1wdSjbS6mObw5PgAuwtZrlygS5vxOlcfjSeFBFrivWQPWn6d9mW8Ztxs3JLYRwKx5i+oTf3NU=
x-served-by: cache-hhn1539-HHN
last-modified: Mon, 30 Apr 2018 21:36:54 GMT
server: AmazonS3
x-timer: S1525350034.081328,VS0,VE1
etag: "94cbaf403b2922fd6858c812dae091fb"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-request-id: 72527550738CBAE6
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
S 200 proxima_nova_cond_sbold-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 27 KB
28 KB 36ms
16ms Font
binary/octet-stream 151.101.2.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_sbold-webfont.woff2?08252015

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.2.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

63125723c148b0c5391dea8c827d96958a6706a542f8b45822904aaefe10c4ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 17
x-cache: HIT
status: 200
access-control-max-age: 2592000
content-length: 28136
x-amz-id-2: dkFaM/0EcLG9ktg5cO0jB8aQohMh+dSPxsQmUcnSgLfqx6gGcj+pvFghWQJsou17j/TGE/4kQoU=
x-served-by: cache-hhn1539-HHN
last-modified: Mon, 30 Apr 2018 21:36:54 GMT
server: AmazonS3
x-timer: S1525350034.081303,VS0,VE1
etag: "7ac1e4b7ab03f256e831e00e3b5618a6"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-request-id: B53F2D4BE2AE9514
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

GET
S 200 trackers.11173ce7b152c32c4c55.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 122 KB
43 KB 8ms
7ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/trackers.11173ce7b152c32c4c55.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d9833f0fe3d0a740d7b4fdaa0dc88d3d8ea8d7a441ce33a7277138b7fb937d11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42
x-cache: HIT
status: 200
content-length: 43608
x-amz-id-2: JXR3cfnlKzTJ6VxZmledmD+arUeCDHQPtxk1br7cIuuC05XBPQdM3mI4ELnrmPD7fLWdxFCPF74=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Tue, 01 May 2018 15:48:15 GMT
server: AmazonS3
x-timer: S1525350034.063520,VS0,VE0
etag: "0a611ae21b74456ed71b90bba9c70f10"
vary: Accept-Encoding
x-amz-request-id: DF38D4DC6FBC6500
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 3

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=5zq9nmk&ct=0:ngtk7da&fmt=3
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03&expiration=1527942034
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03&expiration=1527942034&C=1

43 B
1 KB

14ms
13ms

Image
image/gif

2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03&expiration=1527942034&C=1
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:34 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 03 May 2018 12:20:34 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:34 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03&expiration=1527942034&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 325
Expires: Thu, 03 May 2018 12:20:34 GMT

GET
S 200 digitrust.min.js Show response
cdn.digitru.st/prod/1/ 19 KB
6 KB 26ms
7ms Script
application/javascript 159.180.84.2
Instart Logic

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.digitru.st/prod/1/digitrust.min.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 159.180.84.2 , United States, ASN33047 (INSTART - Instart Logic, Inc, US),
Reverse DNS
Software: DTOrigin /
Resource Hash: 1e933dcfbb485b7725ef0f4ef7afe15790c4c253ccec763b7d24d1c3ea0f6b0d

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 11:19:44 GMT
content-encoding: gzip
age: 3650
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
x-instart-cache-id: 39:400404630263705673::1525346383
content-length: 6133
last-modified: Wed, 25 Apr 2018 19:08:11 GMT
server: DTOrigin
etag: "d623bf43de8f12472a7cd6352faf055d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-instart-request-id: 5847511167805049316:SEN01-CPVNPPRY11:1525350034:0
accept-ranges: bytes
expires: Fri, 04 May 2018 11:19:44 GMT

GET
S 200 OnionAM.08c5953c3ba104671f6f.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 26 KB
8 KB 11ms
10ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/OnionAM.08c5953c3ba104671f6f.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e31cacae2b24f5b5d7bcd4ccd5f0923c4ffd0ec2fdc987885edeb9f84af38d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
x-cache: HIT
status: 200
content-length: 7726
x-amz-id-2: wo09nSiP9CeN96n3KkgmAc5Ilcii09tkRmKWjjM6W2k2huPRQRnigz7UTqKVorEqUBsKey2Yw1Y=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Tue, 01 May 2018 21:16:53 GMT
server: AmazonS3
x-timer: S1525350034.063749,VS0,VE0
etag: "7d78ab7494799763ba18e3feed14820e"
vary: Accept-Encoding
x-amz-request-id: 74DA67E0F815C124
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
S 200 gpt.js Show response
www.googletagservices.com/tag/js/ 13 KB
6 KB 41ms
40ms Script
text/javascript 216.58.205.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s24-in-f2.1e100.net

Software

sffe /

Resource Hash

b3c2aef5343355008f8882b3a69cfa1dbab6d2e9b00d5e16a810900f75153c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "4 / 669 of 1000 / last-modified: 1525296615"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 5696
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:34 GMT

GET
H/1.1 200
OK 12156.js Show response
ads.rubiconproject.com/header/ 77 KB
24 KB 23ms
7ms Script
application/javascript 23.67.129.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/header/12156.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 23.67.129.200 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-129-200.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 51543c91f6accc07457fcca25dd9f8aa01fa880ec5aeb9437196fb2e22058368

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Mar 2018 22:39:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 24543
Expires: Thu, 03 May 2018 12:20:34 GMT

GET
H/1.1 200
OK publishertag.js Show response
static.criteo.net/js/ld/ 70 KB
20 KB 55ms
14ms Script
text/javascript 178.250.2.74
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: HTTP/1.1
Server: 178.250.2.74 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: static.criteo.net
Software: nginx /
Resource Hash: 6f6b695c5d0f84b35c8b950bf2f34a78278515f529411bf2c892cf21bc274035

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Server: nginx
ETag: W/"5abcfe2e-116c4"
Transfer-Encoding: chunked
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400, public
Connection: keep-alive
Timing-Allow-Origin: *
Expires: Fri, 04 May 2018 12:20:34 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/gif

GET
S 200 kqc16iwh5pafejbh5pfy.jpg
i.kinja-img.com/gawker-media/image/upload/s--jCMrxrrm--/c_fill,f_auto,fl_progressive,g_north,h_180,q_80,w_320/ 15 KB
15 KB 23ms
22ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--jCMrxrrm--/c_fill,f_auto,fl_progressive,g_north,h_180,q_80,w_320/kqc16iwh5pafejbh5pfy.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

6c7ec38fee48a402eacf71e8ff2b697efd0a0bd7b28733319524652d3117ae7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 81485
edge-cache-tag: 397550514468647808136089436354563949276,573056367820451761559092098236686206140,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="kqc16iwh5pafejbh5pfy.webp"
content-length: 15270
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 13:41:23 GMT
server: kinja
x-timer: S1525350034.107391,VS0,VE1
etag: "7924745099bec213e95d065bbe697baa"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 fxbfpc9x26bnknwhbpry.jpg
i.kinja-img.com/gawker-media/image/upload/s--VPSW1sLN--/c_fill,f_auto,fl_progressive,g_north,h_180,q_80,w_320/ 13 KB
13 KB 22ms
20ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--VPSW1sLN--/c_fill,f_auto,fl_progressive,g_north,h_180,q_80,w_320/fxbfpc9x26bnknwhbpry.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

ef81fb97a5ff95150b2039163c4bbd23aa8ea08b669366155dcd874332de70f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 166735
edge-cache-tag: 360711554748073509865412573072631706788,573056367820451761559092098236686206140,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="fxbfpc9x26bnknwhbpry.webp"
content-length: 12818
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Tue, 01 May 2018 13:16:25 GMT
server: kinja
x-timer: S1525350034.106889,VS0,VE1
etag: "1504a69a14c9e11c9c01f4e658e81af4"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 fpmbf0akcykkbtxumhsi.jpg
i.kinja-img.com/gawker-media/image/upload/s--s5YtoofY--/c_fill,f_auto,fl_progressive,g_north,h_180,q_80,w_320/ 11 KB
12 KB 19ms
17ms Image
image/webp 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.kinja-img.com/gawker-media/image/upload/s--s5YtoofY--/c_fill,f_auto,fl_progressive,g_north,h_180,q_80,w_320/fpmbf0akcykkbtxumhsi.jpg

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

kinja /

Resource Hash

4676fd3e4273d2220d475192245c9ab809548010a8fe20050602c075b6366f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 81486
edge-cache-tag: 567174220439740416200434002904200203016,573056367820451761559092098236686206140,e658e1d7ab596d92a7343d60946f3015
status: 200
x-image-request-allowed: gizmodo.com yes
content-disposition: inline; filename="fpmbf0akcykkbtxumhsi.webp"
content-length: 11674
x-served-by: cache-hhn1521-HHN
x-cache: HIT
last-modified: Wed, 02 May 2018 13:02:43 GMT
server: kinja
x-timer: S1525350034.105542,VS0,VE1
etag: "34f3c7d693cbb1be99fb929f8995a630"
vary: User-Agent
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-max-age=0, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cld-vary: User-Agent
x-cache-hits: 1

GET
S 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 298 KB
103 KB 49ms
11ms Script
text/javascript 104.20.30.2
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tinypass.com/api/tinypass.min.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 104.20.30.2 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e48875514a2aa296d2fdec16b5e1d28b5e4bf712aaec073a5b23eb71e6a749c

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
content-type: text/javascript
wn: prod-dash-10-0-1-138
server: cloudflare
etag: W/"305236-1524834432000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NON DSP COR OUR IND"
status: 200
cache-control: public, max-age=3600
last-modified: Fri, 27 Apr 2018 13:07:12 GMT
cf-ray: 4152aeb1ba7c63bb-FRA
cf-cache-status: HIT
expires: Thu, 03 May 2018 13:20:34 GMT

GET
S 200 advertising.js Show response
www.npttech.com/ 8 KB
3 KB 50ms
9ms Script
application/javascript 104.18.36.50
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 104.18.36.50 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14a29c8a39b8e8ee92bdd41ce8b80c0dc34a5dc946b6f6045fb9128f6a7f7d44

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 14 Mar 2018 13:19:52 GMT
server: cloudflare
x-amz-request-id: 4F36984D7E7BB8B9
etag: W/"30666256082f9210fdd112c1c625520f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=28800
cf-ray: 4152aeb1bd45646f-FRA
x-amz-id-2: hMFB5O3f8mRx4QJpwDRrl8uNlZj+VIITK1OEcyHfU4mLgfG4EWvTvHnPnhEmdlyX59nxuFP98lE=
expires: Thu, 03 May 2018 20:20:34 GMT

GET
H/1.1 200
OK cx.js Show response
scdn.cxense.com/ 89 KB
22 KB 46ms
8ms Script
application/x-javascript 23.45.97.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 23.45.97.170 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-97-170.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6544118464d2655bd9a3345e619da3fad53260eebdd7888935224724168e8fd5

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Mar 2018 13:08:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21995
Expires: Thu, 03 May 2018 13:20:34 GMT

GET
S 200 vendor.e4496b3d82f13b6e54e8.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 550 KB
173 KB 17ms
15ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8e552d60ca0a74a6ce32b0d348cbfc53395b87691b40573f471995d9757bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13
x-cache: HIT
status: 200
content-length: 176335
x-amz-id-2: hnfVN1V9ib+JrquT8nITne7n08D/AOrLdpM489KbtrB3TJWNOj41Vjw8K4OuOqAaCroIs16d3ZM=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Tue, 01 May 2018 18:51:53 GMT
server: AmazonS3
x-timer: S1525350034.172416,VS0,VE0
etag: "30ad374eb28924ef6a2c34a85e7aa365"
vary: Accept-Encoding
x-amz-request-id: B1F70CAEA70E4AEA
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1055

GET
S 200 outstreamVideo.92f8756e184815d6a670.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 27 KB
9 KB 25ms
23ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/outstreamVideo.92f8756e184815d6a670.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

530c0cbe1a14badeb99f1d9e8291f2653ed91c3c8a9484492287b70ecd64d048

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12
x-cache: HIT
status: 200
content-length: 8903
x-amz-id-2: FO5XVuV/qEBqUlXMV0Qo4U8ZmzeSmuuE4LnYbQei5CcuU6ckN42c/KdD1UuOkWD/SuW3b6KSf0o=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Thu, 03 May 2018 08:42:07 GMT
server: AmazonS3
x-timer: S1525350034.172491,VS0,VE0
etag: "72eede5228e16aa4100a576202b62ccc"
vary: Accept-Encoding
x-amz-request-id: E1260D8B9854B307
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
S 200 Post.919086479ab16c015c29.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 2 MB
459 KB 25ms
23ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/Post.919086479ab16c015c29.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1df0e961246be26c718a4b5b17541f871d57f5e63c1b678437085be74a5b97d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38
x-cache: HIT
status: 200
content-length: 469799
x-amz-id-2: WUjLARxsLDwNx9IwmD2iM8NqUfEUXzhy7wVI/GIm2sIJ5LMr6+r3Z/xYfp2nuCisjr23vA4PDCo=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Wed, 02 May 2018 15:12:12 GMT
server: AmazonS3
x-timer: S1525350034.172518,VS0,VE0
etag: "d023c7c3630a25296c8a77c24af66c04"
vary: Accept-Encoding
x-amz-request-id: 76F75DFE228183C2
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 3

POST
S 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
508 B 38ms
16ms XHR
application/json 172.217.21.238
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

172.217.21.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f238.1e100.net

Software

ESF /

Resource Hash

3447a2bf760509a1118868e2eeda668f002a58b1cddceb4ad168931cbce1afb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://gizmodo.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.nl/adsid/ 111 B
172 B 14ms
14ms Script
application/javascript 216.58.214.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

216.58.214.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s10-in-f66.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ 111 B
172 B 16ms
15ms Script
application/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 pubads_impl_199.js Show response
securepubads.g.doubleclick.net/gpt/ 162 KB
57 KB 42ms
42ms Script
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

sffe /

Resource Hash

1a427c31646c4dbcda43c5760eb5a224f5e695209d2bb6b1fb40229d6e5e1063

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 26 Apr 2018 00:30:19 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 58006
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:34 GMT

GET
S 200 proxima_nova_cond_sbold_it-webfont.woff2
f.kinja-static.com/assets/fonts/proxima/ 30 KB
30 KB 8ms
8ms Font
binary/octet-stream 151.101.2.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://f.kinja-static.com/assets/fonts/proxima/proxima_nova_cond_sbold_it-webfont.woff2?08252015

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.2.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e8d2c867ae480b6b318900eb4168d5645f635420bdb1626976c9c0af71c45eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
via: 1.1 varnish
x-content-type-options: nosniff
age: 53
x-cache: HIT
status: 200
access-control-max-age: 2592000
content-length: 30232
x-amz-id-2: 60uGO8AXGuawkTYb0+OHXJKySrY6g5ZXRQKNHOvDGGS4cOtqYlZR1F+OmcKRlTQMg45tKUxFB6A=
x-served-by: cache-hhn1539-HHN
last-modified: Mon, 30 Apr 2018 21:36:55 GMT
server: AmazonS3
x-timer: S1525350034.310725,VS0,VE1
etag: "6d0ce198b25710fd5d0a2c0fb863b22c"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-methods: GET
x-amz-request-id: 91898BC058DB9BA2
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 1

POST
S 200 publisher:getClientId Show response
ampcid.google.nl/v1/ 3 B
437 B 38ms
16ms XHR
application/json 216.58.207.78
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.nl/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

216.58.207.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f14.1e100.net

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://gizmodo.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 1; mode=block

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j67&a=101597222&t=pageview&_s=1&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ul=en-us&de=UTF-8&...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-3&cid=1601658218.1525350034&jid=1309619436&_gid=1095497776.1525350034&gjid=710747203&_v=j67&z=1240090379

35 B
113 B

15ms
15ms

Image
image/gif

64.233.166.156
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-3&cid=1601658218.1525350034&jid=1309619436&_gid=1095497776.1525350034&gjid=710747203&_v=j67&z=1240090379

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

64.233.166.156 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

wm-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 May 2018 12:20:34 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:34 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-3&cid=1601658218.1525350034&jid=1309619436&_gid=1095497776.1525350034&gjid=710747203&_v=j67&z=1240090379
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 417
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j67&a=101597222&t=pageview&_s=1&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ul=en-us&de=UTF-8&...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=1528711589&_gid=1095497776.1525350034&gjid=1554590147&_v=j67&z=1478927815

35 B
113 B

15ms
14ms

Image
image/gif

64.233.166.156
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=1528711589&_gid=1095497776.1525350034&gjid=1554590147&_v=j67&z=1478927815

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

64.233.166.156 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

wm-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 May 2018 12:20:34 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:34 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=1528711589&_gid=1095497776.1525350034&gjid=1554590147&_v=j67&z=1478927815
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 419
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK rep.gif
scomcluster.cxense.com/Repo/ 43 B
459 B 9ms
2ms Image
image/gif 178.63.12.208
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scomcluster.cxense.com/Repo/rep.gif?ver=1&typ=pgv&rnd=jgqi0z4i21bc8usb&acc=0&sid=1143002304403762051&loc=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ref=&gol=&pgn=&ltm=1525350034386&new=1&arf=0&tzo=0&res=1600x1200&dpr=1&col=24&jav=0&bln=en-US&cks=jgqi0z5p8a5k1hdc&ckp=jgqi0z5qyj8w6359&glb=&chs=UTF-8&wsz=1600x1200&fls=0&flv=
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 178.63.12.208 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: de716.cxense.com
Software: Jetty(9.2.z-SNAPSHOT) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.2.z-SNAPSHOT)
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 47 B
316 B 97ms
42ms XHR
text/javascript 52.94.220.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&pid=33924246321525350034268&cb=1274783430241525350034460&ws=1600x1200&v=6.9.4&t=300&slots=%5B%7B%22sd%22%3A%22dfp-ad-2%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x251%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F4246%2Fgm.gizmodo%2Fpermalink_top-banner%22%7D%5D&cfgv=0
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Server: 52.94.220.16 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: 0861d7a2e9f06a8784342fd8404af85276a5a27e5ea2204fcdbe82d34b8b4de9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://gizmodo.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 47

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 47 B
316 B 97ms
43ms XHR
text/javascript 52.94.220.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&pid=33924246321525350034268&cb=4917840458551525350034464&ws=1600x1200&v=6.9.4&t=300&slots=%5B%7B%22sd%22%3A%22dfp-ad-3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4246%2Fgm.gizmodo%2Fpermalink_left-top%22%7D%5D&cfgv=0
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Server: 52.94.220.16 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: e46d646758de6d62995f13cbdc02a831fa2fa9f0fa4dea4674521af3da0472d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://gizmodo.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 47

POST
H/1.1 204
No Content cdb Show response
bidder.criteo.com/ 0
204 B 62ms
15ms XHR
text/plain 178.250.0.93
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=48&profileId=154&cb=32678621509
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Server: 178.250.0.93 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://gizmodo.com
Date: Thu, 03 May 2018 12:20:33 GMT
X-Cnection: close
Access-Control-Allow-Credentials: true
Server: Finatra
Vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 239 B
1 KB 117ms
92ms XHR
application/json 62.67.193.97
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&rp_floor=0.01&rf=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&p_screen_res=1600x1200&x_source.tid=af5cf97c-4203-4377-9a21-8a5459faf78b&tk_flint=custom&dt.pref=0&dt.id=ejSCWksIy5ICtjrw0NM1fGO6%2Bh5yDpEmQ4cGmUo1EFzPioIyihYrDrrVSIRWNQoiTB6VML%2FCCfU3YfG2XWYX0Ur9BEXBaxrqh%2F4UeaX7I9QdPZzyR9ytkpbexSQYcfRbNN7HXoegqxrRnb4HmzUuuI%2FaGIe%2BtfTe9eIg1bAY0jBqzA3qLmRozM5SQL3CxJl90UgAhD0zWVrNHUpmhCTK9%2B6ARqdyf2nlhRdSP3Ut0m0RoqT0LojmBDa%2Ft2EJKNqd3HZaifXJm4nU1h7hVu1vXMQAPQtAsZENsNvha91X%2F6WoSbS5Ce2fo%2FNyCOhD7fRTp7FOJb8xhYPQ23KlK2yimA%3D%3D&dt.keyv=4&size_id=15&p_pos=btf&tg_fl.eid=o3D9cZl4&tg_fl.uname=o3D9cZl4&kw=rp.fastlane&site_id=45528&zone_id=200858&rp_secure=1&rand=0.9290081177316689
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/header/12156.js
Protocol: HTTP/1.1
Server: 62.67.193.97 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 4a83a01168532c89649defc18e18bbdf7ceb6f064f8a662c1ef181599bfe6510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:34 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=23
Content-Length: 239
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 254 B
1 KB 207ms
184ms XHR
application/json 62.67.193.97
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&rp_floor=0.01&rf=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&p_screen_res=1600x1200&x_source.tid=680082f6-c620-449e-b569-fc77b843e71b&tk_flint=custom&dt.pref=0&dt.id=ejSCWksIy5ICtjrw0NM1fGO6%2Bh5yDpEmQ4cGmUo1EFzPioIyihYrDrrVSIRWNQoiTB6VML%2FCCfU3YfG2XWYX0Ur9BEXBaxrqh%2F4UeaX7I9QdPZzyR9ytkpbexSQYcfRbNN7HXoegqxrRnb4HmzUuuI%2FaGIe%2BtfTe9eIg1bAY0jBqzA3qLmRozM5SQL3CxJl90UgAhD0zWVrNHUpmhCTK9%2B6ARqdyf2nlhRdSP3Ut0m0RoqT0LojmBDa%2Ft2EJKNqd3HZaifXJm4nU1h7hVu1vXMQAPQtAsZENsNvha91X%2F6WoSbS5Ce2fo%2FNyCOhD7fRTp7FOJb8xhYPQ23KlK2yimA%3D%3D&dt.keyv=4&size_id=2&p_pos=btf&tg_fl.eid=63T8TX6y&tg_fl.uname=63T8TX6y&kw=rp.fastlane&site_id=45528&zone_id=200858&alt_size_ids=55%2C57&rp_secure=1&rand=0.31403008902143204
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/header/12156.js
Protocol: HTTP/1.1
Server: 62.67.193.97 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 52f2b63985941bcba9eeb31b04f56544427edfcdcf214917ef5c4a0c8beb422b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:34 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 254
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
S 200 ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._D6s9b228; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762208/0/-1/ 47 B
80 B 118ms
94ms XHR
application/json 152.195.39.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762208/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._D6s9b228;
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: SPDY
Server: 152.195.39.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: 232cde8a0ff9f0ef42abd34e2b1be0dbda6bf7ca42282640daa0b19e14498af8

