www.darkreading.com Open in urlscan Pro
2606:4700::6812:6e2f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-ac...
Submission: On April 03 via api (April 3rd 2024, 2:11:19 am UTC) from TR — Scanned from DE

Summary HTTP 229 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 40 IPs in 5 countries across 26 domains to perform 229 HTTP transactions. The main IP is 2606:4700::6812:6e2f, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.darkreading.com. The Cisco Umbrella rank of the primary domain is 140533.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 9th 2024. Valid for: 10 months.

This is the only time www.darkreading.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
86	2606:4700::68... 2606:4700::6812:6e2f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
10	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
4	18.245.86.108 18.245.86.108	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:264... 2600:9000:2646:600:18:1fcd:353:c61	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:27b5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	108.138.26.31 108.138.26.31	16509 (AMAZON-02) (AMAZON-02)
1	18.214.208.237 18.214.208.237	14618 (AMAZON-AES) (AMAZON-AES)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.103 13.32.99.103	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
19	69.192.161.152 69.192.161.152	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:6b2f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.193.44.27 18.193.44.27	16509 (AMAZON-02) (AMAZON-02)
1	52.72.222.255 52.72.222.255	14618 (AMAZON-AES) (AMAZON-AES)
2	2a05:d018:94a... 2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1	16509 (AMAZON-02) (AMAZON-02)
2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	132.226.214.62 132.226.214.62	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	54.204.151.223 54.204.151.223	14618 (AMAZON-AES) (AMAZON-AES)
2	172.64.150.107 172.64.150.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	18.66.112.43 18.66.112.43	16509 (AMAZON-02) (AMAZON-02)
9	54.173.102.53 54.173.102.53	14618 (AMAZON-AES) (AMAZON-AES)
1	2602:816:5001... 2602:816:5001::39	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2	185.221.87.23 185.221.87.23	54113 (FASTLY) (FASTLY)
229	40

86 2606:4700::6812:6e2f (United States)

ASN13335 (CLOUDFLARENET, US)

www.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

eu-images.contentstack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www3.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

marketingplatform.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.245.86.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-108.fra60.r.cloudfront.net

static.iris.informa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2646:600:18:1fcd:353:c61 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:27b5 (United States)

ASN13335 (CLOUDFLARENET, US)

6600d6d98e534115970f9529a45f3195.js.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.ae	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.26.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-31.fra56.r.cloudfront.net

assets.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.214.208.237 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-208-237.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-103.fra60.r.cloudfront.net

cdn.treasuredata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 69.192.161.152 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-161-152.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:6b2f (United States)

ASN13335 (CLOUDFLARENET, US)

c.darkreading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.44.27 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-44-27.eu-central-1.compute.amazonaws.com

eu01.in.treasuredata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.222.255 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-222-255.compute-1.amazonaws.com

ads.celtra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

cognito-identity.eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.226.214.62 (Slough, United Kingdom)

ASN31898 (ORACLE-BMC-31898, US)

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.204.151.223 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-204-151-223.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.150.107 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

api.iiris.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 18.66.112.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-43.fra56.r.cloudfront.net

cache-ssl.celtra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.173.102.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-102-53.compute-1.amazonaws.com

track.celtra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.87.23 (Ireland)