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:34 GMT
server: nginx
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://gizmodo.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 47
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
S 200 ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._qvgxbak3; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/3946287/0/-1/ 48 B
81 B 118ms
94ms XHR
application/json 152.195.39.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/3946287/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._qvgxbak3;
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: SPDY
Server: 152.195.39.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: 74b74cdd9ec83585c24c4dc73db7d33982c921b97d6c0149d2dfc25c8feb9e2a

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:34 GMT
server: nginx
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://gizmodo.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 48
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
S 200 ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._n0O2Y8WH; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762209/0/-1/ 47 B
256 B 116ms
94ms XHR
application/json 152.195.39.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762209/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._n0O2Y8WH;
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: SPDY
Server: 152.195.39.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: b84fbdaa24c6fc96d2b3cb8489f2c5d2f131b893e5860b2cba22a387bcdb5df7

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:34 GMT
server: nginx
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://gizmodo.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 47
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
S 200 ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._N4vKxc8I; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762205/0/-1/ 48 B
81 B 117ms
94ms XHR
application/json 152.195.39.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762205/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1525350034486;callback=window.headertag.AolHtb.adResponseCallbacks._N4vKxc8I;
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: SPDY
Server: 152.195.39.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: 8f795a26867fcc0dd28ce215ffb5c49535c2f2533acfbeb07e03a411857d1ddb

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:34 GMT
server: nginx
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://gizmodo.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 48
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 66 B
1 KB 129ms
109ms XHR
text/javascript 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=214627&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A20846176%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2217%22%2C%22siteID%22%3A%22241215%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%223%22%2C%22siteID%22%3A%22187279%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%221%22%2C%22siteID%22%3A%22187277%22%7D%2C%22id%22%3A%223%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%222%22%2C%22siteID%22%3A%22187278%22%7D%2C%22id%22%3A%224%22%7D%5D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: HTTP/1.1
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: bca0e61e2076e2531246928ca1e45c890a570bdfb368b5b5ff3c9346e6bc655a

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 86
Expires: Thu, 03 May 2018 12:20:34 GMT

GET
H2 200 nativeVideos Show response
gizmodo.com/api/core/video/views/ 656 B
977 B 6ms
6ms Fetch
application/json 151.101.2.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://gizmodo.com/api/core/video/views/nativeVideos?network=gizmodo&blogId=4&maxReturned=1

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/outstreamVideo.92f8756e184815d6a670.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

16c2799990f1d867201ad55da0e52075c3d5222e14e3f69a8e8f41ff5ce04ff3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /api/core/video/views/nativeVideos?network=gizmodo&blogId=4&maxReturned=1
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: gizmodo.com
referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
:scheme: https
:method: GET
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
age: 302
x-cache: MISS, HIT, HIT
status: 200
x-kinja: kinja-core-kube03-3769489596-s7h9l #687
x-cdn-fetch: mantle-origin-cache
content-length: 462
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8120-JFK, cache-hhn1539-HHN
x-kinja-version: 20160517
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-timer: S1525350035.666326,VS0,VE1
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:34 GMT
vary: Accept-Encoding
content-type: application/json
via: 1.1 varnish 1.1 varnish
x-geo-segment: B
set-cookie: geocc=DE;path=/;
accept-ranges: bytes
x-robots-tag: noindex
x-cache-hits: 1, 1

GET
S 200 13.50cee12de1c4f5803edb.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 406 KB
116 KB 7ms
7ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/13.50cee12de1c4f5803edb.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

95795ea05af8928c198def58ac639b80e13bb2e325a679a95ac2926ea0eb7656

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
x-cache: HIT
status: 200
content-length: 118863
x-amz-id-2: +ZSH49fvqTWU04h2IsOEiYNsE/+0Hg9znV5YfQb+iEvAEQ3GB+G9YS8nVOQs9nBQ808YmVGw2U4=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Wed, 02 May 2018 20:16:51 GMT
server: AmazonS3
x-timer: S1525350035.690425,VS0,VE1
etag: "b5892af352b64651692e02984ddcc70b"
vary: Accept-Encoding
x-amz-request-id: 36969EA2A565C4FC
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
4 KB 328ms
328ms XHR
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=276511097978290&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21061277%2C21061819&vrg=199&sc=1&sfv=1-0-23&iu_parts=4246%2Cgm.gizmodo%2Cpermalink&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1280x720%7C970x415%2C970x250%7C970x251%7C970x90%7C728x90%2C300x250%2C320x50%2C1x1%2C1x1&fluid=0%2C0%2C0%2Cheight%2C0%2C0&ists=3&prev_scp=pos%3Dsplashytop%26postId%3D1825706243%26page%3Dpermalink%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_splashytop%7Cpos%3Dtop%26postId%3D1825706243%26page%3Dpermalink%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_top%26amznbid%3D2%26amznp%3D2%7Cpos%3Dleft_top%26postId%3D1825706243%26page%3Dpermalink%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_left_top%26amznbid%3D2%26amznp%3D2%7Cpos%3Dpromotion_native_sidebar%26pp_position%3Dsidebar%26postId%3D1825706243%26page%3Dpermalink%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_promotion_native_sidebar%7Cpos%3Dstarter%26pp_position%3Dstarter%26postId%3D1825706243%26page%3Dpermalink%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_starter%7Cpos%3Dscroll%26pp_position%3Dscroll%26postId%3D1825706243%26page%3Dpermalink%26pd%3D1%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_scroll&eri=1&cust_params=tags%3Dprivacy%2520and%2520security%252Cnefarious%2520russian%2520doings%2520or%2520something%2520else%2520not%2520sure%252Ccybersecurity%252Cfancy%2520bear%252Chackers%252Chacking%252Clojack%26category%3Dprivacy%2520and%2520security%26blogName%3Dgizmodo%26ksg%3D&cookie_enabled=1&bc=5&abxe=1&lmt=1525350034&dt=1525350034708&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C308%2C173%2C143%2C0%2C0&adys=0%2C130%2C432%2C3208%2C4904%2C4905&adks=3769346602%2C1917253980%2C2312491748%2C3373631996%2C2208946767%2C2208946752&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&dssz=35&icsg=549755822089&mso=1&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1280x-1%7C1585x271%7C300x290%7C360x30%7C1585x1%7C1585x1&ga_vid=1601658218.1525350034&ga_sid=1525350035&ga_hid=101597222

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

af7183fec14923383bb3c432e2083510ca23d64aaaf5d3c50d945eec911dea38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 4060
x-xss-protection: 1; mode=block
google-lineitem-id: -2,196859858,196867298,-2,-2,235404578
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,59785319978,59785335698,-2,-2,62126237858
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://gizmodo.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 pubads_impl_rendering_199.js Show response
securepubads.g.doubleclick.net/gpt/ 43 KB
16 KB 41ms
41ms Script
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_199.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

sffe /

Resource Hash

3d26b8433950bf918452f3913de7e092c5ce0d586d3f0903aad5e4e33dbdab0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 26 Apr 2018 00:30:19 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 16506
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:34 GMT

GET
S 200 container.html
tpc.googlesyndication.com/safeframe/1-0-23/html/ 0
0 6ms
6ms Other
text/html 172.217.21.225
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.225 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f225.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Purpose: prefetch
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 23 Apr 2018 09:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 874405
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 1479
x-xss-protection: 1; mode=block
last-modified: Tue, 10 Apr 2018 14:51:09 GMT
server: sffe
vary: Accept-Encoding
content-type: text/html
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Apr 2019 09:27:09 GMT

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
335 B 28ms
12ms XHR
text/plain 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=214627&u=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&v=2
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: HTTP/1.1
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:34 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 03 May 2018 12:20:34 GMT

GET
S 200 33330X911642.skimlinks.js Show response
s.skimresources.com/js/ 38 KB
14 KB 35ms
7ms Script
application/octet-stream 151.101.14.202
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/33330X911642.skimlinks.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js
Protocol: SPDY
Server: 151.101.14.202 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Skimlinks V9.0 /
Resource Hash: d692204126b84ccf7be9b0a53dbdd32a9d0bf3aff79104887e02bd4cfe706581

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-amz-version-id: 1N6BGCRa81C_xEXBx1M7qL2cF6jJnFMX
content-encoding: gzip
server: Skimlinks V9.0
etag: "465ba1cd6fd474e6fa5c827f9c7b16aa"
x-served-by: cache-fra19135-FRA
vary: Accept-Encoding
x-cache: HIT
p3p: policyref="https://s.skimresources.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
cache-control: public, max-age=3600
date: Thu, 03 May 2018 12:20:34 GMT
accept-ranges: bytes
content-type: application/octet-stream
content-length: 13672
x-cache-hits: 2

GET
H/1.1 200
OK ggcmb500.js Show response
secure-dcr.imrworldwide.com/novms/js/2/ 2 KB
1 KB 96ms
23ms Script
application/x-javascript 138.108.96.100
ACNIELSEN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-dcr.imrworldwide.com/novms/js/2/ggcmb500.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js
Protocol: HTTP/1.1
Server: 138.108.96.100 Schaumburg, United States, ASN16477 (ACNIELSEN-AS - ACNIELSEN, US),
Reverse DNS
Software: nginx /
Resource Hash: 1804940bab9497accd774bf71ed5777ac803859c10efc54e312c4457fc616427

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 16 Oct 2017 08:18:07 GMT
Server: nginx
ETag: "59e46b3f-353"
Content-Type: application/x-javascript
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 851

GET
S 200 chartbeat.js Show response
static.chartbeat.com/js/ 34 KB
14 KB 31ms
9ms Script
application/x-javascript 54.192.93.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js
Protocol: SPDY
Server: 54.192.93.164 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-192-93-164.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 704c9e7931d42613089daf636a4cd78d3bcc4da9e00995420230952f6e9b7c55

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 02 May 2018 02:55:45 GMT
content-encoding: gzip
last-modified: Wed, 02 May 2018 02:55:22 GMT
server: nginx
age: 5089
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-id: nAK2xW7xT3-w4sG8utik7WxVXhgcbagyvV4rfZVkcuEUrlgYBUVWrQ==
via: 1.1 d2625240b33e8b85b3cbea9bb40abb10.cloudfront.net (CloudFront)
expires: Wed, 02 May 2018 04:55:45 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 11 KB
5 KB 52ms
7ms Script
application/x-javascript 18.194.196.182
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js
Protocol: HTTP/1.1
Server: 18.194.196.182 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-196-182.eu-central-1.compute.amazonaws.com
Software: QS /
Resource Hash: 23a1a8123c5cfb9df1063c6cfbab2b7bb80fe645d6e7158baacbea022a81e2a0

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03-May-2018 12:20:35 GMT
Server: QS
ETag: M0-8af1d7b9
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 4786
Expires: Thu, 10 May 2018 12:20:35 GMT

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 39 KB
12 KB 6ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/Post.919086479ab16c015c29.en-US.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

112560223d7dcf6f78bd1f4f1271590233b6cd02adf7a10f896b0f628c2c4d24

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 12398
x-xss-protection: 0
pragma: public
x-fb-debug: OxEdcAOb7sfCmEH87Nce6ch8yGGIlRlIIdRY7HFnAlZieg8Uz1uojs9J/n44TeYu+QMA6ZEewz3FNfttpd5lLw==
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:34 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK controltag Show response
cdn.krxd.net/ 29 KB
6 KB 25ms
6ms Script
text/javascript 151.101.12.175
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag?confid=JO5Gdwmv
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js
Protocol: HTTP/1.1
Server: 151.101.12.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 561eea94af69ca1de178e65f7deafae123667fee54c670027520c062011d5f18

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-CDN-Backend: 4FrRTvEr9h480D4BywjehZ--F_Config_Service_V3
Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Age: 565
X-Cache: MISS, HIT, HIT
X-Request-Backend: krux_scala_config_webservice
X-App-Cache: HIT
Connection: keep-alive
Content-Length: 5563
X-Served-By: config-service-a003.krxd.net, cache-iad2128-IAD, cache-fra19132-FRA
X-Response-Time: 1
Accept-Ranges: bytes
X-Do-Esi: esi
Cache-Control: public, max-age=1200
X-Timer: S1525350035.991415,VS0,VE0
ETag: "1562008557702552bc45d865f740c4c06db6d86d"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 varnish, 1.1 varnish
Fastly-Debug-Digest: 31b9f1e3ee720e2b366686ac6c61a47f5a07bea830c3db0eb93ad98a9f098a85
X-Age: 0
X-Cache-Hits: 0, 4, 6

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 24ms
6ms Script
application/x-javascript 2.19.43.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js
Protocol: HTTP/1.1
Server: 2.19.43.224 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 902
Expires: Fri, 04 May 2018 12:20:34 GMT

GET
H/1.1 200
OK sambaTag.js Show response
tag.mtrcs.samba.tv/v3/tag/fmg/homepage/ 3 KB
4 KB 31ms
9ms Script
application/javascript 52.85.184.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.mtrcs.samba.tv/v3/tag/fmg/homepage/sambaTag.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/Post.919086479ab16c015c29.en-US.js
Protocol: HTTP/1.1
Server: 52.85.184.125 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-125.fra2.r.cloudfront.net
Software: gunicorn/19.7.1 /
Resource Hash: 5e0623b057ba1f3f6d51959f1cc3d71029410f7f336bbf758cc66d6c750bd896

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Wed, 02 May 2018 12:34:50 GMT
Via: 1.1 0437902e99783229e3317bb4dfe27240.cloudfront.net (CloudFront)
Server: gunicorn/19.7.1
Age: 85544
X-Cache: Hit from cloudfront
P3P: CP="This is not a P3P policy! See https://samba.tv/legal/privacy-policy/ for more info."
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript
Access-Control-Allow-Headers: Content-Type
Content-Length: 3046
X-Amz-Cf-Id: M6gn3dRj8vOT-0993hkxxOqgTA49YD76BFr3_tKsBO2TaIRdynbq0w==

GET
S 200 lightboxjs.e41cc6bf612fc6c87524.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 2 KB
1 KB 6ms
6ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/lightboxjs.e41cc6bf612fc6c87524.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d401d5ca2f84b9a754872b30e086821079e4fa7ff213edd879feae3a2258d1d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24
x-cache: HIT
status: 200
content-length: 1084
x-amz-id-2: cghA6FiABeOr0gMW3y2MZNfpC3oxBy7y8OsR35s9S8zpASuIeHaTTdhqAbsvctFOSqggOb/7NSo=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Mon, 16 Apr 2018 19:42:24 GMT
server: AmazonS3
x-timer: S1525350035.979170,VS0,VE0
etag: "467f9cf5c49eb981ca54e9022bf15e42"
vary: Accept-Encoding
x-amz-request-id: 0CFE26348D0F78EA
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
S 200 3.fcf84c873e4637190bbc.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 3 KB
2 KB 7ms
6ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/3.fcf84c873e4637190bbc.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

884af3fb9ea552014393188335b501ca59c0d6725675f95aaf9385d81e929df6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
x-cache: HIT
status: 200
content-length: 1478
x-amz-id-2: 0npHNWzFw7F73QQ+1TmB3eVSGrlIYy8H0598tf8Pw28iA1HifA2QMu+V98S7/EW9WaiK4n0AmuI=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Tue, 01 May 2018 21:16:50 GMT
server: AmazonS3
x-timer: S1525350035.986515,VS0,VE0
etag: "8db1f4def481799432855a040f3012a2"
vary: Accept-Encoding
x-amz-request-id: DACFDD5FC2A85ABC
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 3

GET
S 200 7.01853d393caf260b9b76.en-US.js Show response
x.kinja-static.com/assets/packaged-js/ 21 KB
6 KB 8ms
8ms Script
application/javascript 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://x.kinja-static.com/assets/packaged-js/7.01853d393caf260b9b76.en-US.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4103c3b3d78444cb54a95bcd57c3fe9fc13fc74ad36e5c4efb6d8bf1f9f10a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4
x-cache: HIT
status: 200
content-length: 5394
x-amz-id-2: BdG8gCG6Tb+ur2FRKzJUvJToVT8RZmnJWqA65kCrPDxkqKaEbePSuZOuYjnSip+tmqyjStKYP2U=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Wed, 02 May 2018 15:12:10 GMT
server: AmazonS3
x-timer: S1525350035.003458,VS0,VE0
etag: "03007dae5e24862ac24619d9cbd33974"
vary: Accept-Encoding
x-amz-request-id: 97ACD2D4B20594A2
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H2 200 navbarConfig Show response
gizmodo.com/ajax/ 2 KB
1 KB 10ms
9ms XHR
application/json 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://gizmodo.com/ajax/navbarConfig?navigationGroup=fmg

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

ef2630c68d2ed4f230266b32c54b5105a9ae3dda403738ad9d1fc37e0d618faf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /ajax/navbarConfig?navigationGroup=fmg
pragma: no-cache
cookie: geocc=DE; kinja_iframe_clientid=631378565.1525350034; pageDepth=1; AMP_TOKEN=%24NOT_FOUND; _ga=GA1.2.1601658218.1525350034; _gid=GA1.2.1095497776.1525350034; _gat_unique=1; _gat=1; cX_S=jgqi0z5p8a5k1hdc; cX_P=jgqi0z5qyj8w6359; DigiTrust.v1.identity=eyJpZCI6IlVlUTRhRDd4SDRVUXJqNW1XTSsveWVsaU5UVjFuVWFxYk9FQ1orT0hrZTdYLzNzUXNwZTQrRUtUWTVSVUFHYUtxTU9WSDFOSVNTZWIzdno3OVFpc3dDeWFkMk0zblRWNHZMTkNqaGc2a2d1OVNscHhSNE9jL3pOTjF5cXFvZkVMNTRVelpyM3ZHY3o5cFlWNzlaaCs2eEx2VzBEdHlWZE9CN1EycWtMZS9aRHNQWEJNdGpRcXVHdEFSVUtCZEovSFFyVE8rM1MvRXN4Umd0MVhBYmFnMndVSWRQbVhTSG1EandOVldOWU5lbnJia3pPZXQ5UzQyK09QMzV0KzRvQ1FRS3c3VTBoUWNWTmNRL01MSVIzR2dQUy93aTc3RU9yV3gwdUVuQzM0UXJFS2RQOUdOb0ZmUTF1SUNVY0lkSTRHMjNMY3o5aHMvb1pZbTViZlFPdFhMUT09IiwidmVyc2lvbiI6MiwicHJvZHVjZXIiOiIxQ3JzZFVOQW82IiwicHJpdmFjeSI6eyJvcHRvdXQiOmZhbHNlfSwia2V5diI6NH0%3D; __adblocker=false; __k_iut=1525350034890; KinjaToken=dummy-37127b2e-e2d7-475c-bbd7-f9d05522ff0a
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
content-type: application/json; charset=utf-8
accept: application/json, text/javascript, */*; q=0.01
cache-control: no-cache
:authority: gizmodo.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
:method: GET
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1177
x-kinja-build: 2929
x-kinja-revision: 22a6af722fda9cc912e993f08b10607303b0b0f4
x-cache: MISS, HIT, HIT
status: 200
x-kinja: kinja-mantle-kube02-1046009411-2gmvf #2929
x-cdn-fetch: mantle-origin-cache
content-length: 656
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8129-JFK, cache-hhn1521-HHN
x-kinja-version: 20150921
x-feature: remove_cx_api=on
x-timer: S1525350035.014076,VS0,VE0
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, X-Feature-Hash, X-Geo-Segment
content-type: application/json; charset=utf-8
via: 1.1 varnish 1.1 varnish
cache-control: max-age=1800, stale-if-error=86400, stale-while-revalidate=300
x-geo-segment: B
set-cookie: geocc=DE;path=/;
accept-ranges: bytes
x-kinja-server: kinja-mantle-kube02-1046009411-2gmvf
x-cache-hits: 2, 9

GET
H2 200 viewsForPost Show response
gizmodo.com/api/analytics/kala/ 84 B
460 B 7ms
7ms XHR
application/json 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://gizmodo.com/api/analytics/kala/viewsForPost?id=1825706243

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

0e6b730b87b12c0bf36b9beba586ea302a4a9e340eccf3b49e0dfad56a09ffc4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /api/analytics/kala/viewsForPost?id=1825706243
pragma: no-cache
cookie: geocc=DE; kinja_iframe_clientid=631378565.1525350034; pageDepth=1; AMP_TOKEN=%24NOT_FOUND; _ga=GA1.2.1601658218.1525350034; _gid=GA1.2.1095497776.1525350034; _gat_unique=1; _gat=1; cX_S=jgqi0z5p8a5k1hdc; cX_P=jgqi0z5qyj8w6359; DigiTrust.v1.identity=eyJpZCI6IlVlUTRhRDd4SDRVUXJqNW1XTSsveWVsaU5UVjFuVWFxYk9FQ1orT0hrZTdYLzNzUXNwZTQrRUtUWTVSVUFHYUtxTU9WSDFOSVNTZWIzdno3OVFpc3dDeWFkMk0zblRWNHZMTkNqaGc2a2d1OVNscHhSNE9jL3pOTjF5cXFvZkVMNTRVelpyM3ZHY3o5cFlWNzlaaCs2eEx2VzBEdHlWZE9CN1EycWtMZS9aRHNQWEJNdGpRcXVHdEFSVUtCZEovSFFyVE8rM1MvRXN4Umd0MVhBYmFnMndVSWRQbVhTSG1EandOVldOWU5lbnJia3pPZXQ5UzQyK09QMzV0KzRvQ1FRS3c3VTBoUWNWTmNRL01MSVIzR2dQUy93aTc3RU9yV3gwdUVuQzM0UXJFS2RQOUdOb0ZmUTF1SUNVY0lkSTRHMjNMY3o5aHMvb1pZbTViZlFPdFhMUT09IiwidmVyc2lvbiI6MiwicHJvZHVjZXIiOiIxQ3JzZFVOQW82IiwicHJpdmFjeSI6eyJvcHRvdXQiOmZhbHNlfSwia2V5diI6NH0%3D; __adblocker=false; __k_iut=1525350034890; KinjaToken=dummy-37127b2e-e2d7-475c-bbd7-f9d05522ff0a
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
accept: */*
cache-control: no-cache
:authority: gizmodo.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
:method: GET
Accept: */*
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
age: 37
x-kinja-build: 45
x-kinja-server: kinja-analytics-kube02-3344982428-cg6s8
x-cache: MISS, MISS, HIT
status: 200
x-kinja: kinja-analytics-kube02-3344982428-cg6s8 #45
x-cdn-fetch: mantle-origin-cache
content-length: 95
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8135-JFK, cache-hhn1521-HHN
access-control-allow-origin: *
x-timer: S1525350035.045544,VS0,VE1
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:35 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
via: 1.1 varnish 1.1 varnish
cache-control: stale-if-error=86400
x-geo-segment: B
set-cookie: geocc=DE;path=/;
accept-ranges: bytes
x-kinja-revision: 09225a69333c6b9970df6907158b9f3aa06b7172
x-cache-hits: 0, 1

POST
S 200 event.js
kinja.com/api/analytics/t/ 135 B
637 B 95ms
95ms Other
application/json 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://kinja.com/api/analytics/t/event.js?e=eyJibG9nSWQiOiI0IiwiZXZlbnRUeXBlIjoiUEVSTUFMSU5LX1ZJRVciLCJ0YXJnZXRUeXBlIjoiUE9TVCIsInRhcmdldElkIjoiMTgyNTcwNjI0MyIsImNvbnRleHRUeXBlIjoiUEVSTUFMSU5LIiwiY29udGV4dElkIjoiMTgyNTcwNjI0MyIsImV2ZW50QXR0cmlidXRlcyI6eyJ1bmlxdWUiOnRydWUsImlzTG9nZ2VkSW4iOjAsImF1dGhvcklkIjoiNTg3NjIzNzI0OTIzNzE3MTI3MiIsImJsb2dOYW1lIjoiZ2l6bW9kby5jb20ifSwiZXZlbnRBdHRyaWJ1dGVzRXh0ZW5kZWQiOnsiZXhwVmFyaWF0aW9uIjoiQiIsInNjcm9sbFBvc2l0aW9uIjowLCJyZXNwb25zaXZlVmVyc2lvbiI6IjEwMjQrIiwidGFncyI6WyJuZWZhcmlvdXNydXNzaWFuZG9pbmdzb3Jzb21ldGhpbmdlbHNlbm90c3VyZSIsImN5YmVyc2VjdXJpdHkiLCJmYW5jeWJlYXIiLCJoYWNrZXJzIiwiaGFja2luZyIsImxvamFjayJdLCJyZWNpcmNHcm91cCI6ImZtZ05vblNhdGlyZSJ9fQ==&cb=587

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/Post.919086479ab16c015c29.en-US.js

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

314123e9e521ace37b07848dbbc203cd1ca929d479a92cde0873278187bce7eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Cache-Control: max-age=0
Origin: https://gizmodo.com
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: default-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
age: 0
x-kinja-build: 45
x-kinja-server: kinja-analytics-kube02-3344982428-8vzt9
x-cache: MISS, MISS, MISS
status: 200
x-kinja: kinja-analytics-kube02-3344982428-8vzt9 #45
x-cdn-fetch: mantle-setcookie
content-length: 129
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8140-JFK, cache-hhn1521-HHN
x-geo-segment: B
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:35 GMT
vary: Origin,Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gizmodo.com
cache-control: private, max-age=0
access-control-allow-credentials: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes, bytes, bytes
x-timer: S1525350035.047377,VS0,VE88
x-kinja-revision: 09225a69333c6b9970df6907158b9f3aa06b7172
x-cache-hits: 0, 0

GET
H/1.1

200
OK

m
secure-us.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-803450h&cg=0&cc=1&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rp=&ts=compact&rnd=1525350034957
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-803450h&cg=0&cc=1&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rp=&ts=compact&rnd=152535003495...

44 B
402 B

24ms
23ms

Image
image/gif

138.108.96.100
ACNIELSEN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-803450h&cg=0&cc=1&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rp=&ts=compact&rnd=1525350034957&ja=1
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 138.108.96.100 Schaumburg, United States, ASN16477 (ACNIELSEN-AS - ACNIELSEN, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Server: nginx
P3P: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=5
Content-Length: 44
Expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Server: nginx
P3P: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Location: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-803450h&cg=0&cc=1&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rp=&ts=compact&rnd=1525350034957&ja=1
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 0
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
S 200 DFP_Audience_Pixel;dc_seg=22540930;blog=gizmodo;ord=544701514223.9597;postId=1825706243;tags=privacy%20and%20security,nefarious%20russian%20doings%20or%20something%20else%20not%20sure,cybersecurity...
pubads.g.doubleclick.net/activity;dc_iu=/4246/ 42 B
203 B 19ms
18ms Image
image/gif 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pubads.g.doubleclick.net/activity;dc_iu=/4246/DFP_Audience_Pixel;dc_seg=22540930;blog=gizmodo;ord=544701514223.9597;postId=1825706243;tags=privacy%20and%20security,nefarious%20russian%20doings%20or%20something%20else%20not%20sure,cybersecurity,fancy%20bear,hackers,hacking,lojack?

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 DFP_Audience_Pixel;dc_seg=23702290;blog=gizmodo;ord=1805758096884.3489;postId=1825706243;tags=privacy%20and%20security,nefarious%20russian%20doings%20or%20something%20else%20not%20sure,cybersecurit...
pubads.g.doubleclick.net/activity;dc_iu=/4246/ 42 B
214 B 18ms
17ms Image
image/gif 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pubads.g.doubleclick.net/activity;dc_iu=/4246/DFP_Audience_Pixel;dc_seg=23702290;blog=gizmodo;ord=1805758096884.3489;postId=1825706243;tags=privacy%20and%20security,nefarious%20russian%20doings%20or%20something%20else%20not%20sure,cybersecurity,fancy%20bear,hackers,hacking,lojack;refer=?

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 47 B
316 B 47ms
46ms XHR
text/javascript 52.94.220.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3076&u=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&pid=33924246321525350034268&cb=9840497660941525350035087&ws=1600x1200&v=6.9.4&t=1000&slots=%5B%7B%22sd%22%3A%22ad-container-98196235%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F4246%2Fgm.gizmodo%2Fpermalink_LEFT_RAIL%22%7D%5D&cfgv=0
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Server: 52.94.220.16 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: b397e6d5b20e9a6431f5691dd9d8d66001e252368caac4caf18efeefd76d7edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://gizmodo.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 47

GET
S 200 ADTECH;cmd=bid;cors=yes;v=2;misc=1525350035091;callback=window.headertag.AolHtb.adResponseCallbacks._gWxaySk0; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/3946289/0/-1/ 47 B
103 B 94ms
94ms XHR
application/json 152.195.39.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/3946289/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1525350035091;callback=window.headertag.AolHtb.adResponseCallbacks._gWxaySk0;
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: SPDY
Server: 152.195.39.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: 7acf21b540496ea46ec75f904b39a021ad87f50d0c9515a5b3c64b7fbb8077cc

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:35 GMT
server: nginx
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://gizmodo.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 47
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
S 200 ADTECH;cmd=bid;cors=yes;v=2;misc=1525350035091;callback=window.headertag.AolHtb.adResponseCallbacks._2jeSXjN5; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762203/0/-1/ 48 B
81 B 94ms
94ms XHR
application/json 152.195.39.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10434.1/4762203/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1525350035091;callback=window.headertag.AolHtb.adResponseCallbacks._2jeSXjN5;
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: SPDY
Server: 152.195.39.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: f7dc7b7608ac36f5d12f8485eccd58a0842a160a6b069b4c7e2ffbe4ebe2beb4

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:35 GMT
server: nginx
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://gizmodo.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 48
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 255 B
959 B 89ms
89ms XHR
application/json 62.67.193.97
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12156&rp_floor=0.01&rf=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&p_screen_res=1600x1200&x_source.tid=7264613d-8730-49b4-a976-90be44e60ad5&tk_flint=custom&dt.pref=0&dt.id=ejSCWksIy5ICtjrw0NM1fGO6%2Bh5yDpEmQ4cGmUo1EFzPioIyihYrDrrVSIRWNQoiTB6VML%2FCCfU3YfG2XWYX0Ur9BEXBaxrqh%2F4UeaX7I9QdPZzyR9ytkpbexSQYcfRbNN7HXoegqxrRnb4HmzUuuI%2FaGIe%2BtfTe9eIg1bAY0jBqzA3qLmRozM5SQL3CxJl90UgAhD0zWVrNHUpmhCTK9%2B6ARqdyf2nlhRdSP3Ut0m0RoqT0LojmBDa%2Ft2EJKNqd3HZaifXJm4nU1h7hVu1vXMQAPQtAsZENsNvha91X%2F6WoSbS5Ce2fo%2FNyCOhD7fRTp7FOJb8xhYPQ23KlK2yimA%3D%3D&dt.keyv=4&size_id=15&p_pos=btf&tg_fl.eid=U6NpCHaZ&tg_fl.uname=U6NpCHaZ&kw=rp.fastlane&site_id=45528&zone_id=200858&alt_size_ids=10&rp_secure=1&rand=0.268744436762016
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/header/12156.js
Protocol: HTTP/1.1
Server: 62.67.193.97 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: fb61ef4e8e317d45d066955df45aa70d261e10e67807ad989ef6c78119a5cd9b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=5
Content-Length: 255
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 204
No Content cdb Show response
bidder.criteo.com/ 0
204 B 17ms
17ms XHR
text/plain 178.250.0.93
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=48&profileId=154&cb=46496087415
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Server: 178.250.0.93 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://gizmodo.com
Date: Thu, 03 May 2018 12:20:34 GMT
X-Cnection: close
Access-Control-Allow-Credentials: true
Server: Finatra
Vary: Origin

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 66 B
938 B 71ms
71ms XHR
text/javascript 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=214627&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A51418502%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%224%22%2C%22siteID%22%3A%22187280%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%225%22%2C%22siteID%22%3A%22187281%22%7D%2C%22id%22%3A%222%22%7D%5D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: HTTP/1.1
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 4292e800b06fe7ac8834deb6ff0c8ddd3f085d5af7284415d610129d2e687bd9

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 86
Expires: Thu, 03 May 2018 12:20:35 GMT

POST
H2 200 beacon Show response
gizmodo.com/stats/ 2 B
380 B 96ms
96ms XHR
text/plain 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://gizmodo.com/stats/beacon?pageType=permalink

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stats/beacon?pageType=permalink
pragma: no-cache
cookie: geocc=DE; kinja_iframe_clientid=631378565.1525350034; pageDepth=1; AMP_TOKEN=%24NOT_FOUND; _ga=GA1.2.1601658218.1525350034; _gid=GA1.2.1095497776.1525350034; _gat_unique=1; _gat=1; cX_S=jgqi0z5p8a5k1hdc; cX_P=jgqi0z5qyj8w6359; DigiTrust.v1.identity=eyJpZCI6IlVlUTRhRDd4SDRVUXJqNW1XTSsveWVsaU5UVjFuVWFxYk9FQ1orT0hrZTdYLzNzUXNwZTQrRUtUWTVSVUFHYUtxTU9WSDFOSVNTZWIzdno3OVFpc3dDeWFkMk0zblRWNHZMTkNqaGc2a2d1OVNscHhSNE9jL3pOTjF5cXFvZkVMNTRVelpyM3ZHY3o5cFlWNzlaaCs2eEx2VzBEdHlWZE9CN1EycWtMZS9aRHNQWEJNdGpRcXVHdEFSVUtCZEovSFFyVE8rM1MvRXN4Umd0MVhBYmFnMndVSWRQbVhTSG1EandOVldOWU5lbnJia3pPZXQ5UzQyK09QMzV0KzRvQ1FRS3c3VTBoUWNWTmNRL01MSVIzR2dQUy93aTc3RU9yV3gwdUVuQzM0UXJFS2RQOUdOb0ZmUTF1SUNVY0lkSTRHMjNMY3o5aHMvb1pZbTViZlFPdFhMUT09IiwidmVyc2lvbiI6MiwicHJvZHVjZXIiOiIxQ3JzZFVOQW82IiwicHJpdmFjeSI6eyJvcHRvdXQiOmZhbHNlfSwia2V5diI6NH0%3D; __adblocker=false; __k_iut=1525350034890; KinjaToken=dummy-37127b2e-e2d7-475c-bbd7-f9d05522ff0a
origin: https://gizmodo.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: gizmodo.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
content-length: 353
:method: POST
Accept: */*
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-kinja-build: 2929
x-kinja-revision: 22a6af722fda9cc912e993f08b10607303b0b0f4
x-cache: MISS, MISS, MISS
status: 200
x-kinja: kinja-mantle-kube03-54120415-4qg63 #2929
x-cdn-fetch: mantle-default
content-length: 22
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8147-JFK, cache-hhn1521-HHN
x-timer: S1525350035.121173,VS0,VE90
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
via: 1.1 varnish 1.1 varnish
cache-control: stale-if-error=86400, stale-while-revalidate=300
x-geo-segment: B
set-cookie: geocc=DE;path=/;
accept-ranges: bytes bytes bytes
x-kinja-server: kinja-mantle-kube03-54120415-4qg63
x-cache-hits: 0, 0

GET
H/1.1 200
OK 12156.js Show response
ads.rubiconproject.com/ad/ Frame F59F 25 KB
7 KB 7ms
6ms Script
text/javascript 23.67.129.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/12156.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js
Protocol: HTTP/1.1
Server: 23.67.129.200 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-129-200.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 4eb9974960ac8e3e9b322bc5abe88cd12d8a53b36894fd85dbfe1a4409a07ce3

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=9826
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7261
Expires: Thu, 03 May 2018 15:04:21 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180430/r20110914/activeview/ Frame F59F 67 KB
24 KB 6ms
5ms Script
text/javascript 172.217.21.225
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180430/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.225 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f225.1e100.net

Software

cafe /

Resource Hash

590cca84a9358dd92333ae0480b953670c2f01f6d48b39d16f76393c46cc2ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 30 Apr 2018 23:52:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217691
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 24857
x-xss-protection: 1; mode=block
server: cafe
etag: 9702542776790860170
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 May 2018 23:52:24 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/gawker582857354/ Frame F59F 256 KB
79 KB 29ms
6ms Script
application/x-javascript 2.18.235.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/gawker582857354/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js
Protocol: HTTP/1.1
Server: 2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b32718bbca77362a563a1e41c3a2fd0e97e7baa4694f54e849fdacef3b6f6499

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Apr 2018 16:49:45 GMT
Server: AmazonS3
x-amz-request-id: 701889A686138F11
ETag: "8f5084aaef708da47aa509e1eb6f47a6"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31287
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80530
x-amz-id-2: 8QLuW0BoOzucouYP6nBzRjl5Gxeh9wNHyia0oDu+Ct1ZRtw7OuLvcy6Q0dcYZIwyZpJXq6oWirU=

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 67 KB
25 KB 7ms
7ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

54b609b349536fea6b8ef7baa154182f9ce5d5a216b9c163d0d72b3d4f9bfd22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 11:26:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 25193
x-xss-protection: 1; mode=block
server: cafe
etag: 8026376403173667377
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 03 May 2018 12:26:21 GMT

GET
H/1.1 200
OK 12156.js Show response
ads.rubiconproject.com/ad/ Frame 64C9 25 KB
7 KB 11ms
6ms Script
text/javascript 23.67.129.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/12156.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js
Protocol: HTTP/1.1
Server: 23.67.129.200 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-129-200.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 4eb9974960ac8e3e9b322bc5abe88cd12d8a53b36894fd85dbfe1a4409a07ce3

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=9826
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7261
Expires: Thu, 03 May 2018 15:04:21 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180430/r20110914/activeview/ Frame 64C9 67 KB
24 KB 6ms
5ms Script
text/javascript 172.217.21.225
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180430/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.225 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f225.1e100.net

Software

cafe /

Resource Hash

590cca84a9358dd92333ae0480b953670c2f01f6d48b39d16f76393c46cc2ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 30 Apr 2018 23:52:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217691
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 24857
x-xss-protection: 1; mode=block
server: cafe
etag: 9702542776790860170
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 May 2018 23:52:24 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/gawker582857354/ Frame 64C9 256 KB
79 KB 25ms
7ms Script
application/x-javascript 2.18.235.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/gawker582857354/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js
Protocol: HTTP/1.1
Server: 2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b32718bbca77362a563a1e41c3a2fd0e97e7baa4694f54e849fdacef3b6f6499

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Apr 2018 16:49:45 GMT
Server: AmazonS3
x-amz-request-id: 701889A686138F11
ETag: "8f5084aaef708da47aa509e1eb6f47a6"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31287
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80530
x-amz-id-2: 8QLuW0BoOzucouYP6nBzRjl5Gxeh9wNHyia0oDu+Ct1ZRtw7OuLvcy6Q0dcYZIwyZpJXq6oWirU=

GET
DATA 200
OK truncated
/ Frame A9B3 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5886a95c444335d8a71176a4a1cd7bf728f6435d8a72f8ae2df11326d49b3d87

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame F59F 0
285 B 20ms
20ms Image
text/html 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvhHVIih8sSEl6HAf64hOT8xKJUvLIv-zR-s9KTP_LTMGrTPahFcL4BIH9KlnmANQd4HsRVZ5c7sB85BGam0MdMQIooBZVDNoQ2JkUov196ICgy23wHhuDN9Mc22M_oOQgdvxeNjzt8_qMwJ-uFxBdgHoG55etL4W-j7basIAX-eywCcwAGSJ7QqeSaUT8AQQwtVFg17fkIA0hIKWS4UWHTmIVZupIYrmMUEivpcizK56cYRLa_yY7ILjh-OQ&sig=Cg0ArKJSzHeF4HI1lkDNEAE&urlfix=1&adurl=

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:35 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 64C9 0
253 B 23ms
22ms Image
text/html 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssPm7n-SotpCLLjcrkp3_Wxfsftn3N4uIxIfU4E-5Rr0VDbulSeDJz1XNw7Otr4EhJVeBgm-BAno0YxbVwgEg_24aBXEHvqIhPnlprw9jyjkATr6n1_LZDmBB7k4L9EPBwvlr8cb3hH3zLrNfR547L69hezhphrIXvdUUgYEW-P4erGvpIbq4EI7aKORa-ZxMu2kvFzpdvvpof-bukas-jjazHiWYOs7ylQNkEV6MUiwvyGllVQpXuuofMLCw&sig=Cg0ArKJSzIozAr51n4X_EAE&urlfix=1&adurl=

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:35 GMT

GET
S 200 lightbox.js Show response
www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/ Frame F005 321 B
609 B 43ms
19ms Script
application/javascript 104.16.81.165
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/lightbox.js?mb=1525350035595&lv=1
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 104.16.81.165 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: d0eeea18cb319687f74c371438c83c67e56dba1db8ccaf41f95bcba224f707e2

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 4152aebaae7a2354-FRA

GET
S 200 fmg-sdk-4.9.2.js Show response
sdk.vmh.univision.com/releases/4.9.2/ 265 KB
265 KB 35ms
14ms Script
application/javascript 52.85.184.168
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.vmh.univision.com/releases/4.9.2/fmg-sdk-4.9.2.js
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/outstreamVideo.92f8756e184815d6a670.en-US.js
Protocol: SPDY
Server: 52.85.184.168 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-168.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae215634dee30253f898f44875073c228d5dea98642bacd1eb8ab7ccebc788c4

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 02 May 2018 07:58:12 GMT
via: 1.1 f131f7f70cfd3a8b96a854e1f446f33b.cloudfront.net (CloudFront)
last-modified: Mon, 30 Apr 2018 14:36:07 GMT
server: AmazonS3
age: 15743
etag: "cdac9063d2c8fa06d630b232db3a8fdd"
x-cache: Hit from cloudfront
x-amz-version-id: bYQg6j_29jkQWMCMYZDJzQo46VJN3xJt
status: 200
accept-ranges: bytes
content-type: application/javascript
content-length: 271169
x-amz-cf-id: rM1isUJCELkVjM4AsPMsPt9ajdGy2MPzNDAC9DK4hsm4ZqV-ImljPQ==

GET
S 200 fmg-sdk-4.9.2.css
sdk.vmh.univision.com/releases/4.9.2/ 37 KB
38 KB 29ms
8ms Stylesheet
text/css 52.85.184.168
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.vmh.univision.com/releases/4.9.2/fmg-sdk-4.9.2.css
Requested by: Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/outstreamVideo.92f8756e184815d6a670.en-US.js
Protocol: SPDY
Server: 52.85.184.168 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-168.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 04af3b4bf8d5af9c4ebe03527fddd65b0f220ef57d8c7127c4889a8aeca7b272

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 02 May 2018 07:58:12 GMT
via: 1.1 f131f7f70cfd3a8b96a854e1f446f33b.cloudfront.net (CloudFront)
last-modified: Mon, 30 Apr 2018 14:36:07 GMT
server: AmazonS3
age: 15743
etag: "5c61d9bf8e152133cc4467f584aea76e"
x-cache: Hit from cloudfront
x-amz-version-id: jAhgs5PTVodb__I_tuFnvALXqt5XpXdC
status: 200
accept-ranges: bytes
content-type: text/css
content-length: 38377
x-amz-cf-id: lOqfZ1NCqDR_WCCdxeFNHEz2RwKATLIqGVthSDGaG-tn6Py-bCYwcA==

GET
H/1.1 200
OK ping
ping.chartbeat.net/ 43 B
213 B 433ms
107ms Image
image/gif 23.23.98.214
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=gizmodo.com&p=%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&u=CCqneuwkHVCBZCCyy&d=gizmodo.com&g=3012&g0=gizmodo.com%2Cprivacy-and-security%2Cprivacy%20and%20security%2Cnefarious%20russian%20doings%20or%20something%20else%20not%20sure%2Ccybersecurity%2Cfancy%20bear%2Chackers%2Chacking%2Clojack&g1=Tom%20McKay&n=1&f=00001&c=0&x=0&m=0&y=5659&o=1585&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=2164&t=BQ7g50CAMLE0BKxr4JCmzlYBEKDqf&V=104&i=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&tz=0&sn=1&sv=rLhlsBYVuvZ4MxLhDnUGkaBaMR9m&sd=1&im=067b2ff3&_
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 23.23.98.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-23-23-98-214.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
S 200 / Show response
r.skimresources.com/api/ 196 B
634 B 37ms
15ms Script
application/javascript 35.190.59.101
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?callback=skimlinksBeaconCallback&data=%7B%22pubcode%22%3A%2233330X911642%22%2C%22domains%22%3A%5B%22avclub.com%22%2C%22deadspin.com%22%2C%22earther.com%22%2C%22jalopnik.com%22%2C%22jezebel.com%22%2C%22kotaku.com%22%2C%22lifehacker.com%22%2C%22splinternews.com%22%2C%22thetakeout.com%22%2C%22theroot.com%22%2C%22theonion.com%22%2C%22clickhole.com%22%2C%22kinja.com%22%2C%22apnews.com%22%2C%22asert.arbornetworks.com%22%2C%22darkreading.com%22%2C%22blackhat.com%22%2C%22jigsawsecurityenterprise.com%22%2C%22blog.talosintelligence.com%22%2C%22cyber.nj.gov%22%2C%22threatreconblog.com%22%2C%22bloomberg.com%22%2C%22axios.com%22%2C%22twitter.com%22%2C%22facebook.com%22%2C%22instagram.com%22%2C%22kinja.desk.com%22%2C%22legal.kinja.com%22%2C%22thefmg.com%22%2C%22deals.kinja.com%22%5D%2C%22page%22%3A%22https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%22%7D

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/33330X911642.skimlinks.js

Protocol

SPDY

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

7c639cc4f24a0df0f018db012ad4f880d2de1655378b8162e40ea58865917a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
via: 1.1 google
x-content-type-options: nosniff
server: openresty/1.11.2.5
status: 200
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://gizmodo.com
access-control-allow-credentials: true
content-type: application/javascript
alt-svc: clear

GET
S 200 px.gif
p.skimresources.com/ 43 B
247 B 35ms
14ms Image
image/gif 35.190.91.160
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=9.442000059770532
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
content-type: image/gif
alt-svc: clear
content-length: 43

GET
S 200 px.gif
p.skimresources.com/ 43 B
105 B 42ms
21ms Image
image/gif 35.190.91.160
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=9.442000059770532
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
content-type: image/gif
alt-svc: clear
content-length: 43

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6770184&ns__t=1525350035645&ns_c=UTF-8&cv=3.1e&c8=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Loj...
https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1525350035645&ns_c=UTF-8&cv=3.1e&c8=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lo...