ASN54113 (FASTLY, US)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
87	darkreading.com www.darkreading.com — Cisco Umbrella Rank: 140533 c.darkreading.com — Cisco Umbrella Rank: 301698	1 MB
30	celtra.com ads.celtra.com — Cisco Umbrella Rank: 3819 cache-ssl.celtra.com — Cisco Umbrella Rank: 4560 track.celtra.com — Cisco Umbrella Rank: 4426	751 KB
20	moatads.com z.moatads.com — Cisco Umbrella Rank: 707 mb.moatads.com — Cisco Umbrella Rank: 807 px.moatads.com — Cisco Umbrella Rank: 618	345 KB
19	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 212 www3.doubleclick.net — Cisco Umbrella Rank: 15506 stats.g.doubleclick.net — Cisco Umbrella Rank: 91	223 KB
16	googlesyndication.com 832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 162 pagead2.googlesyndication.com — Cisco Umbrella Rank: 107	414 KB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 318	289 KB
8	contentstack.com eu-images.contentstack.com — Cisco Umbrella Rank: 43476	167 KB
4	informa.com static.iris.informa.com — Cisco Umbrella Rank: 54298	1 MB
3	ml314.com ml314.com — Cisco Umbrella Rank: 1890 in.ml314.com — Cisco Umbrella Rank: 10908	12 KB
3	treasuredata.com cdn.treasuredata.com — Cisco Umbrella Rank: 13632 eu01.in.treasuredata.com — Cisco Umbrella Rank: 24087	20 KB
3	google.com marketingplatform.google.com — Cisco Umbrella Rank: 13673 analytics.google.com — Cisco Umbrella Rank: 148 www.google.com — Cisco Umbrella Rank: 2 Failed	257 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	275 KB
2	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 9725	983 B
2	iiris.com api.iiris.com — Cisco Umbrella Rank: 151369	2 KB
2	amazonaws.com cognito-identity.eu-west-1.amazonaws.com — Cisco Umbrella Rank: 8603	2 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 712 script.hotjar.com — Cisco Umbrella Rank: 959	61 KB
2	ubembed.com 6600d6d98e534115970f9529a45f3195.js.ubembed.com — Cisco Umbrella Rank: 312102 assets.ubembed.com — Cisco Umbrella Rank: 13058	49 KB
2	gstatic.com fonts.gstatic.com	63 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 636	32 KB
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1388	201 B
1	google.ae www.google.ae — Cisco Umbrella Rank: 35011	408 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1661	15 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 564	295 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 813	7 KB
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 182	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
229	26

	Domain	Requested by
85	www.darkreading.com	www.darkreading.com
20	cache-ssl.celtra.com	ads.celtra.com www.darkreading.com
17	securepubads.g.doubleclick.net	www.darkreading.com pagead2.googlesyndication.com
16	px.moatads.com	www.darkreading.com
10	cdn.cookielaw.org	www.darkreading.com cdn.cookielaw.org
9	track.celtra.com	www.darkreading.com
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com www.darkreading.com
8	eu-images.contentstack.com	www.darkreading.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.darkreading.com
4	static.iris.informa.com	www.darkreading.com
3	z.moatads.com	securepubads.g.doubleclick.net
3	www.googletagmanager.com	www.darkreading.com
2	bam.eu01.nr-data.net	www.darkreading.com
2	api.iiris.com	www.darkreading.com
2	ml314.com	z.moatads.com ml314.com
2	cognito-identity.eu-west-1.amazonaws.com	www.darkreading.com
2	eu01.in.treasuredata.com	www.darkreading.com
2	c.darkreading.com	static.iris.informa.com
2	fonts.gstatic.com	fonts.googleapis.com
1	js-agent.newrelic.com	www.darkreading.com
1	in.ml314.com	ml314.com
1	mb.moatads.com	z.moatads.com
1	ads.celtra.com	www.darkreading.com
1	www.google.com	securepubads.g.doubleclick.net www.darkreading.com
1	832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com	www.darkreading.com
1	cdn.treasuredata.com	www.darkreading.com
1	script.hotjar.com	www.darkreading.com
1	ping.chartbeat.net	www.darkreading.com
1	assets.ubembed.com	www.darkreading.com
1	www.google.ae	www.darkreading.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	static.hotjar.com	www.darkreading.com
1	6600d6d98e534115970f9529a45f3195.js.ubembed.com	www.darkreading.com
1	static.chartbeat.com	www.darkreading.com
1	marketingplatform.google.com	www.darkreading.com
1	www3.doubleclick.net	1 redirects
1	geolocation.onetrust.com	www.darkreading.com
1	static.cloudflareinsights.com	www.darkreading.com
1	connect.facebook.net	www.darkreading.com
1	fonts.googleapis.com	www.darkreading.com
229	41

This site contains links to these domains. Also see Links.