0
248 B

7ms
7ms

Image
text/plain

2.19.43.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1525350035645&ns_c=UTF-8&cv=3.1e&c8=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&c7=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c9=
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 2.19.43.224 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=6770184&ns__t=1525350035645&ns_c=UTF-8&cv=3.1e&c8=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&c7=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c9=
Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK controltag.js.dc955599a3976b2e658d60927793d9ea Show response
cdn.krxd.net/ctjs/ 245 KB
79 KB 7ms
6ms Script
application/javascript 151.101.12.175
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.dc955599a3976b2e658d60927793d9ea
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag?confid=JO5Gdwmv
Protocol: HTTP/1.1
Server: 151.101.12.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 130bcc62f8c58f6434cc348cf7a0104c80823a1b870fc6f59a31deaad6aca2e6

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-CDN-Backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Age: 1774715
X-Cache: HIT
X-Cache-Hits: 6620794
Connection: keep-alive
Content-Length: 80008
X-Served-By: cache-fra19132-FRA
Last-Modified: Wed, 11 Apr 2018 01:10:26 GMT
X-Timer: S1525350036.653976,VS0,VE0
ETag: "dc955599a3976b2e658d60927793d9ea"
Content-Type: application/javascript
Via: 1.1 varnish
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes
Expires: Sat, 08 Apr 2028 01:10:25 GMT

GET
S 200 217700348616695 Show response
connect.facebook.net/signals/config/ 55 KB
13 KB 6ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/217700348616695?v=2.8.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

8cbf6fa3f6a6a1b8c4c30849825008bbf95f00aca5c60b0cbef45be8bc39c3e1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 13392
x-xss-protection: 0
pragma: public
x-fb-debug: /tJyFRro6NMepYraLIZTVJNAW/4PihsjhvG4TEmZnvIMn9DE9EAJX89Y4EGpHMYS9Qo71qNyAJqL7/7OYekMjw==
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 rules-p-d4P3FpSypJrlA.js Show response
rules.quantcount.com/ 4 KB
1 KB 21ms
7ms Script
application/x-javascript 52.85.184.87
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-d4P3FpSypJrlA.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: SPDY
Server: 52.85.184.87 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-87.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4dc5765cdda9b83636c0fbdbdff1eeeeb758f9e9d1e9d9f5a536cf6e5aa04a8a

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Fri, 27 Apr 2018 19:56:34 GMT
content-encoding: gzip
last-modified: Fri, 27 Apr 2018 19:56:32 GMT
server: AmazonS3
age: 1413
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-id: 2crW3uOlP_2obAYHkriVuPlCwdKPD92TSXhQjCvm68KEjfzGnBaY_g==
via: 1.1 bb93dfaee440e32ac88831363641e2c2.cloudfront.net (CloudFront)

GET
H/1.1 200
OK PA5FFACD2-70A6-4C92-AD68-63C1B970EF36.js Show response
cdn-gl.imrworldwide.com/conf/ 29 KB
7 KB 27ms
7ms Script
application/javascript 52.85.184.44
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/PA5FFACD2-70A6-4C92-AD68-63C1B970EF36.js
Requested by: Host: secure-dcr.imrworldwide.com
URL: https://secure-dcr.imrworldwide.com/novms/js/2/ggcmb500.js
Protocol: HTTP/1.1
Server: 52.85.184.44 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-44.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7da0d47ec4a08e78f859c3837e1d5a0af9bde3d2317ac493ea722ef2a196dd23

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 10:42:50 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 May 2018 10:27:44 GMT
Server: AmazonS3
Age: 2265
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
x-amz-version-id: SCnxNNsc_ohuve77N2FOfIZ5AjwbPyI3
Via: 1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript
X-Amz-Cf-Id: ZvTWpkfPvZ8K99W_TL2ixprYtwK8ZDM7ARoVCzbBi7iRZgvyDH_jEA==

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 6 KB
3 KB 276ms
276ms XHR
text/javascript 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=528788044135662&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fifs&adsid=NT&json_a=1&eid=21061277%2C21061819&vrg=199&sc=1&sfv=1-0-23&iu_parts=4246%2Cgm.gizmodo%2Cpermalink&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&prev_scp=postId%3D1825706243%26forcedAdZone%3Dfalse%26socialReferrer%3D%26utm_source%3D%26utm_medium%3D%26utm_campaign%3D%26article_position%3D1%26pos%3Dleft%26exp_variation%3DGI_eTFcvSSunxQBiamunzg_B_left%26mtfIFPath%3D%252Fassets%252Fvendor%252Fdoubleclick%252F%26page%3Dpermalink%26pd%3D1%26post_type%3Ddefault%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=tags%3Dprivacy%2520and%2520security%252Cnefarious%2520russian%2520doings%2520or%2520something%2520else%2520not%2520sure%252Ccybersecurity%252Cfancy%2520bear%252Chackers%252Chacking%252Clojack%26category%3Dprivacy%2520and%2520security%26blogName%3Dgizmodo%26ksg%3D&cookie=ID%3Dbb9302cf7daa7b25%3AT%3D1525350034%3AS%3DALNI_MYTC2YEaLMTkb6zHiPd-G8qfsAhQA&cookie_enabled=1&bc=5&abxe=1&lmt=1525350035&dt=1525350035684&frm=20&biw=1585&bih=1200&oid=3&adxs=173&adys=1139&adks=1703509474&gut=v2&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&dssz=53&icsg=8589934628&mso=1&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x280&ga_vid=1601658218.1525350034&ga_sid=1525350035&ga_hid=101597222

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

e33c0facf89bd90c417fed4585b062ed7e610a28d86af2dfb162144eb1d2aab8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 2606
x-xss-protection: 1; mode=block
google-lineitem-id: 196867298
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 59785335698
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://gizmodo.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 192930-2.js Show response
optimized-by.rubiconproject.com/a/12156/44356/ Frame F59F 2 KB
1 KB 193ms
169ms Script
text/javascript 62.67.193.97
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/12156/44356/192930-2.js?&cb=0.31727856600513826&tk_st=1&rf=https%3A//gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=44356_2&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/12156.js
Protocol: HTTP/1.1
Server: 62.67.193.97 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: bae27189f8371a17b79698c82b1d35eb96ced1af4e0c8ae36b8d9441efb889e0

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=0, max=1
Content-Length: 867
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK 192930-15.js Show response
optimized-by.rubiconproject.com/a/12156/44356/ Frame 64C9 2 KB
1 KB 164ms
143ms Script
text/javascript 62.67.193.96
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/12156/44356/192930-15.js?&cb=0.4308925063565461&tk_st=1&rf=https%3A//gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=44356_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/12156.js
Protocol: HTTP/1.1
Server: 62.67.193.96 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 1ae2ca701026f4fc905db08c94f7e9573df49093fa3ae79373cbff8da7ed332d

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=11
Content-Length: 866
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK load Show response
pixel.mtrcs.samba.tv/v2/tag/fmg/homepage/ 698 B
1 KB 752ms
186ms XHR
application/json 52.35.221.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mtrcs.samba.tv/v2/tag/fmg/homepage/load?sa_name=gizmodo.com&sa_referrer=&sa_fullurl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c=1525350035737
Requested by: Host: tag.mtrcs.samba.tv
URL: https://tag.mtrcs.samba.tv/v3/tag/fmg/homepage/sambaTag.js
Protocol: HTTP/1.1
Server: 52.35.221.76 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-35-221-76.us-west-2.compute.amazonaws.com
Software: gunicorn/19.7.1 /
Resource Hash: 265c337e1a13b89b08ae5ee0680cac8eabc35b527620290bfda821a637b7b1a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Server: gunicorn/19.7.1
P3P: CP="This is not a P3P policy! See https://samba.tv/legal/privacy-policy/ for more info."
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: private, max-age=0, no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Access-Control-Allow-Headers: Content-Type
Content-Length: 698

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
335 B 15ms
14ms XHR
text/plain 2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=214627&u=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&v=2
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183957-12515575323306.js
Protocol: HTTP/1.1
Server: 2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 03 May 2018 12:20:35 GMT

POST
H/1.1 200
OK csp.json
kinja-debug.firebaseio.com/ 31 B
341 B 357ms
120ms Other
application/json 35.201.97.85
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://kinja-debug.firebaseio.com/csp.json

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

HTTP/1.1

Server

35.201.97.85 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

85.97.201.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

7ff2991ce3c656bf5437dcbfd78ffdbdf4f063006cd1bd8b6e5055bff9e2f7d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/csp-report

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Server: nginx
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://gizmodo.com
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 31

GET
S 200 user.js Show response
www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/ Frame F005 551 KB
119 KB 17ms
16ms Script
application/javascript 104.16.81.165
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/user.js?cb=636604338551661878
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/lightbox.js?mb=1525350035595&lv=1
Protocol: SPDY
Server: 104.16.81.165 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cf6890eb16013193126b58ac573f7b9c675508ff2cd53c6a3d1aa753e060797

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: JyaBcC3IQ8y7uojRHKHtoA==
cf-polished: origSize=919080
status: 200
last-modified: Fri, 27 Apr 2018 13:50:55 GMT
x-ms-lease-status: unlocked
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 3e984c58-501e-0035-242e-defb94000000
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 4152aebbaf112354-FRA
expires: Fri, 03 May 2019 12:20:35 GMT

GET
S 200 852713628239858 Show response
connect.facebook.net/signals/config/ 55 KB
13 KB 6ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/852713628239858?v=2.8.14&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

fead37b33cdac55ae8e587a156d6d15727baceeb214a66efcd366a5d8c1e7b98

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 13395
x-xss-protection: 0
pragma: public
x-fb-debug: HxMSNEsi31PKlml6l5ly/0idjDDyLTIHnPZPWf2kMRc7iA3IsyZUB8IyuTlkW43xPL3ZFcp2HDDHfhLiGrJS8Q==
x-frame-options: DENY
date: Thu, 03 May 2018 12:20:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S

200

/
p.skimresources.com/ Frame 3DCE
Redirect Chain

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=53542b75f732ad522da65cc79328fb36
https://p.skimresources.com/?provider_id=53542b75f732ad522da65cc79328fb36&skim_mapping=true

43 B
105 B

28ms
13ms

Image
image/gif

35.190.91.160
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/?provider_id=53542b75f732ad522da65cc79328fb36&skim_mapping=true
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
content-type: image/gif
alt-svc: clear
content-length: 43

Redirect headers

Location: https://p.skimresources.com?provider_id=53542b75f732ad522da65cc79328fb36&skim_mapping=true
Date: Thu, 03 May 2018 12:20:36 GMT
Server: TornadoServer/2.4.1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK pixel;r=523580882;labels=Author.Tom%20McKay.Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%2CPost%20Title.Researchers%20Find%20Mysteriou...
pixel.quantserve.com/ 35 B
479 B 29ms
7ms Image
image/gif 18.194.196.182
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.quantserve.com/pixel;r=523580882;labels=Author.Tom%20McKay.Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%2CPost%20Title.Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%2CPost%20Publish%20Date.2018-05-02%2CPrimary%20Tag.nefarious%20russian%20doings%20or%20something%20else%20not%20sure%2CFusion%20Media%20Group.Gizmodo.%2CGizmodo.Keywords.nefarious%20russian%20doings%20or%20something%20else%20%20not%20sure%2CGizmodo.Keywords.cybersecurity%2CGizmodo.Keywords.fancy%20bear%2CGizmodo.Keywords.hackers%2CGizmodo.Keywords.hacking%2CGizmodo.Keywords.lojack%2CGizmodo.Keywords.Gizmodo;rf=0;a=p-d4P3FpSypJrlA;url=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243;fpan=1;fpa=P0-1544788860-1525350035798;ns=0;ce=1;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=0;et=1525350035797;tzo=0;ogl=title.Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Softwa%2Ctype.article%2Cimage.https%3A%2F%2Fi%252Ekinja-img%252Ecom%2Fgawker-media%2Fimage%2Fupload%2Fs--nPBfXcbM--%2Fc_fill%252Cfl_progre%2Curl.https%3A%2F%2Fgizmodo%252Ecom%2Fresearchers-find-mysterious-russia-linked-malware-that-18257%2Cdescription.Security%20researchers%20are%20warning%20that%20malware%20with%20suspected%20links%20to%20Russian%20cy%2Clocale.en_US%2Csite_name.Gizmodo
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 18.194.196.182 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-196-182.eu-central-1.compute.amazonaws.com
Software: QS /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Server: QS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 130 KB
39 KB 7ms
7ms Script
text/javascript 52.85.184.44
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PA5FFACD2-70A6-4C92-AD68-63C1B970EF36.js
Protocol: HTTP/1.1
Server: 52.85.184.44 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-44.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dec33479134d96680a86905dcc709c93ac4fc4b0fc9c513564fad3142c85b535

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 25 Jan 2018 19:21:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Jan 2018 19:21:02 GMT
Server: AmazonS3
Age: 61159
x-amz-server-side-encryption: AES256
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
x-amz-version-id: H1io_tBMJAp58tItMkjtx1K3whxa67JI
Via: 1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript
X-Amz-Cf-Id: Z9toNLb8TgCugt833VxIYCPq3Szfj3DG1Pm649bRje0X7qtN-13brw==

GET
S 200 /
www.facebook.com/tr/ 44 B
246 B 7ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=217700348616695&ev=ViewContent&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rl=&if=false&ts=1525350035909&cd[content_ids]=%5B1825706243%5D&cd[content_name]=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&cd[scroll_position]=0&sw=1600&sh=1200&v=2.8.14&r=stable&ec=0&o=28&it=1525350035667
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 03 May 2018 12:20:35 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
200 B 7ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=852713628239858&ev=ViewContent&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rl=&if=false&ts=1525350035910&cd[content_ids]=%5B1825706243%5D&cd[content_name]=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&cd[scroll_position]=0&sw=1600&sh=1200&v=2.8.14&r=stable&ec=0&o=28&it=1525350035667
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 03 May 2018 12:20:35 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
200 B 7ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=217700348616695&ev=PageView&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rl=&if=false&ts=1525350035910&sw=1600&sh=1200&v=2.8.14&r=stable&ec=1&o=28&it=1525350035667
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 03 May 2018 12:20:35 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
200 B 7ms
7ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=852713628239858&ev=PageView&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rl=&if=false&ts=1525350035910&sw=1600&sh=1200&v=2.8.14&r=stable&ec=1&o=28&it=1525350035667
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 03 May 2018 12:20:35 GMT

GET
S 200 zepto.min.js Show response
cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/ 28 KB
10 KB 24ms
7ms Script
text/javascript 23.45.101.180
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/zepto.min.js
Requested by: Host: sdk.vmh.univision.com
URL: https://sdk.vmh.univision.com/releases/4.9.2/fmg-sdk-4.9.2.js
Protocol: SPDY
Server: 23.45.101.180 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-101-180.deploy.static.akamaitechnologies.com
Software: Akamai Resource Optimizer /
Resource Hash: 64725a04b34c42e3c3027b42afedbf010e1a0715ef00931578e7382bf62f9dd7

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
vary: Accept-Encoding
x-check-cacheable: YES
status: 200
x-akamai-ro-parent-ghost-path
content-length: 10191
x-akamai-ro-applied-on-parent: false
last-modified: Tue, 13 Mar 2018 15:32:40 GMT
server: Akamai Resource Optimizer
etag: "976256ba6b393d86fbe0e6a2574a1b88"
x-serial: 9105
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=15440291
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: N8__TPlpLgwrhQ6s7zR7730ef1uNd3E9t0RhX-9HIfvX5CB3bo36aQ==

GET
S

200

brandlift.php
www.facebook.com/
Redirect Chain

https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,PA5FFACD2-70A6-4C92-AD68-63C1B970EF36&sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&C16=sdkv,bj.6.0.0&retry=0
https://www.facebook.com/brandlift.php?sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&media_type=dcr&advertiser_id=NA

67 B
266 B

43ms
43ms

Image
image/png

185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/brandlift.php?sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&media_type=dcr&advertiser_id=NA

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* .akamaihd.net wss://.facebook.com:* https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: 59yIoNcz2jYbVs+xz2MJt4qKyWbVuXTRaro4bsnCVf2nu3G5hWsObR64IqBjXxjJKXW0fembFxVo8ZUkS4U5pA==
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 03 May 2018 12:20:36 GMT
expect-ct: max-age=10, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; preload
content-type: image/png
status: 200
cache-control: private, no-store, no-cache, must-revalidate
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Server: nginx
P3P: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Location: https://www.facebook.com/brandlift.php?sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&media_type=dcr&advertiser_id=NA
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=5
Content-Length: 44
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
S 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 64C9 53 KB
20 KB 18ms
17ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/12156/44356/192930-15.js?&cb=0.4308925063565461&tk_st=1&rf=https%3A//gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=44356_15&rp_secure=1

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

1a4f578ce2e0d6ab3f0801982171e68461d01da3279479b33c88bc66f0af4d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 4510822925170975770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 20754
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:35 GMT

GET
H/1.1 200
OK 0accffa3-ae78-4311-8aac-fdc452ed71cb
beacon-eu2.rubiconproject.com/beacon/d/ Frame 64C9 43 B
268 B 36ms
15ms Image
image/webp 62.67.193.43
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/0accffa3-ae78-4311-8aac-fdc452ed71cb?oo=0&accountId=12156&siteId=44356&zoneId=192930&e=6A1E40E384DA563B15CB183512C8A714514E5337487C785B923AE1794C4AF80D299D440B769540C33702B9BBD7385F4C76F8D2EDD558600726C14931BF63074A7534210F92FA3CC1A4DFD7A19035AAB3172CD28438FCBB6A191CFD32AAF0602AD00B169B178295C8A7198EEE50B653F06A6632A866EF66DA4538B2C3073E49B995BCEA9A1A431B34
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 62.67.193.43 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
S 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame F59F 53 KB
20 KB 20ms
18ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/12156/44356/192930-2.js?&cb=0.31727856600513826&tk_st=1&rf=https%3A//gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=44356_2&rp_secure=1

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

1a4f578ce2e0d6ab3f0801982171e68461d01da3279479b33c88bc66f0af4d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 4510822925170975770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 20754
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:36 GMT

GET
H/1.1 200
OK c96a2956-35a7-4d02-aa89-fbad088b8d27
beacon-eu2.rubiconproject.com/beacon/d/ Frame F59F 43 B
268 B 36ms
12ms Image
image/webp 62.67.193.23
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/c96a2956-35a7-4d02-aa89-fbad088b8d27?oo=0&accountId=12156&siteId=44356&zoneId=192930&e=6A1E40E384DA563B47F38FA68BA203B498DBC70FA45E223EC537FDF6F8F92233EF53A2947597F8C8E3C6EC1CC219189DFDE8485D8ECAC9C2DAF9E2B479E79B567534210F92FA3CC1A4DFD7A19035AAB3172CD28438FCBB6A33578F8284D7A9154D8C9FB167E95FB1A7198EEE50B653F06A6632A866EF66DA4538B2C3073E49B995BCEA9A1A431B34
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 62.67.193.23 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1 200
OK 12156.js Show response
ads.rubiconproject.com/ad/ Frame 8FF9 25 KB
0 11ms
6ms Script
text/javascript 23.67.129.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/12156.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js
Protocol: HTTP/1.1
Server: 23.67.129.200 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-129-200.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 4eb9974960ac8e3e9b322bc5abe88cd12d8a53b36894fd85dbfe1a4409a07ce3

Request headers

Response headers

Date: Thu, 03 May 2018 12:20:35 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=9826
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7261
Expires: Thu, 03 May 2018 15:04:21 GMT

GET
H/1.1 200
OK 192930-15.js Show response
optimized-by.rubiconproject.com/a/12156/44356/ Frame 8FF9 2 KB
1 KB 73ms
72ms Script
text/javascript 62.67.193.97
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/12156/44356/192930-15.js?&cb=0.5192977032549402&tk_st=1&rf=https%3A//gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=44356_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/12156.js
Protocol: HTTP/1.1
Server: 62.67.193.97 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c6dc1a52dcf2a031d991496f02b13ead8b813796a2d38f7c059bbe0878565939

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=71
Content-Length: 868
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180430/r20110914/activeview/ Frame 8FF9 67 KB
24 KB 6ms
6ms Script
text/javascript 172.217.21.225
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180430/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js

Protocol

SPDY

Server

172.217.21.225 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f225.1e100.net

Software

cafe /

Resource Hash

590cca84a9358dd92333ae0480b953670c2f01f6d48b39d16f76393c46cc2ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Mon, 30 Apr 2018 23:52:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217692
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 24857
x-xss-protection: 1; mode=block
server: cafe
etag: 9702542776790860170
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 14 May 2018 23:52:24 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/gawker582857354/ Frame 8FF9 256 KB
79 KB 7ms
7ms Script
application/x-javascript 2.18.235.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/gawker582857354/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_199.js
Protocol: HTTP/1.1
Server: 2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b32718bbca77362a563a1e41c3a2fd0e97e7baa4694f54e849fdacef3b6f6499

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 20 Apr 2018 16:49:45 GMT
Server: AmazonS3
x-amz-request-id: 701889A686138F11
ETag: "8f5084aaef708da47aa509e1eb6f47a6"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31286
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80530
x-amz-id-2: 8QLuW0BoOzucouYP6nBzRjl5Gxeh9wNHyia0oDu+Ct1ZRtw7OuLvcy6Q0dcYZIwyZpJXq6oWirU=

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8FF9 0
65 B 19ms
18ms Image
text/html 172.217.21.226
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDbDS_9Q9Be-1IJ9mz9kXnu1CfzTUt5442GIWrnFnIKjBoWsURf7wNdEb7morVeLV5yvhLMvaYnGCEoPdv9YvpGCmPu0y3UrTmozFPBrZc9sZVr9_-YSJHISyHIfS-vFLfBgBPgaDryXZ-h5EQ0IozTDEtUBKyRrEM4mr3mFYmiPtBzsviwEhpeJVge9yt8hFe8uj0xy4elJl33XTFDO4U_SD0vsuCE6JqaGb8gJThsGUYprxW1QJ4uKUdhA&sig=Cg0ArKJSzCS1my-SfpzrEAE&urlfix=1&adurl=

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.21.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.nl/adsid/ Frame F59F 111 B
172 B 16ms
16ms Script
application/javascript 216.58.214.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

216.58.214.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s10-in-f66.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ Frame F59F 111 B
172 B 15ms
14ms Script
application/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 ca-pub-9268440883448925.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ Frame F59F 68 B
209 B 7ms
7ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9268440883448925.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

sffe /

Resource Hash

8ba131a677ea1357ae7fdc95d6a5c67c3b02d171bb286f6c9ec6bce3cef5c211

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 03:21:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
age: 32371
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 88
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 15:21:05 GMT

GET
S 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/ Frame 267C 178 KB
66 KB 31ms
27ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

e2eba00c1a8a250aed3ab8bd9a530f81a4c7f2119c480a0c11fd1fecec0cfb40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 13666988581392535244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=1209600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 67394
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:36 GMT

GET
H/1.1 200
OK jload Show response
pixel.adsafeprotected.com/ Frame 7036 35 KB
11 KB 47ms
15ms Script
application/javascript 69.172.216.55
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=927245&campId=728x90&pubId=62611778&chanId=6500258&placementId=196859858&pubCreative=59785319978&pubOrder=229228658&cb=919039810&adsafe_par&impId=&custom=top
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 5d60fd7add334e2564033f82036855e884941df1d598938ca9a8929aa1728140

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
X-Server-Name: app53ami.ami.303net.pvt
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=utf-8
Access-Control-Allow-Origin: pixel.adsafeprotected.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: close
Server: nginx
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
DATA 200
OK truncated
/ Frame F59F 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9e531322af8c9a8ef3d35f31b5a55082c37ffe75808d2b9a508e5b0753ba8bb

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

OPTIONS
S 200 a751ba4b-6a0e-4460-b047-a677033d93c4 Show response
api.vmh.univision.com/profiles/v1/profile/ 0
394 B 132ms
104ms XHR
application/json 52.85.184.161
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vmh.univision.com/profiles/v1/profile/a751ba4b-6a0e-4460-b047-a677033d93c4
Requested by: Host: cdn4.uvnimg.com
URL: https://cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/zepto.min.js
Protocol: SPDY
Server: 52.85.184.161 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-161.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: GET
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Access-Control-Request-Headers: x-api-key

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
via: 1.1 7af5638099b4c0c5cbf2f9c79d5100fd.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-apigw-id: GTy3KGN8IAMF7cQ=
x-amzn-requestid: 623427be-4ecc-11e8-a4bc-e16028927e0d
access-control-allow-methods: GET,OPTIONS
content-type: application/json
status: 200
x-cache: Miss from cloudfront
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
content-length: 0
x-amz-cf-id: Z2zcmVgIiMNf8ks3Kq7mAppaKtaf0paBKD8S33B1DeRgjjNnMILdXQ==

OPTIONS
S 200 3512357 Show response
api.vmh.univision.com/metadata/v1/content/ 0
394 B 130ms
104ms XHR
application/json 52.85.184.161
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vmh.univision.com/metadata/v1/content/3512357
Requested by: Host: cdn4.uvnimg.com
URL: https://cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/zepto.min.js
Protocol: SPDY
Server: 52.85.184.161 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-161.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: GET
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Access-Control-Request-Headers: x-api-key

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
via: 1.1 7af5638099b4c0c5cbf2f9c79d5100fd.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-apigw-id: GTy3KHc6oAMFphQ=
x-amzn-requestid: 623400aa-4ecc-11e8-8391-898dac08f0ff
access-control-allow-methods: GET,OPTIONS
content-type: application/json
status: 200
x-cache: Miss from cloudfront
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
content-length: 0
x-amz-cf-id: NwyM4ScrXjr683Gtro3h53wxPZnJQas2Gu7SQMUPJAdOMdiXjt0bow==

GET
S 200 integrator.js Show response
adservice.google.nl/adsid/ Frame 64C9 111 B
172 B 14ms
14ms Script
application/javascript 216.58.214.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

216.58.214.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s10-in-f66.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ Frame 64C9 111 B
172 B 14ms
14ms Script
application/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 ca-pub-9268440883448925.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ Frame 64C9 68 B
145 B 6ms
6ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9268440883448925.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

sffe /

Resource Hash

8ba131a677ea1357ae7fdc95d6a5c67c3b02d171bb286f6c9ec6bce3cef5c211

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 03:21:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
age: 32371
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 88
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 15:21:05 GMT

GET
H/1.1 200
OK jload Show response
pixel.adsafeprotected.com/ Frame 3D3B 35 KB
11 KB 50ms
21ms Script
application/javascript 69.172.216.55
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1599714252&adsafe_par&impId=&custom=left_top
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 2cbb944541465c2d840e4043cf46c3ba9099c5778d4e0cc2384cdad4b5c04b25

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
X-Server-Name: app13ami.ami.303net.pvt
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=utf-8
Access-Control-Allow-Origin: pixel.adsafeprotected.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: close
Server: nginx
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
DATA 200
OK truncated
/ Frame 64C9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f704f033488cf1da8f59f2e5d0cba7713a42755b60a653771bb01b63c479a741

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
S 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 8FF9 53 KB
0 20ms
18ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/12156/44356/192930-15.js?&cb=0.5192977032549402&tk_st=1&rf=https%3A//gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=44356_15&rp_secure=1

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

1a4f578ce2e0d6ab3f0801982171e68461d01da3279479b33c88bc66f0af4d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
etag: 4510822925170975770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 20754
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:36 GMT

GET
H/1.1 200
OK 0997fdaa-1f8d-4f9f-b68b-deaa3c42ce1d
beacon-eu2.rubiconproject.com/beacon/d/ Frame 8FF9 43 B
268 B 14ms
13ms Image
image/webp 62.67.193.23
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/0997fdaa-1f8d-4f9f-b68b-deaa3c42ce1d?oo=0&accountId=12156&siteId=44356&zoneId=192930&e=6A1E40E384DA563BBDDE40FC4649886F4D91CFA1DD54DCAC46218472730C8D7E8192AB86BEC7F6D2D9CBAA4EDDC9F9D3165AE945923808B5869B2CF44523C00806C4D7F836222FDCA4DFD7A19035AAB3172CD28438FCBB6A33578F8284D7A9154D8C9FB167E95FB1A7198EEE50B653F06A6632A866EF66DA4538B2C3073E49B995BCEA9A1A431B34
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 62.67.193.23 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:35 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
S 200 integrator.js Show response
adservice.google.nl/adsid/ Frame 8FF9 111 B
172 B 17ms
16ms Script
application/javascript 216.58.214.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

216.58.214.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s10-in-f66.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8FF9 111 B
172 B 15ms
15ms Script
application/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gizmodo.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 ca-pub-9268440883448925.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ Frame 8FF9 68 B
145 B 6ms
6ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9268440883448925.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

sffe /

Resource Hash

8ba131a677ea1357ae7fdc95d6a5c67c3b02d171bb286f6c9ec6bce3cef5c211

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 03:21:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
age: 32371
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 88
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 15:21:05 GMT

GET
H/1.1 200
OK jload Show response
pixel.adsafeprotected.com/ Frame 1C44 35 KB
11 KB 70ms
22ms Script
application/javascript 69.172.216.55
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1389353239&adsafe_par&impId=&custom=left
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 3ca74ea959909ff1e64123c179f706b0b95381a900d5df6a67accfa48a0cf2f9

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
X-Server-Name: app27ami.ami.303net.pvt
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=utf-8
Access-Control-Allow-Origin: pixel.adsafeprotected.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: close
Server: nginx
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
DATA 200
OK truncated
/ Frame 8FF9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b63647851b8f81d8502ec4f56d5a28a978701bf49f5a1bdd600b7e5a2f6627c5

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

POST
H/1.1 200
OK link Show response
t.skimresources.com/api/ 22 B
526 B 130ms
29ms XHR
application/javascript 34.243.69.112
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/33330X911642.skimlinks.js

Protocol

HTTP/1.1

Server

34.243.69.112 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-243-69-112.eu-west-1.compute.amazonaws.com

Software

nginx/1.12.2 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.12.2
Access-Control-Allow-Methods: GET, POST
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
Content-Length: 22

POST
H/1.1 200
OK track.php Show response
t.skimresources.com/api/ 22 B
526 B 131ms
30ms XHR
application/javascript 34.243.69.112
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/track.php

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/33330X911642.skimlinks.js

Protocol

HTTP/1.1

Server

34.243.69.112 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-34-243-69-112.eu-west-1.compute.amazonaws.com

Software

nginx/1.12.2 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.12.2
Access-Control-Allow-Methods: GET, POST
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
Content-Length: 22

GET
H/1.1 200
OK main.17.4.98.js Show response
static.adsafeprotected.com/ Frame 7036 138 KB
44 KB 74ms
28ms Script
application/javascript 69.172.216.58
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.17.4.98.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=927245&campId=728x90&pubId=62611778&chanId=6500258&placementId=196859858&pubCreative=59785319978&pubOrder=229228658&cb=919039810&adsafe_par&impId=&custom=top
Protocol: HTTP/1.1
Server: 69.172.216.58 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 4754b404359e46575967edb70bf20206c31f60bcca6dbde087f8d3ddf2aec16e

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 14:44:36 GMT
X-Server-Name: app53ami.ami.303net.pvt
ETag: "5ae9ced4-aec5"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: close
Content-Length: 44741
Server: nginx
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK main.17.4.98.js Show response
static.adsafeprotected.com/ Frame 3D3B 138 KB
44 KB 80ms
25ms Script
application/javascript 69.172.216.58
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.17.4.98.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1599714252&adsafe_par&impId=&custom=left_top
Protocol: HTTP/1.1
Server: 69.172.216.58 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 4754b404359e46575967edb70bf20206c31f60bcca6dbde087f8d3ddf2aec16e

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 14:44:36 GMT
X-Server-Name: app11ami.ami.303net.pvt
ETag: "5ae9ced4-aec5"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: close
Content-Length: 44741
Server: nginx
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
S 200 a751ba4b-6a0e-4460-b047-a677033d93c4 Show response
api.vmh.univision.com/profiles/v1/profile/ 9 KB
10 KB 115ms
111ms XHR
application/json 52.85.184.161
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vmh.univision.com/profiles/v1/profile/a751ba4b-6a0e-4460-b047-a677033d93c4
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 52.85.184.161 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-161.fra2.r.cloudfront.net
Software: /
Resource Hash: 058a3eede0b0c2ae9a93b2bfe05d10046ed708079fd3592be9a9ddd17086a431

Request headers

Accept: application/json
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
x-api-key: IC2zAjeVOG7ycPADdjqgB4Qf9x1P6kxO9L62XmbX

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
via: 1.1 7af5638099b4c0c5cbf2f9c79d5100fd.cloudfront.net (CloudFront)
x-amzn-requestid: 624da2c9-4ecc-11e8-bcad-97c7fff4f9b3
status: 200
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5aeafe94-b6ebae68011d52491aada67f
x-amz-apigw-id: GTy3ME9QoAMFkow=
content-length: 9611
x-amz-cf-id: dxDra6hXKWJK9dVda8TYEQErI2ARdvhX6KKe7opioNSQT-XMGQvQ6A==

GET
S 200 3512357 Show response
api.vmh.univision.com/metadata/v1/content/ 3 KB
3 KB 114ms
109ms XHR
application/json 52.85.184.161
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.vmh.univision.com/metadata/v1/content/3512357
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 52.85.184.161 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-161.fra2.r.cloudfront.net
Software: /
Resource Hash: 843c8cc7edca57036d2c2cb8a22de7f064290ad4fe306a9016d9e4a12454a8ca

Request headers

Accept: application/json
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
x-api-key: IC2zAjeVOG7ycPADdjqgB4Qf9x1P6kxO9L62XmbX

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
via: 1.1 7af5638099b4c0c5cbf2f9c79d5100fd.cloudfront.net (CloudFront)
x-amzn-requestid: 624d541e-4ecc-11e8-b36c-8d1adfb69cae
status: 200
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-5aeafe94-43b6b542435179962b849481
x-amz-apigw-id: GTy3ME-LoAMFm9A=
content-length: 3173
x-amz-cf-id: mOyDharnzd1EWD3eBSN-VmRduCY-Ow_T_Yby-oxaqhBIICTEDFz0rA==

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/ Frame F59F 67 KB
25 KB 7ms
6ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

54b609b349536fea6b8ef7baa154182f9ce5d5a216b9c163d0d72b3d4f9bfd22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 02 May 2018 05:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 25193
x-xss-protection: 1; mode=block
server: cafe
etag: 8026376403173667377
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 May 2018 05:11:10 GMT

GET
S 200 fb_digioh.2.1.5.css
www.lightboxcdn.com/static/ 4 KB
1 KB 10ms
10ms Stylesheet
text/css 104.16.81.165
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/static/fb_digioh.2.1.5.css?cb=636604338547565518
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/915a8e9b-430c-47ad-9809-4249fbeacffe/user.js?cb=636604338551661878
Protocol: SPDY
Server: 104.16.81.165 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 010c5145d45e46469f50c376fd68ae284eec16ce330e843393777b3bf693a28f

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: SPXkOHRrmvkdtUVAkMsWtg==
cf-polished: origSize=5365
status: 200
last-modified: Thu, 22 Jun 2017 21:54:44 GMT
x-ms-lease-status: unlocked
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 1efc7510-701e-0044-152e-de89ad000000
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 4152aebfc9b92354-FRA
expires: Fri, 03 May 2019 12:20:36 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
121 B 8ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=217700348616695&ev=Microdata&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rl=&if=false&ts=1525350036496&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fi.kinja-img.com%2Fgawker-media%2Fimage%2Fupload%2Fs--nPBfXcbM--%2Fc_fill%2Cfl_progressive%2Cg_center%2Ch_900%2Cq_80%2Cw_1600%2Fd1c5sopl9dlsix88r9xn.jpg%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%22%2C%22og%3Adescription%22%3A%22Security%20researchers%20are%20warning%20that%20malware%20with%20suspected%20links%20to%20Russian%20cyber-espionage%20group%20and%20alleged%20Democratic%20National%20Committee%20hackers%20Fancy%20Bear%20is%20turning%20up%20in%20installations%20of%20Lojack%2C%20an%20anti-computer%20theft%20program%20used%20by%20many%20corporations%20to%20guard%20their%20assets.%5Cn%22%2C%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Asite_name%22%3A%22Gizmodo%22%7D&cd[Meta]=%7B%22title%22%3A%22Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%22%2C%22meta%3Akeywords%22%3A%22nefarious%20russian%20doings%20or%20something%20else.%20not%20sure%2C%20cybersecurity%2C%20fancy%20bear%2C%20hackers%2C%20hacking%2C%20lojack%2C%20Gizmodo%22%2C%22meta%3Adescription%22%3A%22Security%20researchers%20are%20warning%20that%20malware%20with%20suspected%20links%20to%20Russian%20cyber-espionage%20group%20and%20alleged%20Democratic%20National%20Committee%20hackers%20Fancy%20Bear%20is%20turning%20up%20in%20installations%20of%20Lojack%2C%20an%20anti-computer%20theft%20program%20used%20by%20many%20corporations%20to%20guard%20their%20assets.%5Cn%22%7D&cd[DataLayer]=%5B%5D&sw=1600&sh=1200&v=2.8.14&r=stable&ec=2&o=28&it=1525350035667&es=automatic
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 03 May 2018 12:20:36 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
98 B 8ms
6ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=852713628239858&ev=Microdata&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&rl=&if=false&ts=1525350036497&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fi.kinja-img.com%2Fgawker-media%2Fimage%2Fupload%2Fs--nPBfXcbM--%2Fc_fill%2Cfl_progressive%2Cg_center%2Ch_900%2Cq_80%2Cw_1600%2Fd1c5sopl9dlsix88r9xn.jpg%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243%22%2C%22og%3Adescription%22%3A%22Security%20researchers%20are%20warning%20that%20malware%20with%20suspected%20links%20to%20Russian%20cyber-espionage%20group%20and%20alleged%20Democratic%20National%20Committee%20hackers%20Fancy%20Bear%20is%20turning%20up%20in%20installations%20of%20Lojack%2C%20an%20anti-computer%20theft%20program%20used%20by%20many%20corporations%20to%20guard%20their%20assets.%5Cn%22%2C%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Asite_name%22%3A%22Gizmodo%22%7D&cd[Meta]=%7B%22title%22%3A%22Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack%22%2C%22meta%3Akeywords%22%3A%22nefarious%20russian%20doings%20or%20something%20else.%20not%20sure%2C%20cybersecurity%2C%20fancy%20bear%2C%20hackers%2C%20hacking%2C%20lojack%2C%20Gizmodo%22%2C%22meta%3Adescription%22%3A%22Security%20researchers%20are%20warning%20that%20malware%20with%20suspected%20links%20to%20Russian%20cyber-espionage%20group%20and%20alleged%20Democratic%20National%20Committee%20hackers%20Fancy%20Bear%20is%20turning%20up%20in%20installations%20of%20Lojack%2C%20an%20anti-computer%20theft%20program%20used%20by%20many%20corporations%20to%20guard%20their%20assets.%5Cn%22%7D&cd[DataLayer]=%5B%5D&sw=1600&sh=1200&v=2.8.14&r=stable&ec=2&o=28&it=1525350035667&es=automatic
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 03 May 2018 12:20:36 GMT

GET
H/1.1 200
OK main.17.4.98.js Show response
static.adsafeprotected.com/ Frame 1C44 138 KB
44 KB 64ms
23ms Script
application/javascript 69.172.216.58
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.17.4.98.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1389353239&adsafe_par&impId=&custom=left
Protocol: HTTP/1.1
Server: 69.172.216.58 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 4754b404359e46575967edb70bf20206c31f60bcca6dbde087f8d3ddf2aec16e

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 May 2018 14:44:36 GMT
X-Server-Name: app29ami.ami.303net.pvt
ETag: "5ae9ced4-aec5"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: close
Content-Length: 44741
Server: nginx
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
S 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/ Frame BCCE 178 KB
0 31ms
27ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

e2eba00c1a8a250aed3ab8bd9a530f81a4c7f2119c480a0c11fd1fecec0cfb40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
etag: 13666988581392535244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=1209600
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 67394
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:36 GMT

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/ Frame 64C9 67 KB
25 KB 7ms
6ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

54b609b349536fea6b8ef7baa154182f9ce5d5a216b9c163d0d72b3d4f9bfd22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 02 May 2018 05:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 25193
x-xss-protection: 1; mode=block
server: cafe
etag: 8026376403173667377
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 May 2018 05:11:10 GMT