Domain
www.informa.com
dr-resources.darkreading.com
twitter.com
www.linkedin.com
www.facebook.com
www.youtube.com
news.google.com
www.twitter.com
www.reddit.com
www.trendmicro.com
www.blackhat.com
ve.informaengage.com
darkreading.tradepub.com
www.informationweek.com
info.wrightsmedia.com
www.informatech.com
www.onetrust.com

Subject Issuer	Validity	Valid
darkreading.com Cloudflare Inc ECC CA-3	`2024-03-09` - `2024-12-31`	10 months	crt.sh
*.contentstack.com Gandi Standard SSL CA 2	`2023-07-03` - `2024-08-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-11` - `2024-04-10`	3 months	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
static.iris.informa.com Amazon RSA 2048 M01	`2023-07-04` - `2024-08-01`	a year	crt.sh
*.chartbeat.com Thawte TLS RSA CA G1	`2023-05-16` - `2024-06-06`	a year	crt.sh
*.js.ubembed.com E1	`2024-02-14` - `2024-05-14`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.ae GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
assets.ubembed.com Amazon RSA 2048 M03	`2023-12-06` - `2025-01-03`	a year	crt.sh
*.chartbeat.net Thawte TLS RSA CA G1	`2023-11-20` - `2024-12-20`	a year	crt.sh
*.treasuredata.com Amazon RSA 2048 M01	`2023-07-19` - `2024-08-16`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-25` - `2024-10-24`	a year	crt.sh
*.in.treasuredata.com Amazon RSA 2048 M02	`2023-05-25` - `2024-06-22`	a year	crt.sh
celtra.com Amazon RSA 2048 M03	`2023-12-10` - `2025-01-07`	a year	crt.sh
cognito-identity.eu-west-1.amazonaws.com Amazon RSA 2048 M02	`2023-05-08` - `2024-06-05`	a year	crt.sh
event-horizon.gcp.bomm.in GTS CA 1D4	`2024-02-28` - `2024-05-28`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-06-20` - `2024-07-20`	a year	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2023-10-16` - `2024-11-12`	a year	crt.sh
iiris.com GTS CA 1P5	`2024-03-02` - `2024-05-31`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-21` - `2025-04-22`	a year	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2023-11-03` - `2024-10-01`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Frame ID: 10F61BF558E9DF5C21774FF1BEF51499
Requests: 175 HTTP requests in this frame

Frame: https://832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 38E6943CEC6FBA52D0D5938AC0A7BB75
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: E6E9CCABE32347DE731882EA7BF000A9
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstLJ0E0ghoJd9MRx7yZ8dDiIokXPc2o1OlNlgt7QoYU6yDVZzhw4faLK-P1duLrHekVc7ITgFbuy_rAhd0ucTYvKICKBhSBK3ei6m6j04BEa7MIqOyh4-ifAcZ1C4xWrZnq1nUOzlp0HsKKmzwLTrI4j829I_jfY364WQxDlXk-DTh6sys9ePFGNm_nHHOt0sgcfxbAm2JQlbLb32ZKVf-Rmb1ufT2hN8T-rcvSqjnXA2-NZ3QCf7-zTrDGv9vtmsNklaPiLuKD7MHDsxRKGqLNOvkaW8dzxoyn6pyWyoynwxUAnalSo7HqWlg2XR39VhzDYnDzsnOEacd283s5bObLKvv1GzfALNf5UmtsKQo2izdpiLXsbbCQ1RYIYGtnsHsRfpThNUiZr7VxNpDYKmcr&sai=AMfl-YSruu6pUH05OHxv_4Rua19sOojPVwwZf-2ygxMw7vosPHv5J6fOfPLJamIumI_lz51ITJtKhoqIb8MxU-H12xoBSLJxuRDVg1sRgQK8KG35Bimozid1YryCpqz3jg&sig=Cg0ArKJSzN5nZGlLLytZEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 9927388E7810C3FFBCC4D1476A6B3D3A
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqtD17VI7Rte-H6f5gEd7kp--0gYdg8BNGFLdLDIqccAhqzSHXEEWWYHgi3BlbziqYWxWiKsLEU2zBwkeLGLIai7Is0V0h9S03ZslObiqugDort28_tcCj8S9K1qF7yd_mL8PYv3A4jffvs6FDYHL_6TlA4F7OQuP8SviHnu0C1woO0eLOocAelLb6QZZn6HrR0989tfxQwRTFE0LXLeIyRC5NLwtUOmbJmvglB3Z07wWoJ8nuPu6M5ccJwAWWtZdYgElcrn8eJFRApuhKvVyFm0Yff3VG2oFu8t48w9EV-K90if96tqRDfRqmMtvzyOGkQKuTFwUcDXHv0L4agdcZMn5cYFCLDoaU0e-TxrVEKiRgzBZ1dZ0uziEj6xuVpn1vctCGqRHs5wq6FBnWAVkL&sai=AMfl-YS34zrfsVokkYUol5g5_fVBjvhXd-CgYqH8t1Q8wUqDiPVklxjhLhh4aaCmR1u97Wia0RlSNWOmQzBrhsCLO5wmsL44tV94Gx825BL7SvJJDVjfzSKGgXvQ9T4ijv4&sig=Cg0ArKJSzLjAN_qXG_fxEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 44BA1B54DBBD3DAE17945EDDF806D799
Requests: 10 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsue9xE22QFdJ64O__WIjLrpW020bpMjqDdo8elbNjnebay47XSOmzpysUfm1oJ9a3yrGJO5drMzM9qhgwYeCqnmlTPmXv5fa1Qg39wKDVgXmIsKwf7Ka2toCdQhbVhmKMrUDTTJtRFAEKQXHgWISLevRbwSKckaX5dD1GNGYqSZ2rVAk-492C-ayj3IGpHGlYEU2t54sqPiQnRH1UlAeE0ssXgntpW3HcGwl3J8KYV4z9NwysOxW_oU_yPeqP9724h5XcSnltE4ngBcMnfVDw39lkru7y3f0BWBRF1OtjC8L_SzQKrWBROkD2xCEkZ-TiSW67xFjJ9uqr8dGKPSDmF9re4bsysP1pgi2zLsMptoeEM68sAoQncRi3TBMz4dnbM5AuWuLw_y3ThHvEY&sai=AMfl-YTYaqBnDbUswbSqfNr0os0M3MuwZZuTnoyOI_teLyB-AzvlQay_Bm5sGcG8hBZacTaWJ1o3H8-KVLUdS-7dHfS6p1c8tmLkNo8byAAvM83H8_jpX2Rn25UxUb0K2w&sig=Cg0ArKJSzLjRWd6ZbsLIEAE&uach_m=%5BUACH%5D&adurl=
Frame ID: 6AF24EEE7EE9380E71B87622C450DF6B
Requests: 10 HTTP requests in this frame