GET
H/1.1 204
NO CONTENT impression
pixel.mtrcs.samba.tv/v2/tag/fmg/homepage/ 0
498 B 752ms
187ms Image
image/gif 52.24.60.121
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mtrcs.samba.tv/v2/tag/fmg/homepage/impression?sa_name=gizmodo.com&sa_referrer=&sa_fullurl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c=1525350035737&
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 52.24.60.121 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-24-60-121.us-west-2.compute.amazonaws.com
Software: gunicorn/19.7.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:37 GMT
Server: gunicorn/19.7.1
P3P: CP="This is not a P3P policy! See https://samba.tv/legal/privacy-policy/ for more info."
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0, no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Access-Control-Allow-Headers: Content-Type

GET
S 200 8kCcIJ5z.js Show response
content.jwplatform.com/libraries/ 82 KB
26 KB 33ms
9ms XHR
text/javascript 52.85.184.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.jwplatform.com/libraries/8kCcIJ5z.js
Requested by: Host: cdn4.uvnimg.com
URL: https://cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/zepto.min.js
Protocol: SPDY
Server: 52.85.184.125 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-184-125.fra2.r.cloudfront.net
Software: openresty /
Resource Hash: de2b41a66ddf6177a30bbd5dd18ba52a460f509238eb39b781c32c95e5ca2f46

Request headers

Accept: text/javascript, application/javascript, application/x-javascript
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:19:51 GMT
content-encoding: gzip
server: openresty
age: 45
status: 200
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=150, max-stale=180
content-length: 26674
via: 1.1 ed522e38bfbcd76f653d4691110d92a1.cloudfront.net (CloudFront)
x-amz-cf-id: y37jlkDEM737sjQLUn6ERBYgbp3obL7j1JVgCMBI4t3jc-VpvoPA5w==
expires: Thu, 03 May 2018 12:22:21 GMT

GET
H/1.1 200
OK akamaihtml5-min.js Show response
79423.analytics.edgekey.net/html5/ 123 KB
124 KB 58ms
6ms XHR
application/x-javascript 2.18.232.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://79423.analytics.edgekey.net/html5/akamaihtml5-min.js
Requested by: Host: cdn4.uvnimg.com
URL: https://cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/zepto.min.js
Protocol: HTTP/1.1
Server: 2.18.232.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 1747a1aa505b2a2a6e94f9da5ccfd73e6eba84f6d9cefdd444c2956ddcdc3f8e

Request headers

Accept: text/javascript, application/javascript, application/x-javascript
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Last-Modified: Mon, 08 May 2017 09:02:22 GMT
Server: Apache
ETag: "d7e4fa0a386bd63152865b1e37ea7994:1494234142"
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 126432
Expires: Thu, 03 May 2018 12:20:36 GMT

GET
H/1.1 200
OK url-signature-tokens Show response
auth.univision.com/api/v3/video-auth/ 558 B
906 B 44ms
19ms XHR
application/json 184.30.208.216
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.univision.com/api/v3/video-auth/url-signature-tokens?mcpids=3512357
Requested by: Host: cdn4.uvnimg.com
URL: https://cdn4.uvnimg.com/31/b3/7ece0a7c402281a167e193724fe4/zepto.min.js
Protocol: HTTP/1.1
Server: 184.30.208.216 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-30-208-216.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bf5588b8f2169f5d207ab0321af042845bb837f3841532c6f338c4f83374d91e

Request headers

Accept: application/json
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 558
X-Application-Context: application

GET
S 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/ Frame D27E 178 KB
0 31ms
27ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

e2eba00c1a8a250aed3ab8bd9a530f81a4c7f2119c480a0c11fd1fecec0cfb40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
etag: 13666988581392535244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=1209600
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 67394
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:36 GMT

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/ Frame 8FF9 67 KB
25 KB 7ms
6ms Script
text/javascript 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180430/r20180501/show_ads_impl.js

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

54b609b349536fea6b8ef7baa154182f9ce5d5a216b9c163d0d72b3d4f9bfd22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Wed, 02 May 2018 05:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 25193
x-xss-protection: 1; mode=block
server: cafe
etag: 8026376403173667377
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 16 May 2018 05:11:10 GMT

GET
H/1.1 200
OK sca.17.4.72.js Show response
static.adsafeprotected.com/ Frame 3D5C 81 KB
20 KB 71ms
30ms Script
application/javascript 69.172.216.58
Integral Ad Science

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.72.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.58 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: e8cd262a1cda289635df443ebfe41d7f551f0215fea4090d1a10c04547b3a422

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Mar 2018 20:15:42 GMT
X-Server-Name: app27ami.ami.303net.pvt
ETag: "5aa2eb6e-4fa2"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: close
Content-Length: 20386
Server: nginx
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK mon
pixel.adsafeprotected.com/ 43 B
304 B 48ms
21ms Image
image/gif 69.172.216.55
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1599714252&adsafe_par&impId=&custom=left_top&adsafe_url=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&adsafe_type=abdfq&adsafe_jsinfo=,id:b79565c1-a9bb-65a5-9c82-ce8b39911b20,c:bymzCB,sl:inView,em:true,fr:true,mn:app13ami,pt:1-5-15,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,br:u,fv:0,bv:na,dm:na,abv:na,an:n,fm:qQZfiQK+11|12|13|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a11|1a21|1a3|1b|1c|1d,idMap:15*,pl:,rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,uf:0,tt:jload,et:401,oid:62318f7d-4ecc-11e8-a5b2-002590882e9e,v:17.4.98,sp:1,ct:na,dtm:i,gtpl:0,wr:1600.1200,sr:1600.1200,mst:366,ov:0
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
X-Server-Name: app32ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK mon
pixel.adsafeprotected.com/ 43 B
304 B 53ms
20ms Image
image/gif 69.172.216.55
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=927245&campId=728x90&pubId=62611778&chanId=6500258&placementId=196859858&pubCreative=59785319978&pubOrder=229228658&cb=919039810&adsafe_par&impId=&custom=top&adsafe_url=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&adsafe_type=abdfq&adsafe_jsinfo=,id:5d8e1bb5-3861-0ff6-67de-0803c1acd921,c:bymzEw,sl:inView,em:true,fr:true,mn:app53ami,pt:1-5-15,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,br:u,fv:0,bv:na,dm:na,abv:na,an:n,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|1511|152|153|154|16|17|18|19|1a11|1a21|1a3|1b|1c|1d,idMap:14*,pl:,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,uf:0,tt:jload,et:546,oid:6223100c-4ecc-11e8-9292-48df370a3da0,v:17.4.98,sp:1,ct:na,dtm:i,gtpl:0,wr:1600.1200,sr:1600.1200,mst:511,ov:0
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
X-Server-Name: app11ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK beacon-17619.xml Show response
ma1196-r.analytics.edgekey.net/config/ 11 KB
11 KB 29ms
7ms XHR
application/xml 2.18.232.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ma1196-r.analytics.edgekey.net/config/beacon-17619.xml
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 2.18.232.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 8e537fded951c0fed7c622d60b14b2c6b5ba98c7f9d236d7719cea62e5b4587c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Last-Modified: Wed, 17 May 2017 18:40:09 GMT
Server: Apache
ETag: "8ae92b41bf44bab1371ea824572746d4:1495046409"
Content-Type: application/xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11236
Expires: Thu, 03 May 2018 12:20:36 GMT

GET
S 200 jwplayer.core.controls.html5.js Show response
ssl.p.jwpcdn.com/player/v/8.2.4/ 251 KB
63 KB 30ms
6ms Script
application/javascript 93.184.221.48
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.2.4/jwplayer.core.controls.html5.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 93.184.221.48 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8E99) /
Resource Hash: e1e8e3a816b7ef445ce53f07719e2a66954cfe98715a12ddfc455c47abe8cb91

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
last-modified: Tue, 24 Apr 2018 16:15:01 GMT
server: ECAcc (frc/8E99)
status: 200
etag: "c5c40c769459f927c7d6a3e90ca657bf+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
content-length: 64741

GET
S 200 googima.js Show response
ssl.p.jwpcdn.com/player/plugins/googima/v/8.1.15/ 44 KB
14 KB 35ms
12ms Script
text/plain 93.184.221.48
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/plugins/googima/v/8.1.15/googima.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 93.184.221.48 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F29) /
Resource Hash: 5dd88ea795cf55b6e9c6a46e3e16e20e5e63c03f2942df4fb10deff82ae3f838

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
last-modified: Tue, 24 Apr 2018 15:01:57 GMT
server: ECAcc (frc/8F29)
status: 200
etag: "d205bf8de20cf04c39a0f82c7a6fede9+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
content-length: 14036

GET
S 200 jwpsrv.js Show response
ssl.p.jwpcdn.com/player/v/8.2.4/ 32 KB
13 KB 34ms
12ms Script
text/plain 93.184.221.48
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.2.4/jwpsrv.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 93.184.221.48 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F6C) /
Resource Hash: d9e1e71c5d3b4d4e86f3bbbc88e8b7667580210d735d8489e51a8237a148f727

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
last-modified: Thu, 26 Apr 2018 16:04:09 GMT
server: ECAcc (frc/8F6C)
status: 200
etag: "a660e3826ffea2bc8a0539d97e61946a+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=900, immutable
content-length: 13006

GET
S 200 related.js Show response
ssl.p.jwpcdn.com/player/plugins/related/v/6.2.3/ 85 KB
21 KB 35ms
13ms Script
text/plain 93.184.221.48
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/plugins/related/v/6.2.3/related.js
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 93.184.221.48 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FC0) /
Resource Hash: d619c7373fea82ee9749d87feffecbad665c4594f31152a75889ff25a9662f7d

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:36 GMT
content-encoding: gzip
last-modified: Mon, 02 Apr 2018 18:44:41 GMT
server: ECAcc (frc/8FC0)
status: 200
etag: "0d7230f1c0df6449cd49e94d0f5f8cef+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
content-length: 20899

GET
H/1.1 200
OK beacon-17619.xml Show response
ma1196-r.analytics.edgekey.net/config/ 11 KB
11 KB 27ms
5ms XHR
application/xml 2.18.232.190
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ma1196-r.analytics.edgekey.net/config/beacon-17619.xml
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 2.18.232.190 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 8e537fded951c0fed7c622d60b14b2c6b5ba98c7f9d236d7719cea62e5b4587c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
Last-Modified: Wed, 17 May 2017 18:40:09 GMT
Server: Apache
ETag: "8ae92b41bf44bab1371ea824572746d4:1495046409"
Content-Type: application/xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11236
Expires: Thu, 03 May 2018 12:20:36 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 39ms
12ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymzFN,pingTime:0,time:597,type:pf,rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,slTimes:{i:597,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:399,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[218~100],as:[218~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qQZfiQK+11|12|13|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a11|1a21|1a3|1b|1c|1d,idMap:15*}&br=u
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
X-Server-Name: dt17ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 40ms
13ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=5d8e1bb5-3861-0ff6-67de-0803c1acd921&tv={c:bymzG4,pingTime:0,time:641,type:pf,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:642,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:544,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[119~100],as:[119~728.90]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|15.927245|1511|152|153|154|16|17|18|19|1a11|1a21|1a3|1b|1c|1d,idMap:14*}&br=u
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:36 GMT
X-Server-Name: dt45ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 52ms
17ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymzGY,pingTime:-2,time:670,type:a,sca:{dfp:{df:4,sz:300.254,dom:body}},env:{sf:0,pom:1},rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,slTimes:{i:671,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:399,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[292~100],as:[292~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qQZfiQj+11|12|13|14.927245|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a11|1a21|1a3|1b|1c|1d,idMap:15*,slid:[google_ads_iframe_/4246/gm.gizmodo/permalink_2,google_ads_iframe_/4246/gm.gizmodo/permalink_2__container__,dfp-ad-3],sinceFw:269,readyFired:true}&br=u
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt39ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 44ms
15ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=5d8e1bb5-3861-0ff6-67de-0803c1acd921&tv={c:bymzHe,pingTime:-2,time:713,type:a,sca:{dfp:{df:4,sz:728.94,dom:body}},env:{sf:0,pom:1},rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:713,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:544,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[190~100],as:[190~728.90]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|15.927245|1511|152|153|154|16|17|18|19|1a11|1a21|1a3|1b|1c|1d,idMap:14*,slid:[google_ads_iframe_/4246/gm.gizmodo/permalink_1,google_ads_iframe_/4246/gm.gizmodo/permalink_1__container__,dfp-ad-2,ad-970x90-container],sinceFw:166,readyFired:true}&br=u
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt64ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK mon
pixel.adsafeprotected.com/ 43 B
304 B 41ms
14ms Image
image/gif 69.172.216.55
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=927245&campId=300x250&pubId=62611778&chanId=6500258&placementId=196867298&pubCreative=59785335698&pubOrder=229228658&cb=1389353239&adsafe_par&impId=&custom=left&adsafe_url=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&adsafe_type=abdfq&adsafe_jsinfo=,id:e1f1e112-c8f2-e4c2-e76c-4f77ac1a80e4,c:bymzHN,sl:outOfView,em:true,fr:true,mn:app27ami,pt:1-5-15,wc:0.0.1600.1200,ac:173.1139.300.250,am:i,cc:173.1139.300.250,piv:24,obst:0,th:0,reas:l,cmps:1,br:u,fv:0,bv:na,dm:na,abv:na,an:n,dvs:visible,fm:qQZfiTy+11|12|13|1411|1412|1413|1414|1415|1416|142|143|144|1511|152|153|154|155|16|17|18|19|1a*.927245|1a11|1a12|1a13|1a14|1a15|1a2111|1a3|1a4|1b|1c|1d,idMap:1a*,pl:,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,uf:0,tt:jload,et:548,oid:623d4ee7-4ecc-11e8-bc08-382c4ac63055,v:17.4.98,sp:1,ct:na,dtm:i,gtpl:0,wr:1600.1200,sr:1600.1200,mst:522,ov:0
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: app54ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
S 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 229 KB
78 KB 64ms
41ms Script
text/javascript 216.58.207.74
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

216.58.207.74 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s25-in-f10.1e100.net

Software

sffe /

Resource Hash

1b7e4a2045aa57f3491b7c62e1a1f36c63635dc7fc235a108ad13935db4eea2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 79990
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:37 GMT

GET
S 200 sH+f7AApEeaD9QY3v_uBow.json Show response
entitlements.jwplayer.com/ 20 B
210 B 28ms
8ms XHR
application/json 93.184.221.189
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://entitlements.jwplayer.com/sH+f7AApEeaD9QY3v_uBow.json
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: SPDY
Server: 93.184.221.189 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F71) /
Resource Hash: 28fed41dac64047024297e339d968eba283835098b5649c3eaa29ee3153424bd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com

Response headers

date: Thu, 03 May 2018 12:20:37 GMT
content-encoding: gzip
last-modified: Thu, 03 May 2018 09:46:04 GMT
server: ECAcc (frc/8F71)
status: 200
vary: Accept-Encoding
x-cache: HIT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=1800, s-maxage=14640
accept-ranges: bytes
content-length: 46

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 42ms
13ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=e1f1e112-c8f2-e4c2-e76c-4f77ac1a80e4&tv={c:bymzIy,pingTime:-2,time:594,type:a,sca:{dfp:{df:4,sz:300.254,dom:body}},env:{sf:0,pom:1},rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:0,o:594,n:0,pp:0,pm:0},slEvents:[{sl:o,t:547,wc:0.0.1600.1200,ac:173.1139.300.250,am:i,cc:173.1139.300.250,piv:24,obst:0,th:0,reas:l,cmps:1,bkn:{piv:[68~1],as:[68~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qQZfiTy+11|12|13|1411|1412|1413|1414|1415|1416|142|143|144|1511|152|153|154|155|16|17|18|19|1a*.927245|1a11|1a12|1a13|1a14|1a15|1a2111|1a3|1a4|1b|1c|1d,idMap:1a*,slid:[google_ads_iframe_/4246/gm.gizmodo/permalink_6,google_ads_iframe_/4246/gm.gizmodo/permalink_6__container__,ad-container-98196235,js_leftrailmodule--preloadedad],sinceFw:45,readyFired:true}&br=u
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt13ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
S 200 32474D977F844203AB7B933BC94D6B79
vmscdn-download.storage.googleapis.com/iupl/324/74D/ 418 KB
419 KB 238ms
214ms Image
image/jpeg 172.217.21.240
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vmscdn-download.storage.googleapis.com/iupl/324/74D/32474D977F844203AB7B933BC94D6B79
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol: SPDY
Server: 172.217.21.240 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s13-in-f16.1e100.net
Software: UploadServer /
Resource Hash: 7b4edb824a2e70b9146b32833769d53ebaf86cfdb4d305c8b91b6efe71ae3ac5

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:37 GMT
x-guploader-uploadid: AEnB2UrqsUItTl9Z-AsliWZ9Rs4VSlQDNK6XmiRxU_NKvME26n9NLXWQALhE1T75mn_llF0eNQ7KsLphzEpBfTYpNnmjHdD7lA
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 428245
last-modified: Tue, 01 May 2018 20:33:31 GMT
server: UploadServer
etag: "3bde6d91f14d733a56475b712691fd9a"
x-goog-hash: crc32c=ao1EdQ==, md5=O95tkfFNczpWR1txJpH9mg==
x-goog-generation: 1525206811340924
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Range, Accept
cache-control: private
x-goog-stored-content-length: 428245
accept-ranges: bytes
content-type: image/jpeg
expires: Fri, 03 May 2019 12:20:37 GMT

GET
S 200 icon-play-big.svg
x.kinja-static.com/assets/images/icons/video-player-skin/ 297 B
589 B 6ms
6ms Image
image/svg+xml 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.kinja-static.com/assets/images/icons/video-player-skin/icon-play-big.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

90ce543ea42d3c8bc777160f8442bcd9b0aed1da822fb2611856dd2d73aad4a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://x.kinja-static.com/assets/stylesheets/blog-dc8716d0cfff7b8bbe68f4cc453c3a25.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106
x-cache: HIT
status: 200
content-length: 239
x-amz-id-2: RViUKKKUTw/ySZm/T77Isduxw57djlPX9kGloWPUHmJ3bAEwq8VUSaCmSmG9E9QzaloUyNi+IOQ=
x-served-by: cache-hhn1521-HHN
access-control-allow-origin: *
last-modified: Thu, 26 Apr 2018 11:47:01 GMT
server: AmazonS3
x-timer: S1525350037.160230,VS0,VE0
etag: "7ad0c8ae88b54d4947c246c12175d910"
vary: Accept-Encoding
x-amz-request-id: 8C1C18F4B3581F24
via: 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: image/svg+xml; charset=utf-8
x-cache-hits: 7

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j67&a=101597222&t=event&ni=1&_s=1&dl=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&ul=en-us&de=UTF-...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=949655478&_gid=1095497776.1525350034&gjid=2141631661&_v=j67&z=787086670

35 B
113 B

16ms
16ms

Image
image/gif

64.233.166.156
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=949655478&_gid=1095497776.1525350034&gjid=2141631661&_v=j67&z=787086670

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

64.233.166.156 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

wm-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 03 May 2018 12:20:37 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:37 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-142218-33&cid=1601658218.1525350034&jid=949655478&_gid=1095497776.1525350034&gjid=2141631661&_v=j67&z=787086670
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 417
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 client.js Show response
s0.2mdn.net/instream/video/ 26 KB
11 KB 50ms
17ms Script
text/javascript 172.217.19.198
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

SPDY

Server

172.217.19.198 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

ams16s31-in-f6.1e100.net

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date: Thu, 03 May 2018 12:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 10523
x-xss-protection: 1; mode=block
expires: Thu, 03 May 2018 12:20:37 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 40ms
12ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymzMU,pingTime:-10,time:1038,type:s,mvn:ZnNjPTExLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.72v220002022020220000022002222000022220202020222200222220002222022002222200002220222022222222222000220200000002220222220222222222222202222222222222222222222222222222222222200000022022020020000002002202022022022222222000000000022222202022022222000000020000000000000000000220002220000022200222202220022200200222022202220222222220020222202000220000222202222202222000002002002222222222220022202200022002222222202,sd:MTcuNC43MnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNC43MnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8OHx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgSGVhZGxlc3NDaHJvbWUvNjUuMC4zMzI1LjE4MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1525350037363||ec2b31d27cda9780454727957e8e292d||5eb8f0bcc36a277f46591dee92b31a95||4e6e23269b8e7fcb21564f35b63648e2||2f75c4dbc6303b10134b5d978e8dad63||4dc23231eade157574a594e0488f7133||3e865dc8f0d7910ba9410cbbd574b43b||f76520932c79b18f7ac1c5b537e852f0||1520626246}
Requested by: Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt04ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 64C9 42 B
110 B 15ms
14ms Image
image/gif 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsst0faOqH5tl6QoomWlark-WgK2GQnQchuquLaFgDIZeYLJXMZJHTyjRnaJ7jzc8-Boqqk-k-oSvGB7CR1NZ0yqyWy1KNL24wE&sig=Cg0ArKJSzO5FQsKKL-viEAE&id=osdim&ti=1&adk=2312491748&tt=1705&bs=1585,1200&mtos=1136,1136,1136,1136,1136&tos=1136,0,0,0,0&p=272,173,522,473&mcvt=1136&rs=3&ht=0&tfs=568&tls=1704&mc=1&lte=1&bas=0&bac=0&avms=geo&bos=1600,1200&ps=1585,5903&ss=1600,1200&pt=-1&deb=1-0-4-5-5--1-19-3&tvt=1139&op=1&r=v&uc=7&tgt=INS&cl=1&cec=13&clc=1&cac=0&cd=300x250&v=r20180430

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F59F 42 B
110 B 15ms
15ms Image
image/gif 172.217.16.162
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss14ljRLX_kryfaI_ks0b8AU2Ng0ysJpjnAqxrkA8LvaNXh30V9hevPu2g8VtmM__HKP_KNjacVzeXExjcbfPXX9Z8mMjesWTk&sig=Cg0ArKJSzKrVTxJ1V8QZEAE&id=osdim&ti=1&adk=1917253980&tt=1960&bs=1585,1200&mtos=1079,1079,1079,1079,1079&tos=1079,0,0,0,0&p=130,429,220,1157&mcvt=1079&rs=3&ht=0&tfs=880&tls=1959&mc=1&lte=1&bas=0&bac=0&avms=geo&bos=1600,1200&ps=1585,5903&ss=1600,1200&pt=-1&deb=1-0-4-6-6--1-22-4&tvt=1394&op=1&r=v&uc=4&tgt=INS&cl=1&cec=13&clc=1&cac=0&cd=728x90&v=r20180430

Requested by

Host: gizmodo.com
URL: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243

Protocol

SPDY

Server

172.217.16.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s11-in-f162.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 May 2018 12:20:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK optout_check Show response
beacon.krxd.net/ 60 B
313 B 112ms
27ms Script
text/javascript 54.195.243.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.gawker.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.dc955599a3976b2e658d60927793d9ea
Protocol: HTTP/1.1
Server: 54.195.243.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-195-243-213.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d8ccd3f7a4cc55d46a51c67993a47ff6b8a97bdad8243490cf9c1093b1918be9

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:37 GMT
Cache-Control: private, max-age=0, s-max-age=0
X-Request-Time: D=74 t=1525350037
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 60
X-Served-By: beacon-n011-dub.krxd.net

GET
H/1.1 200
OK get Show response
cdn.krxd.net/userdata/ 298 B
760 B 6ms
5ms Script
text/javascript 151.101.12.175
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=f957ee1a-d222-492b-b86e-4b6eba139638&technographics=1&callback=Krux.ns.gawker.kxjsonp_userdata
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.dc955599a3976b2e658d60927793d9ea
Protocol: HTTP/1.1
Server: 151.101.12.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: f0e46a8ab58c2f8479588d2ec54adbb9c26cf4545de2c330bbb742593f4d44d5

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

X-CDN-Backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_krxd_net___UserData_Service_V2
Date: Thu, 03 May 2018 12:20:37 GMT
Content-Encoding: gzip
Age: 38
X-Cache: MISS, HIT
X-Request-Backend: kuser_data
Connection: keep-alive
X-Age: 0
Content-Length: 237
X-Served-By: userdata-a016.krxd.net, cache-fra19132-FRA
X-Timer: S1525350038.844143,VS0,VE0
Vary: Accept-Encoding
Content-Type: text/javascript
Via: 1.1 varnish
Cache-Control: private, max-age=3600
Accept-Ranges: bytes
X-Cache-Hits: 0, 1

GET
H/1.1 204
No Content ping.gif
jwpltx.com/v1/jwplayer6/ 0
109 B 414ms
102ms Image
text/plain 52.0.142.205
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jwpltx.com/v1/jwplayer6/ping.gif?h=762878162&e=e&tv=2.23.7&n=6161267679022409&aid=sH%2Bf7AApEeaD9QY3v_uBow&ed=3&pv=8.2.4&sdk=0&emi=143vlj1o4d38&ph=1&pid=8kCcIJ5z&pgi=8isgw2ousyom&stc=1&prc=1&pli=1boe7ur1uvxw&c=1&tvs=0&fv=&plt=3700&st=250&plc=1&pd=2&vp=1&ab=1&po=0&s=1&r=0&sn=%5Bobject%20Object%5D&cb=0&ga=0&dd=0&pbc=0&pdr=&d=2&lng=en-US&pp=html5&mk=mp4&ps=4&sp=0&wd=598&pl=336&vb=0&vi=0&at=1&i=0&vl=90&mt=1&ccp=0&eb=0&pbr=1&pbd=1&mu=https%3A%2F%2Fgmgvideo-univision.akamaized.net%2Fmedia%2F1607%2F18%2F05%2F01%2F3512357%2F180501_3512357_Watch_This__Sister_Margaret_s_School_for_Way_1525206943_800.mp4%3FUNIVOD%3Dexp%3D1525354993~hmac%3Db62e207730f2664367dbb812a044dc22fd5c753804c2ec4d0a7831b2139e1fe1&cp=0&pyc=0&pii=0&pss=1&t=Watch%20This%3A%20Sister%20Margaret%27s%20School%20for%20Wayward%20Girls%20Brings%20Deadpool%20%26%20Drinks%20to%20NYC&pu=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&pt=Researchers%20Find%20Mysterious%20Russia-Linked%20Malware%20That%20Hijacks%20Anti-Theft%20Software%20Lojack&lsa=fail&abc=0&sa=1525350037899
Protocol: HTTP/1.1
Server: 52.0.142.205 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-0-142-205.compute-1.amazonaws.com
Software: nginx/1.8.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 03 May 2018 12:20:38 GMT
Server: nginx/1.8.0

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 39ms
11ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymzVY,pingTime:1,time:1600,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,slTimes:{i:1600,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:399,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1222~100],as:[1222~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:42,fm:qQZfiQj+11|12|13|14.927245|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:15*}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt05ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 39ms
12ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymzVZ,pingTime:1,time:1601,type:c,clog:[{piv:100,vs:i,r:,w:300,h:250,t:399}],rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,slTimes:{i:1601,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:399,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1222~100],as:[1222~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:42,fm:qQZfiQj+11|12|13|14.927245|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:15*,metricId:publ1}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt34ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 42ms
14ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymzVZ,pingTime:1,time:1601,type:c,clog:[{piv:100,vs:i,r:,w:300,h:250,t:399}],rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,slTimes:{i:1601,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:399,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1222~100],as:[1222~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:42,fm:qQZfiQj+11|12|13|14.927245|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:15*,metricId:grpm1}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
X-Server-Name: dt06ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1

204
No Content

data.gif
beacon.krxd.net/
Redirect Chain

https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e
https://d.agkn.com/pixel/5500/?age=&gender=&st=&sk=&pd=&cbr=&mip=&dm=&py=&l0=https://beacon.krxd.net/data.gif?_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e&_kua_seg=000&_kua_zip=&_kua_age=&_kua_gende...
https://beacon.krxd.net/data.gif?_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e&_kua_seg=000&_kua_zip=&_kua_age=&_kua_gender=&_k_adadvisor_key=

0
453 B

27ms
27ms

Image
text/plain

54.195.243.213
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/data.gif?_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e&_kua_seg=000&_kua_zip=&_kua_age=&_kua_gender=&_k_adadvisor_key=
Protocol: HTTP/1.1
Server: 54.195.243.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-195-243-213.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:38 GMT
Cache-Control: private, no-cache, no-store
X-Request-Time: D=35 t=1525350038
Connection: keep-alive
P3P: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
X-Served-By: beacon-n029-dub.krxd.net

Redirect headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:37 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://beacon.krxd.net/data.gif?_kdpid=2111c0af-fc3a-446f-ab07-63aa74fbde8e&_kua_seg=000&_kua_zip=&_kua_age=&_kua_gender=&_k_adadvisor_key=
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 43ms
14ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=5d8e1bb5-3861-0ff6-67de-0803c1acd921&tv={c:bymzWN,pingTime:1,time:1678,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:1678,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:544,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1156~100],as:[1156~728.90]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:82,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|15.927245|1511|152|153|154|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:14*}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:38 GMT
X-Server-Name: dt63ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 51ms
18ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=5d8e1bb5-3861-0ff6-67de-0803c1acd921&tv={c:bymzWO,pingTime:1,time:1679,type:c,clog:[{piv:100,vs:i,r:,w:728,h:90,t:544}],rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:1679,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:544,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1156~100],as:[1156~728.90]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:82,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|15.927245|1511|152|153|154|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:14*,metricId:publ1}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:38 GMT
X-Server-Name: dt20ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 47ms
15ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=5d8e1bb5-3861-0ff6-67de-0803c1acd921&tv={c:bymzWO,pingTime:1,time:1679,type:c,clog:[{piv:100,vs:i,r:,w:728,h:90,t:544}],rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:1679,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:544,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1156~100],as:[1156~728.90]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:82,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|15.927245|1511|152|153|154|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:14*,metricId:grpm1}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:38 GMT
X-Server-Name: dt08ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK gn
secure-dcr.imrworldwide.com/cgi-bin/ 44 B
402 B 46ms
45ms Image
image/gif 138.108.96.100
ACNIELSEN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-dcr.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=us-803450&ch=us-803450_b03_gizmodo.com_S&asn=gizmodo.com&sessionId=5BTfQcSl7jrzoFol7kOMLCCwxtXoX1525350035&prv=1&c6=vc,b03&ca=NA&c13=asid,PA5FFACD2-70A6-4C92-AD68-63C1B970EF36&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,GMG&sup=0&segment2=&segment1=&forward=1&plugv=&playerv=&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,999&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,15253500359866760&c30=bldv,6.0.0.30&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&devtypid=&pc=NA&c53=fef,n&c54=oad,&c55=cref3,&c57=adldf,2&ai=http%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c3=st,c&c64=starttm,1525350037&adid=http%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c58=isLive,false&c59=sesid,&c61=createtm,1525350038&c63=pipMode,&uoo=&c68=bndlid,&nodeTM=&logTM=&c73=phtype,&c74=dvcnm,&c76=adbsnid,&df=0&c44=progen,&davty=0&si=https%3A%2F%2Fgizmodo.com%2Fresearchers-find-mysterious-russia-linked-malware-that-1825706243&c66=mediaurl,&c62=sendTime,1525350038&rnd=710400
Protocol: HTTP/1.1
Server: 138.108.96.100 Schaumburg, United States, ASN16477 (ACNIELSEN-AS - ACNIELSEN, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:38 GMT
Server: nginx
P3P: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=5
Content-Length: 44
Expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H2 200 beacon Show response
gizmodo.com/stats/ 2 B
278 B 98ms
98ms XHR
text/plain 151.101.66.166
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://gizmodo.com/stats/beacon?pageType=permalink

Requested by

Host: x.kinja-static.com
URL: https://x.kinja-static.com/assets/packaged-js/vendor.e4496b3d82f13b6e54e8.en-US.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.166 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /stats/beacon?pageType=permalink
pragma: no-cache
cookie: geocc=DE; kinja_iframe_clientid=631378565.1525350034; pageDepth=1; AMP_TOKEN=%24NOT_FOUND; _ga=GA1.2.1601658218.1525350034; _gid=GA1.2.1095497776.1525350034; _gat_unique=1; _gat=1; cX_S=jgqi0z5p8a5k1hdc; cX_P=jgqi0z5qyj8w6359; DigiTrust.v1.identity=eyJpZCI6IlVlUTRhRDd4SDRVUXJqNW1XTSsveWVsaU5UVjFuVWFxYk9FQ1orT0hrZTdYLzNzUXNwZTQrRUtUWTVSVUFHYUtxTU9WSDFOSVNTZWIzdno3OVFpc3dDeWFkMk0zblRWNHZMTkNqaGc2a2d1OVNscHhSNE9jL3pOTjF5cXFvZkVMNTRVelpyM3ZHY3o5cFlWNzlaaCs2eEx2VzBEdHlWZE9CN1EycWtMZS9aRHNQWEJNdGpRcXVHdEFSVUtCZEovSFFyVE8rM1MvRXN4Umd0MVhBYmFnMndVSWRQbVhTSG1EandOVldOWU5lbnJia3pPZXQ5UzQyK09QMzV0KzRvQ1FRS3c3VTBoUWNWTmNRL01MSVIzR2dQUy93aTc3RU9yV3gwdUVuQzM0UXJFS2RQOUdOb0ZmUTF1SUNVY0lkSTRHMjNMY3o5aHMvb1pZbTViZlFPdFhMUT09IiwidmVyc2lvbiI6MiwicHJvZHVjZXIiOiIxQ3JzZFVOQW82IiwicHJpdmFjeSI6eyJvcHRvdXQiOmZhbHNlfSwia2V5diI6NH0%3D; __adblocker=false; __k_iut=1525350034890; KinjaToken=dummy-37127b2e-e2d7-475c-bbd7-f9d05522ff0a; __gads=ID=bb9302cf7daa7b25:T=1525350034:S=ALNI_MYTC2YEaLMTkb6zHiPd-G8qfsAhQA; _cb_ls=1; _cb=CCqneuwkHVCBZCCyy; _chartbeat2=.1525350035620.1525350035620.1.rLhlsBYVuvZ4MxLhDnUGkaBaMR9m.1; _cb_svref=null; __qca=P0-1544788860-1525350035798; kxgawker_visits=1; _gat_mcp3512357=1; kxgawker_whistle=1
origin: https://gizmodo.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: gizmodo.com
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
content-length: 662
:method: POST
Accept: */*
Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
Origin: https://gizmodo.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 May 2018 12:20:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-kinja-build: 2929
x-kinja-revision: 22a6af722fda9cc912e993f08b10607303b0b0f4
x-cache: MISS, MISS, MISS
status: 200
x-kinja: kinja-mantle-kube03-54120415-pjfp6 #2929
x-cdn-fetch: mantle-default
content-length: 22
x-xss-protection: 1; mode=block
x-served-by: cache-jfk8135-JFK, cache-hhn1521-HHN
x-timer: S1525350038.121923,VS0,VE91
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
via: 1.1 varnish 1.1 varnish
cache-control: stale-if-error=86400, stale-while-revalidate=300
x-geo-segment: B
set-cookie: geocc=DE;path=/;
accept-ranges: bytes bytes bytes
x-kinja-server: kinja-mantle-kube03-54120415-pjfp6
x-cache-hits: 0, 0

GET
H/1.1 204
No Content pixel.gif
beacon.krxd.net/ 0
453 B 44ms
43ms Image
text/plain 54.195.243.213
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/pixel.gif?source=smarttag&fired=user_data_timeout&confid=JO5Gdwmv&_kpid=f957ee1a-d222-492b-b86e-4b6eba139638&_kcp_s=Gizmodo&_kcp_d=gizmodo.com&_knifr=15&_kua_kx_tz=0&_kua_kx_lang=en-us&_kua_kx_tech_browser_language=en-us&_kua_visitor_date_of_month=3&_kua_visitor_day_of_week=Thursday&_kua_visitor_time_of_day=Afternoon&_kua_kx_whistle=1&_kpa_Gzmd_authors=Tom%20McKay&_kpa_Gzmd_sections=gizmodo.com%2Cprivacy-and-security%2Cprivacy%20and%20security%2Cnefarious%20russian%20doings%20or%20something%20else%20not%20sure%2Ccybersecurity%2Cfancy%20bear%2Chackers%2Chacking%2Clojack&_kpa_authors=Tom%20McKay&_kpa_sections=gizmodo.com%2Cprivacy-and-security%2Cprivacy%20and%20security%2Cnefarious%20russian%20doings%20or%20something%20else%20not%20sure%2Ccybersecurity%2Cfancy%20bear%2Chackers%2Chacking%2Clojack&_kpa_postId=1825706243&t_navigation_type=0&t_dns=1&t_tcp=18&t_http_request=-1&t_http_response=18&t_content_ready=699&t_window_load=4359&t_redirect=0&interchange_ran=false&userdata_was_requested=true&userdata_did_respond=false&sview=1&kplt0=21242&kplt1=21213&kplt2=21219&kplt3=21225&kplt4=21226&kplt5=21231&kplt6=21235&kplt7=21236&kplt9=21239&kplt10=21214&kplt11=21247&kplt12=21248&kplt13=21251&kplt14=21252&kplt15=21253&kplt16=21254&kplt17=21255&kplt18=21256&kplt19=21257&kplt20=21258&jsonp_requests=https%3A%2F%2Fbeacon.krxd.net%2Foptout_check%2C144%2Chttps%3A%2F%2Fcdn.krxd.net%2Fuserdata%2Fget%2C98
Protocol: HTTP/1.1
Server: 54.195.243.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-195-243-213.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:38 GMT
Cache-Control: private, no-cache, no-store
X-Request-Time: D=55 t=1525350038
Connection: keep-alive
P3P: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
X-Served-By: beacon-n022-dub.krxd.net

GET
H/1.1 200
OK optout_check Show response
beacon.krxd.net/ 79 B
332 B 28ms
27ms Script
text/javascript 54.195.243.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.gawker.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.dc955599a3976b2e658d60927793d9ea
Protocol: HTTP/1.1
Server: 54.195.243.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-195-243-213.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 95b40192db1764a37f2babdaaadf0d581ea4684cb10671984075c28b69d0e89c

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date: Thu, 03 May 2018 12:20:38 GMT
Cache-Control: private, max-age=0, s-max-age=0
X-Request-Time: D=51 t=1525350038
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 79
X-Served-By: beacon-n001-dub.krxd.net

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 47ms
15ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=b79565c1-a9bb-65a5-9c82-ce8b39911b20&tv={c:bymAYt,pingTime:5,time:5599,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:1,ha:1,fif:1,gm:1,slTimes:{i:5599,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:399,wc:0.0.1600.1200,ac:173.272.300.250,am:i,cc:173.272.300.250,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[5220~100],as:[5220~300.250]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:58,fm:qQZfiQj+11|12|13|14.927245|1411|1412|142|143|144|15*.927245|1511|152|153|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:15*}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:41 GMT
X-Server-Name: dt50ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
303 B 43ms
14ms Image
image/gif 69.172.216.111
Integral Ad Science

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=927245&asId=5d8e1bb5-3861-0ff6-67de-0803c1acd921&tv={c:bymAYL,pingTime:5,time:5644,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,fif:1,gm:1,slTimes:{i:5644,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:544,wc:0.0.1600.1200,ac:429.130.728.90,am:i,cc:429.130.728.90,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[5121~100],as:[5121~728.90]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:58,fm:qQZfiQj+11|12|13|14*.927245|1411|1412|142|143|144|15.927245|1511|152|153|154|16|17|18|19|1a.927245|1a11|1a21|1a3|1b|1c|1d,idMap:14*}&br=u
Protocol: HTTP/1.1
Server: 69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://gizmodo.com/researchers-find-mysterious-russia-linked-malware-that-1825706243
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 May 2018 12:20:41 GMT
X-Server-Name: dt58ami.ami.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 43
Server: nginx