Frame: https://cache-ssl.celtra.com/api/fonts/google/Lato:400/3_webfont.woff2?subset=BCDEGILORSTUVW
Frame ID: 341BCEB41B0A5729087119A28BD5A06E
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 695CD53BB25F8DFA0E28622732D6762B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 19820B93D5D98F47584014EBF1FE7785
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

China-Linked Threat Actor Hides Via 'Peculiar' Malware

Detected technologies

Unbounce (Editors) Expand

Overall confidence: 100%
Detected patterns

ubembed\.com

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

229
Requests

98 %
HTTPS

57 %
IPv6

26
Domains

41
Subdomains

40
IPs

5
Countries

5222 kB
Transfer

11722 kB
Size

22
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://www.informa.com/
Title: Informa PLC

Search URL Search Domain Scan URL

URL: https://www.informa.com/about-us/
Title: ABOUT US

Search URL Search Domain Scan URL

URL: https://www.informa.com/investors/
Title: INVESTOR RELATIONS

Search URL Search Domain Scan URL

URL: https://www.informa.com/talent/
Title: TALENT

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi
Title: Newsletter Sign-Up

Search URL Search Domain Scan URL

URL: https://twitter.com/DarkReading

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/dark-reading/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/darkreadingcom/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@DarkReadingOfficialYT

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqBwgKMKmknwswtq63Aw?ceid=US:en&oc=3&hl=en-US&gl=US

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Search URL Search Domain Scan URL

URL: http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&title=China-Linked%20Threat%20Actor%20Taps%20%27Peculiar%27%20Malware%20to%20Evade%20Detection

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html
Title: Trend Micro said in a report this week

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_knoc95&ch=SBX&cid=_upcoming_webinars_8.500001424&_mc=_upcoming_webinars_8.500001424
Title: Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&pc=w_wiza47&ch=SBX&cid=_upcoming_webinars_8.500001423&_mc=_upcoming_webinars_8.500001423
Title: Cybersecurity Strategies for Small and Med Sized Businesses

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_palo217&ch=SBX&cid=_upcoming_webinars_8.500001427&_mc=_upcoming_webinars_8.500001427
Title: Defending Against Today's Threat Landscape with MDR