Verdicts & Comments Add Verdict or Comment

206 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

61 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.amazon-adsystem.com/	1970-01-18 21:32:25	Name: ad-id Value: A6TS7GoQhU-jgNy8thHONMQ
.doubleclick.net/	1970-01-19 01:04:06	Name: IDE Value: AHWqTUlkpnB8fAwHFRM2oqk5G5QDW2gnxAotunQrKOyJlGBMUtfb9p4Szsp8l_00
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_2650 Value: 519b6a7b-7865-4f48-86ea-308df152a93b
.rubiconproject.com/	1970-01-18 16:25:42	Name: rpb Value: 45562%3D1%266286%3D1%2671772%3D1%2614321%3D1%267751%3D1%26191940%3D1%2631950%3D1%2613490%3D1%267430%3D1%26377322%3D1%2682080%3D1%2613464%3D1%266327%3D1%267935%3D1%264212%3D1%264210%3D1%264222%3D1%26144054%3D1%26123034%3D1%268981%3D1%2617039%3D1
.rubiconproject.com/	1970-01-18 17:08:54	Name: put_2313 Value: R1B342_A40E3730_264B5499
.amazon-adsystem.com/	1970-01-18 21:32:25	Name: ad-privacy Value: 0
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_3664 Value: 728f6d6b-1d21-4e6b-90c1-bb6a06169afb
.rubiconproject.com/	1970-01-18 17:08:54	Name: put_4032 Value: 62a2cd28-4ecc-11e8-968f-b737000003ef
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_2931 Value: 5aeafe9461aa0b0051b3fbd0
.rubiconproject.com/	1970-01-18 20:01:42	Name: put_2590 Value: l8hGUJ5aT9zUYWm2DlnNQuVk
eus.rubiconproject.com/	1970-01-18 17:52:06	Name: pux Value: 1185%3D73068%261512%3D73068%262132%3D73068%262135%3D73068%262146%3D73068%262238%3D73068%262249%3D73068%262271%3D73068%262307%3D73068%262313%3D73068%262590%3D73068%262596%3D73068%262650%3D73068%262676%3D73068%262861%3D73068%262931%3D73068%262974%3D73068%263320%3D73068%263632%3D73068%263664%3D73068%263734%3D73068%263778%3D73068%263956%3D73068%264032%3D73068%264604%3D73068%264968%3D73068%26goog%3D73068%26brx%3D73068%26w55c%3D73068%26a9s-eu%3D73068%262313-uk%3D73068%26bk%3D73068%26
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_3320 Value: 8fa72bc59744f52283a26f384b00e79e
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_3734 Value: f1cdb6c03d979339def0549e927cab55
gizmodo.com/	1970-01-19 00:28:06	Name: __k_iut Value: 1525350034890
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_2271 Value: wuFC96DXxOL8umZuy2xg0mBQFS8
.rubiconproject.com/	1970-01-18 15:43:56	Name: put_3956 Value: 01e7200503dcf397ee182813
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_2135 Value: 8090268056427362107
.rubiconproject.com/	1970-01-18 17:08:54	Name: put_1185 Value: 3056054099082959676
.imrworldwide.com/	1970-01-19 01:04:06	Name: IMRID Value: cb315f92-99db-430c-a2ac-c86e9ef6937c
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_3778 Value: Wur_lAAAAKDDZhMJ
.rubiconproject.com/	1970-01-19 00:20:54	Name: put_2238 Value: c7b8386e-7bc1-4f28-88c2-70b35ac6c798
.rubiconproject.com/	1970-01-19 00:28:06	Name: put_2132 Value: B780FD9F94FEEA5A1C79AA5C02085C11
.rubiconproject.com/	1970-01-18 15:43:33	Name: vis2 Value: 44356^1&45528^1
kinja.com/	1970-01-18 16:07:01	Name: ka Value: 17e474ba-913b-4023-a6a7-790bffe9c31f\|f0db5f18-f3c9-4fe1-b998-6939e09025c2\|1525350035091
gizmodo.com/	1969-12-31 23:59:59	Name: geocc Value: DE
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: DsuWSiL5uMdJFeznfENNwaZbP5mY0DNvptDUA3ThqHQWXoehOHP+SZpge+E4msdf09hVox97znOndo9CI7JZG6Ff4d0sIziYatvp7cGCTdxcI41h6Fm7AG84xiB5qwusRZLjOdNpCash5CPesUbWyoL7
kinja.com/	1970-01-18 15:52:34	Name: KinjaSession Value: 5dcbd7d7-c0c3-463a-939f-ef25b587abf8
gizmodo.com/	1970-01-18 16:25:42	Name: __adblocker Value: false
.gizmodo.com/	1970-01-18 15:42:30	Name: _gat_mcp3512357 Value: 1
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_4968 Value: 6226292450896072012
gizmodo.com/	1970-01-18 15:43:12	Name: kxgawker_visits Value: 1
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_1523 Value: LpXak1oX1FeddW5
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_2249 Value: CAESEI-sr8Ydx2wWVZUzutzlFqg
.rubiconproject.com/	1970-01-19 00:28:06	Name: khaos Value: JGQI0Z80-1C-HD4Z
.gizmodo.com/	1970-01-19 01:06:58	Name: __qca Value: P0-1544788860-1525350035798
gizmodo.com/	1970-01-19 01:11:18	Name: _cb Value: CCqneuwkHVCBZCCyy
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_2596 Value: 1041527787044012175
kinja.com/	1970-01-19 17:59:18	Name: _gasc Value: 631378565.1525350034
gizmodo.com/	1970-01-18 15:42:31	Name: _cb_svref Value: null
gizmodo.com/	1970-01-19 01:11:18	Name: _chartbeat2 Value: .1525350035620.1525350035620.1.rLhlsBYVuvZ4MxLhDnUGkaBaMR9m.1
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_2974 Value: 7165042744013979369
gizmodo.com/	1970-01-19 01:11:18	Name: _cb_ls Value: 1
gizmodo.com/	1970-01-18 15:42:33	Name: KinjaToken Value: dummy-37127b2e-e2d7-475c-bbd7-f9d05522ff0a
gizmodo.com/	1970-01-19 00:28:06	Name: kinja_iframe_clientid Value: 631378565.1525350034
.gizmodo.com/	1970-01-18 15:42:30	Name: _gat_unique Value: 1
.gizmodo.com/	1970-01-19 09:13:42	Name: _ga Value: GA1.2.1601658218.1525350034
.gizmodo.com/	1969-12-31 23:59:59	Name: cX_S Value: jgqi0z5p8a5k1hdc
.gizmodo.com/	1970-01-19 09:13:42	Name: __gads Value: ID=bb9302cf7daa7b25:T=1525350034:S=ALNI_MYTC2YEaLMTkb6zHiPd-G8qfsAhQA
gizmodo.com/	1969-12-31 23:59:59	Name: pageDepth Value: 1
.gizmodo.com/	1970-01-19 00:28:06	Name: cX_P Value: jgqi0z5qyj8w6359
.rubiconproject.com/	1970-01-18 15:43:33	Name: ses15 Value: 44356^2
.gizmodo.com/	1970-01-18 15:42:30	Name: _gat Value: 1
.gizmodo.com/	1970-01-18 15:43:56	Name: _gid Value: GA1.2.1095497776.1525350034
.rubiconproject.com/	1970-01-18 16:25:42	Name: put_2307 Value: c0a7293b-02c3-4e7e-a9a7-3b3e4119dc03
kinja.com/	1969-12-31 23:59:59	Name: geocc Value: DE
.digitru.st/	1970-01-20 11:30:30	Name: DigiTrust.v1.identity Value: eyJpZCI6ImgwVDdOSGxaa3Q0PSIsInZlcnNpb24iOjIsInByb2R1Y2VyIjoiMUNyc2RVTkFvNiIsInByaXZhY3kiOnsib3B0b3V0IjpmYWxzZX19
.gizmodo.com/	1970-01-18 15:42:33	Name: AMP_TOKEN Value: %24NOT_FOUND
.rubiconproject.com/	1970-01-18 15:43:33	Name: vis15 Value: 44356^2&45528^2
.rubiconproject.com/	1970-01-18 15:43:33	Name: ses2 Value: 44356^1
.rubiconproject.com/	1970-01-18 16:24:15	Name: put_1512 Value: c54c5aea-edbe-4800-86fe-29d356270af9
gizmodo.com/	1970-01-18 15:52:34	Name: DigiTrust.v1.identity Value: eyJpZCI6IlVlUTRhRDd4SDRVUXJqNW1XTSsveWVsaU5UVjFuVWFxYk9FQ1orT0hrZTdYLzNzUXNwZTQrRUtUWTVSVUFHYUtxTU9WSDFOSVNTZWIzdno3OVFpc3dDeWFkMk0zblRWNHZMTkNqaGc2a2d1OVNscHhSNE9jL3pOTjF5cXFvZkVMNTRVelpyM3ZHY3o5cFlWNzlaaCs2eEx2VzBEdHlWZE9CN1EycWtMZS9aRHNQWEJNdGpRcXVHdEFSVUtCZEovSFFyVE8rM1MvRXN4Umd0MVhBYmFnMndVSWRQbVhTSG1EandOVldOWU5lbnJia3pPZXQ5UzQyK09QMzV0KzRvQ1FRS3c3VTBoUWNWTmNRL01MSVIzR2dQUy93aTc3RU9yV3gwdUVuQzM0UXJFS2RQOUdOb0ZmUTF1SUNVY0lkSTRHMjNMY3o5aHMvb1pZbTViZlFPdFhMUT09IiwidmVyc2lvbiI6MiwicHJvZHVjZXIiOiIxQ3JzZFVOQW82IiwicHJpdmFjeSI6eyJvcHRvdXQiOmZhbHNlfSwia2V5diI6NH0%3D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 11) Message: Cannot read property 'jwplayer.mediaIds' of null
console-api	error	URL: https://x.kinja-static.com/assets/packaged-js/outstreamVideo.92f8756e184815d6a670.en-US.js(Line 1) Message: TypeError: Cannot read property 'removeItem' of null
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.4.72.js(Line 32) Message: a: 0.001953125ms

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

79423.analytics.edgekey.net
aa.agkn.com
aax.amazon-adsystem.com
ads.rubiconproject.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.nl
ampcid.google.com
ampcid.google.nl
api.vmh.univision.com
as-sec.casalemedia.com
auth.univision.com
beacon-eu2.rubiconproject.com
beacon.krxd.net
bidder.criteo.com
c.amazon-adsystem.com
cdn-gl.imrworldwide.com
cdn.digitru.st
cdn.krxd.net
cdn.tinypass.com
cdn4.uvnimg.com
connect.facebook.net
content.jwplatform.com
d.agkn.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
entitlements.jwplayer.com
f.kinja-static.com
fastlane.rubiconproject.com
gizmodo.com
i.kinja-img.com
imasdk.googleapis.com
insight.adsrvr.org
js-sec.indexww.com
jwpltx.com
kinja-debug.firebaseio.com
kinja.com
ma1196-r.analytics.edgekey.net
optimized-by.rubiconproject.com
p.skimresources.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.adsafeprotected.com
pixel.mtrcs.samba.tv
pixel.quantserve.com
pubads.g.doubleclick.net
r.skimresources.com
rules.quantcount.com
s.skimresources.com
s0.2mdn.net
sb.scorecardresearch.com
scdn.cxense.com
scomcluster.cxense.com
sdk.vmh.univision.com
secure-dcr.imrworldwide.com
secure-us.imrworldwide.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssl.p.jwpcdn.com
static.adsafeprotected.com
static.chartbeat.com
static.criteo.net
stats.g.doubleclick.net
sync.crwdcntrl.net
t.skimresources.com
tag.mtrcs.samba.tv
tpc.googlesyndication.com
vmscdn-download.storage.googleapis.com
www.facebook.com
www.google-analytics.com
www.googletagservices.com
www.lightboxcdn.com
www.npttech.com
x.kinja-static.com
x.skimresources.com
z.moatads.com
104.16.81.165
104.18.36.50
104.20.30.2
138.108.96.100
151.101.12.175
151.101.14.202
151.101.2.166
151.101.66.166
152.195.39.114
159.180.84.2
172.217.16.162
172.217.19.198
172.217.21.225
172.217.21.226
172.217.21.238
172.217.21.240
178.250.0.93
178.250.2.74
178.63.12.208
18.194.196.182
184.30.208.216
185.60.216.19
185.60.216.35
2.18.232.190
2.18.234.21
2.18.235.40
2.19.43.224
216.58.205.226
216.58.207.74
216.58.207.78
216.58.210.2
216.58.214.66
23.23.98.214
23.45.101.180
23.45.97.170
23.67.129.200
34.243.136.23
34.243.69.112
34.251.108.175
35.190.59.101
35.190.91.160
35.201.97.85
52.0.142.205
52.17.218.118
52.24.60.121
52.35.221.76
52.42.26.208
52.85.184.125
52.85.184.161
52.85.184.168
52.85.184.44
52.85.184.87
52.85.188.213
52.94.220.16
54.154.150.25
54.192.93.164
54.195.243.213
62.67.193.23
62.67.193.43
62.67.193.96
62.67.193.97
64.233.166.156
69.172.216.111
69.172.216.55
69.172.216.58
93.184.221.189
93.184.221.48
010c5145d45e46469f50c376fd68ae284eec16ce330e843393777b3bf693a28f
04af3b4bf8d5af9c4ebe03527fddd65b0f220ef57d8c7127c4889a8aeca7b272
058a3eede0b0c2ae9a93b2bfe05d10046ed708079fd3592be9a9ddd17086a431
0861d7a2e9f06a8784342fd8404af85276a5a27e5ea2204fcdbe82d34b8b4de9
0e6b730b87b12c0bf36b9beba586ea302a4a9e340eccf3b49e0dfad56a09ffc4
107c92665d84078f1286590e8cc60e47b5d9d4f2ec449ba18784b829cab75b2f
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
112560223d7dcf6f78bd1f4f1271590233b6cd02adf7a10f896b0f628c2c4d24
130bcc62f8c58f6434cc348cf7a0104c80823a1b870fc6f59a31deaad6aca2e6
14a29c8a39b8e8ee92bdd41ce8b80c0dc34a5dc946b6f6045fb9128f6a7f7d44
16c2799990f1d867201ad55da0e52075c3d5222e14e3f69a8e8f41ff5ce04ff3
1747a1aa505b2a2a6e94f9da5ccfd73e6eba84f6d9cefdd444c2956ddcdc3f8e
1804940bab9497accd774bf71ed5777ac803859c10efc54e312c4457fc616427
182dbe17e9b8a4666a3625fee302aded0186d7fd74d0d209c7e871ffd328b734
1a427c31646c4dbcda43c5760eb5a224f5e695209d2bb6b1fb40229d6e5e1063
1a4f578ce2e0d6ab3f0801982171e68461d01da3279479b33c88bc66f0af4d3b
1ae2ca701026f4fc905db08c94f7e9573df49093fa3ae79373cbff8da7ed332d
1b7e4a2045aa57f3491b7c62e1a1f36c63635dc7fc235a108ad13935db4eea2f
1df0e961246be26c718a4b5b17541f871d57f5e63c1b678437085be74a5b97d5
1e48875514a2aa296d2fdec16b5e1d28b5e4bf712aaec073a5b23eb71e6a749c
1e933dcfbb485b7725ef0f4ef7afe15790c4c253ccec763b7d24d1c3ea0f6b0d
207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
232cde8a0ff9f0ef42abd34e2b1be0dbda6bf7ca42282640daa0b19e14498af8
23a1a8123c5cfb9df1063c6cfbab2b7bb80fe645d6e7158baacbea022a81e2a0
265c337e1a13b89b08ae5ee0680cac8eabc35b527620290bfda821a637b7b1a3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28fed41dac64047024297e339d968eba283835098b5649c3eaa29ee3153424bd
2cbb944541465c2d840e4043cf46c3ba9099c5778d4e0cc2384cdad4b5c04b25
314123e9e521ace37b07848dbbc203cd1ca929d479a92cde0873278187bce7eb
3447a2bf760509a1118868e2eeda668f002a58b1cddceb4ad168931cbce1afb2
3ca74ea959909ff1e64123c179f706b0b95381a900d5df6a67accfa48a0cf2f9
3d26b8433950bf918452f3913de7e092c5ce0d586d3f0903aad5e4e33dbdab0f
4103c3b3d78444cb54a95bcd57c3fe9fc13fc74ad36e5c4efb6d8bf1f9f10a60
416eefc3d00286cfd0507a0b74f2df7dc72ef991086589f4954f98fb85d4d0d3
4292e800b06fe7ac8834deb6ff0c8ddd3f085d5af7284415d610129d2e687bd9
4676fd3e4273d2220d475192245c9ab809548010a8fe20050602c075b6366f97
4754b404359e46575967edb70bf20206c31f60bcca6dbde087f8d3ddf2aec16e
4a83a01168532c89649defc18e18bbdf7ceb6f064f8a662c1ef181599bfe6510
4b3ba19fae3d133581e461ec6c9fe23e05600441dac4655b81764674cd835e23
4dc5765cdda9b83636c0fbdbdff1eeeeb758f9e9d1e9d9f5a536cf6e5aa04a8a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb9974960ac8e3e9b322bc5abe88cd12d8a53b36894fd85dbfe1a4409a07ce3
5135d16d46efb61f5ef80af7e7936147829e3c072f31e136994ef1c3ad7c83c7
51543c91f6accc07457fcca25dd9f8aa01fa880ec5aeb9437196fb2e22058368
52f2b63985941bcba9eeb31b04f56544427edfcdcf214917ef5c4a0c8beb422b
530c0cbe1a14badeb99f1d9e8291f2653ed91c3c8a9484492287b70ecd64d048
54b609b349536fea6b8ef7baa154182f9ce5d5a216b9c163d0d72b3d4f9bfd22
561eea94af69ca1de178e65f7deafae123667fee54c670027520c062011d5f18
5886a95c444335d8a71176a4a1cd7bf728f6435d8a72f8ae2df11326d49b3d87
590cca84a9358dd92333ae0480b953670c2f01f6d48b39d16f76393c46cc2ec7
5d60fd7add334e2564033f82036855e884941df1d598938ca9a8929aa1728140
5dd88ea795cf55b6e9c6a46e3e16e20e5e63c03f2942df4fb10deff82ae3f838
5e0623b057ba1f3f6d51959f1cc3d71029410f7f336bbf758cc66d6c750bd896
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
63125723c148b0c5391dea8c827d96958a6706a542f8b45822904aaefe10c4ad
64725a04b34c42e3c3027b42afedbf010e1a0715ef00931578e7382bf62f9dd7
6544118464d2655bd9a3345e619da3fad53260eebdd7888935224724168e8fd5
6c7ec38fee48a402eacf71e8ff2b697efd0a0bd7b28733319524652d3117ae7c
6f6b695c5d0f84b35c8b950bf2f34a78278515f529411bf2c892cf21bc274035
6fd6abee896c1d2a13662d19177e6368792f3620353e3e506f55a7b333fb6533
704c9e7931d42613089daf636a4cd78d3bcc4da9e00995420230952f6e9b7c55
74b74cdd9ec83585c24c4dc73db7d33982c921b97d6c0149d2dfc25c8feb9e2a
76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313
7acf21b540496ea46ec75f904b39a021ad87f50d0c9515a5b3c64b7fbb8077cc
7b4edb824a2e70b9146b32833769d53ebaf86cfdb4d305c8b91b6efe71ae3ac5
7c639cc4f24a0df0f018db012ad4f880d2de1655378b8162e40ea58865917a58
7da0d47ec4a08e78f859c3837e1d5a0af9bde3d2317ac493ea722ef2a196dd23
7ff2991ce3c656bf5437dcbfd78ffdbdf4f063006cd1bd8b6e5055bff9e2f7d3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843c8cc7edca57036d2c2cb8a22de7f064290ad4fe306a9016d9e4a12454a8ca
85e94f159c66113652b89039b3365e44228249d38d2d093fe2ea4ccfb9472078
884af3fb9ea552014393188335b501ca59c0d6725675f95aaf9385d81e929df6
8ba131a677ea1357ae7fdc95d6a5c67c3b02d171bb286f6c9ec6bce3cef5c211
8cbf6fa3f6a6a1b8c4c30849825008bbf95f00aca5c60b0cbef45be8bc39c3e1
8cf6890eb16013193126b58ac573f7b9c675508ff2cd53c6a3d1aa753e060797
8e537fded951c0fed7c622d60b14b2c6b5ba98c7f9d236d7719cea62e5b4587c
8e8d2c867ae480b6b318900eb4168d5645f635420bdb1626976c9c0af71c45eb
8f795a26867fcc0dd28ce215ffb5c49535c2f2533acfbeb07e03a411857d1ddb
8fe5f0c4bdaf3e031a6172679193e88d3a24c7deb6e3c7e2b2a477061cc1ad81
90ce543ea42d3c8bc777160f8442bcd9b0aed1da822fb2611856dd2d73aad4a8
95795ea05af8928c198def58ac639b80e13bb2e325a679a95ac2926ea0eb7656
95b40192db1764a37f2babdaaadf0d581ea4684cb10671984075c28b69d0e89c
97c36bd8da51b8644fd0c36f77a5979c8211c06c5d46c3fbf321685881077c5c
99486805226925c8956af4060209f84d8069fae36333d280a88afa276aecdd97
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab7511d243469359febdc3499a03d7b0fe9581a12d91500e5004df733606689e
ae215634dee30253f898f44875073c228d5dea98642bacd1eb8ab7ccebc788c4
af7183fec14923383bb3c432e2083510ca23d64aaaf5d3c50d945eec911dea38
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b32718bbca77362a563a1e41c3a2fd0e97e7baa4694f54e849fdacef3b6f6499
b397e6d5b20e9a6431f5691dd9d8d66001e252368caac4caf18efeefd76d7edc
b3c2aef5343355008f8882b3a69cfa1dbab6d2e9b00d5e16a810900f75153c54
b63647851b8f81d8502ec4f56d5a28a978701bf49f5a1bdd600b7e5a2f6627c5
b84fbdaa24c6fc96d2b3cb8489f2c5d2f131b893e5860b2cba22a387bcdb5df7
bae27189f8371a17b79698c82b1d35eb96ced1af4e0c8ae36b8d9441efb889e0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bca0e61e2076e2531246928ca1e45c890a570bdfb368b5b5ff3c9346e6bc655a
bf5588b8f2169f5d207ab0321af042845bb837f3841532c6f338c4f83374d91e
c6dc1a52dcf2a031d991496f02b13ead8b813796a2d38f7c059bbe0878565939
c9e531322af8c9a8ef3d35f31b5a55082c37ffe75808d2b9a508e5b0753ba8bb
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cdaba277f11909a02e5dbb8f1aa7b25b25aa84c08efe590b9c75c47fe486f097
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0eeea18cb319687f74c371438c83c67e56dba1db8ccaf41f95bcba224f707e2
d401d5ca2f84b9a754872b30e086821079e4fa7ff213edd879feae3a2258d1d3
d52f6446f7a356e62e7bc76704d2fac0a47c55cc91f48d793ee330dc74f4d00f
d619c7373fea82ee9749d87feffecbad665c4594f31152a75889ff25a9662f7d
d692204126b84ccf7be9b0a53dbdd32a9d0bf3aff79104887e02bd4cfe706581
d8ccd3f7a4cc55d46a51c67993a47ff6b8a97bdad8243490cf9c1093b1918be9
d9833f0fe3d0a740d7b4fdaa0dc88d3d8ea8d7a441ce33a7277138b7fb937d11
d9e1e71c5d3b4d4e86f3bbbc88e8b7667580210d735d8489e51a8237a148f727
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de2b41a66ddf6177a30bbd5dd18ba52a460f509238eb39b781c32c95e5ca2f46
deb92c913d71236b2858e4300db9d6a4621990eb5b37df700b9fc2748e17be66
dec33479134d96680a86905dcc709c93ac4fc4b0fc9c513564fad3142c85b535
e1e8e3a816b7ef445ce53f07719e2a66954cfe98715a12ddfc455c47abe8cb91
e2eba00c1a8a250aed3ab8bd9a530f81a4c7f2119c480a0c11fd1fecec0cfb40
e31cacae2b24f5b5d7bcd4ccd5f0923c4ffd0ec2fdc987885edeb9f84af38d50
e33c0facf89bd90c417fed4585b062ed7e610a28d86af2dfb162144eb1d2aab8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46d646758de6d62995f13cbdc02a831fa2fa9f0fa4dea4674521af3da0472d4
e8cd262a1cda289635df443ebfe41d7f551f0215fea4090d1a10c04547b3a422
e8e552d60ca0a74a6ce32b0d348cbfc53395b87691b40573f471995d9757bad2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2630c68d2ed4f230266b32c54b5105a9ae3dda403738ad9d1fc37e0d618faf
ef81fb97a5ff95150b2039163c4bbd23aa8ea08b669366155dcd874332de70f0
f0e46a8ab58c2f8479588d2ec54adbb9c26cf4545de2c330bbb742593f4d44d5
f1b3f799d2f851a41e5d0a5f35b4c383423b5b280b9a4e89ec1646c16cb00a64
f4714639ca6d3e61851b2500c1adc152888679acb0b9790df65b2bbb77e657b5
f6fcf56d5a42a87621a5cde9f4698aeb4e8d4977080d6e421bb8b8ba2fd36ddf
f704f033488cf1da8f59f2e5d0cba7713a42755b60a653771bb01b63c479a741
f7dc7b7608ac36f5d12f8485eccd58a0842a160a6b069b4c7e2ffbe4ebe2beb4
fb61ef4e8e317d45d066955df45aa70d261e10e67807ad989ef6c78119a5cd9b
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fead37b33cdac55ae8e587a156d6d15727baceeb214a66efcd366a5d8c1e7b98

gizmodo.com Open in urlscan Pro 151.101.66.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

207 Requests

3 %HTTPS

0 %IPv6

48 Domains

76 Subdomains

63 IPs

7 Countries

3829 kBTransfer

10818 kBSize

61 Cookies

43 Outgoing links

Page URL History

Redirected requests

207 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

gizmodo.com Open in urlscan Pro
151.101.66.166 Public Scan

Screenshot
Live screenshot

Full Image

207
Requests

3 %
HTTPS

0 %
IPv6

48
Domains

76
Subdomains

63
IPs

7
Countries

3829 kB
Transfer

10818 kB
Size

61
Cookies

207 HTTP transactions
5 data transactions