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_palo216&ch=SBX&cid=_upcoming_webinars_8.500001425&_mc=_upcoming_webinars_8.500001425
Title: Securing Code in the Age of AI

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_dark69&ch=SBX&cid=_upcoming_webinars_8.500001429&_mc=_upcoming_webinars_8.500001429
Title: Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/us-24/?cid=_session_16.500318&_mc=_session_16.500318
Title: Black Hat USA - August 3-8 - Learn More

Search URL Search Domain Scan URL

URL: https://ve.informaengage.com/virtual-events/cybersecuritys-hottest-new-technologies-what-you-need-to-know/?ch=SBX&cid=_session_16.500317&_mc=_session_16.500317
Title: Cybersecurity's Hottest New Technologies: What You Need To Know

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/asia-24/?cid=_session_16.500313&_mc=_session_16.500313
Title: Black Hat Asia - April 16-19 - Learn More

Search URL Search Domain Scan URL

URL: https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa5682&ch=sbx&cid=_analytics_7.300006009&_mc=_analytics_7.300006009
Title: Industrial Networks in the Age of Digitalization

Search URL Search Domain Scan URL

URL: https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa5680&ch=sbx&cid=_analytics_7.300006008&_mc=_analytics_7.300006008
Title: Zero-Trust Adoption Driven by Data Protection

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa5678&ch=sbx&cid=_analytics_7.300006007&_mc=_analytics_7.300006007
Title: How Enterprises Assess Their Cyber-Risk

Search URL Search Domain Scan URL

URL: https://www.informationweek.com/whitepaper/cybersecurity/endpoint-security/defending-against-critical-threats/429033?cid=_analytics_7.300005906&_mc=_analytics_7.300005906
Title: Defending Against Critical Threats

Search URL Search Domain Scan URL

URL: https://www.informationweek.com/whitepaper/cybersecurity/cloud-security/sans-2021-cloud-security-survey/429583?cid=_analytics_7.300005900&_mc=_analytics_7.300005900
Title: SANS 2021 Cloud Security Survey

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6150&ch=SBX&cid=_whitepaper_14.500005624&_mc=_whitepaper_14.500005624
Title: How Enterprises Secure Their Applications

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_forq281&ch=SBX&cid=_whitepaper_14.500005603&_mc=_whitepaper_14.500005603
Title: The State of Incident Response

Search URL Search Domain Scan URL

URL: https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_forq277&ch=sbx&cid=_whitepaper_14.500005570&_mc=_whitepaper_14.500005570
Title: Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions

Search URL Search Domain Scan URL

URL: https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_forq253&ch=sbx&cid=_whitepaper_14.500005561&_mc=_whitepaper_14.500005561
Title: FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE

Search URL Search Domain Scan URL

URL: https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_forq252&ch=sbx&cid=_whitepaper_14.500005560&_mc=_whitepaper_14.500005560
Title: Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions

Search URL Search Domain Scan URL

URL: https://info.wrightsmedia.com/informa-licensing-reprints-request
Title: Reprints

Search URL Search Domain Scan URL

URL: https://www.informatech.com/

Search URL Search Domain Scan URL

URL: https://www.informa.com/privacy-policy/
Title: Privacy|

Search URL Search Domain Scan URL

URL: https://www.informatech.com/terms-and-conditions/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102

https://www3.doubleclick.net/ HTTP 301
https://marketingplatform.google.com/about/enterprise/

229 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Show response
www.darkreading.com/cyberattacks-data-breaches/ 261 KB
50 KB 1469ms
1411ms Document
text/html 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a26a28a57bfe12f30a5c2dfdc98a0f9a4204a750260b1b8a47d0b2fa877509a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: public, max-age=300, s-maxage=300, stale-while-revalidate=1500, stale-if-error=3600
cf-cache-status: EXPIRED
cf-ray: 86e586c3cb234d97-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 03 Apr 2024 02:11:11 GMT
last-modified: Wed, 03 Apr 2024 02:01:52 GMT
server: cloudflare
strict-transport-security: max-age=3153600000
vary: Accept-Encoding

GET
H2 200 styles.generated-4JZI2IIF.css
www.darkreading.com/build/_assets/ 10 KB
3 KB 38ms
36ms Stylesheet
text/css 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_assets/styles.generated-4JZI2IIF.css

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9afb4208e4d617a2672fe91e0eae18d076310ca43de095806415c10e595533cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1212697
etag: W/"2587-18e3c1d4ce8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586ccaf424d97-FRA

GET
H2 200 swiper.min-FCSS2HML.css
www.darkreading.com/build/_assets/ 5 KB
3 KB 39ms
37ms Stylesheet
text/css 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_assets/swiper.min-FCSS2HML.css

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12d04146373bc5fb49c6a59242e2ecf68a936d237df36502ae6019a69a22b82a

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757342
cf-polished: origSize=6255
etag: W/"186f-18e146dffa8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586ccaf444d97-FRA

GET
H2 200 brand.generated-VLREJEYP.css
www.darkreading.com/build/_assets/ 411 KB
51 KB 45ms
43ms Stylesheet
text/css 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_assets/brand.generated-VLREJEYP.css

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3635a5f6addfeeb02ebec03088c9c42619193abb0b6e5af5046c94f31e511b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700095
cf-polished: origSize=421495
etag: W/"66e77-18e3c1d4ce8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586ccaf454d97-FRA

GET
H2 200 api_Panchenko_Vladimir_shutterstock.jpg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt6bd348470935d73c/660c6d5308eabadef6c8d7e2/ 2 KB
2 KB 112ms
50ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt6bd348470935d73c/660c6d5308eabadef6c8d7e2/api_Panchenko_Vladimir_shutterstock.jpg?width=850&auto=webp&quality=10&format=jpg&disable=upscale&blur=40

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

01b6c3f20567168ba63154de34f994346f6b05c8bf22e7447515299267c1a38e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img01-europe-west2
age: 19820
x-cache: HIT, HIT
fastly-io-info: ifsz=472990 idim=1000x614 ifmt=jpeg ofsz=2062 odim=850x522 ofmt=webp
filename1: custom
content-disposition: inline; filename=api_Panchenko_Vladimir_shutterstock.webp
fastly-stats: io=1
content-length: 2062
x-request-id: 9657708ef434f672fe086c04c2cdc660
x-served-by: cache-ams12782-AMS, cache-fra-etou8220026-FRA
x-runtime: 50ms
server: contentstack
x-timer: S1712110272.609862,VS0,VE6
x-contentstack-organization: blt5948195ac13977b0
etag: "YMHr3Ra6MBUDfCTHnagWRi1/bUAYc0p1NXy6eeq1z2E"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6, 1

GET
H2 200 css2
fonts.googleapis.com/ 21 KB
1 KB 84ms
30ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 01:21:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Apr 2024 02:11:11 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/4b083961-e2ac-4755-8801-f7c83a5fb187/ 14 KB
4 KB 85ms
37ms Script
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/4b083961-e2ac-4755-8801-f7c83a5fb187/OtAutoBlock.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8751c85d4da8af34fb4d78a2ab5bb92b7a3b5380f2d0d5ca89d11fc2b5bfb6ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 27275
content-md5: /FIp/4zYapfYlY6Lvx04NA==
content-length: 3637
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 13:32:27 GMT
server: cloudflare
etag: 0x8DAE1C578B651FF
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 0256fef0-601e-0016-317c-22cf54000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586ccef3990d4-FRA
expires: Thu, 04 Apr 2024 02:11:11 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 78ms
30ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Pg1MHDpg+UGdovxhidM4Kg==
age: 38279
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6839
x-ms-lease-status: unlocked
last-modified: Mon, 01 Apr 2024 05:47:45 GMT
server: cloudflare
etag: 0x8DC520F417FE16B
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 9b31c133-401e-00a8-7f4e-84a72d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586ccef3a90d4-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 99ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b658e2a2924aafd0112b161c8a16a91f150d10be4c69630c99ee266f6179bf35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29116
x-xss-protection: 0
server: cafe
etag: 498 / 19816 / 31082436 / config-hash: 843760512178795312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 Apr 2024 02:11:11 GMT

GET
H2 200 4b083961-e2ac-4755-8801-f7c83a5fb187.json Show response
cdn.cookielaw.org/consent/4b083961-e2ac-4755-8801-f7c83a5fb187/ 5 KB
2 KB 96ms
38ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/4b083961-e2ac-4755-8801-f7c83a5fb187/4b083961-e2ac-4755-8801-f7c83a5fb187.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

127c7ead87e287db401c5a3173fd190cc2c7211711e97486294ca2086754f793

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 74194
content-md5: gKK4h+x/dMka9W5jOr1Sww==
content-length: 1918
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 13:32:27 GMT
server: cloudflare
etag: 0x8DAE1C578B1E5D5
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f0bafe39-d01e-0013-584e-791d8f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586cd8aac9bb0-FRA
expires: Thu, 04 Apr 2024 02:11:11 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 359 KB
107 KB 142ms
83ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5523ZCM

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5e1b2cb371789cc9c56cf7fbcc6135601164587900e7dbed52f79906bc447cb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109843
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Apr 2024 02:11:11 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 206 KB
73 KB 105ms
46ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WB8Q7XR

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

48e81c97bc84ee508d17645d6c1071a031044061d48c55a9d547d6f2da77c73d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74104
x-xss-protection: 0
last-modified: Wed, 03 Apr 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Apr 2024 02:11:11 GMT

GET
H2 200 informaLogoWhite-RZAE7EJI.png
www.darkreading.com/build/_assets/ 2 KB
2 KB 37ms
36ms Image
image/png 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/informaLogoWhite-RZAE7EJI.png

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9bf837f7d1d406ad3c07b020d4eb1a27a2212aee85df2c3077d0de0e06c6ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766172
cf-polished: origSize=4020
etag: W/"fb4-18e146dffa8"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 86e586cd7fa34d97-FRA
content-length: 2115

GET
H2 200 api_Panchenko_Vladimir_shutterstock.jpg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt6bd348470935d73c/660c6d5308eabadef6c8d7e2/ 74 KB
75 KB 41ms
22ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

cf8b81c4b4e66fda5bd5c3d1b94f48fa5a031a0e4e87a016bd0e8633fe5e7a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img01-europe-west2
age: 19820
x-cache: HIT, HIT
fastly-io-info: ifsz=472990 idim=1000x614 ifmt=jpeg ofsz=75878 odim=850x522 ofmt=webp
filename1: custom
content-disposition: inline; filename=api_Panchenko_Vladimir_shutterstock.webp
fastly-stats: io=1
content-length: 75878
x-request-id: 9657708ef434f672fe086c04c2cdc660
x-served-by: cache-ams12782-AMS, cache-fra-etou8220026-FRA
x-runtime: 50ms
server: contentstack
x-timer: S1712110272.609752,VS0,VE2
x-contentstack-organization: blt5948195ac13977b0
etag: "NHTTedBxW7A5tp7YGh0bgyVRYzgxc9WJWViwshEBXlI"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6, 1

GET
H2 200 email-decode.min.js Show response
www.darkreading.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
852 B 26ms
25ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 11:37:58 GMT
server: cloudflare
etag: W/"65fd6d96-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 86e586cd7fa54d97-FRA
expires: Fri, 05 Apr 2024 02:11:11 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 85ms
26ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

407b0eb60d8b1b7a9f3a143b4f8c1151b7f3a995af078c45e0c433a905e35d82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Apr 2024 02:11:11 GMT
content-md5: dWfR2Yw6Hb8HjYeqk1sleg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1326, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: el4hemPPb17ADsIhx2qOvKEBIS/d7lkJpofAHtLhE9nBSxK79/eLeGscKPFCnhClSPTscUkFFJ1SBmhZ5LRvQQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 6e26e6122337dcf941b01f75dd6b6b94
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "f30afb0a653d2dcd4c3f802dae7ba6e0"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 03 Apr 2024 02:13:08 GMT

GET
H2 200 entry.client-AUKDQFQS.js Show response
www.darkreading.com/build/ 582 B
415 B 49ms
34ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/entry.client-AUKDQFQS.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e583a505b3313c24782794db79286f541870fa090bc02f90549fd81d5501f1e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700095
cf-polished: origSize=583
etag: W/"247-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fad4d97-FRA

GET
H2 200 chunk-IG4PF4DE.js Show response
www.darkreading.com/build/_shared/ 121 KB
40 KB 63ms
49ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-IG4PF4DE.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

763dbbbeae9338c472651f4652721f72b22d027836c3af829ec2d4121553a8e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700095
cf-polished: origSize=124372
etag: W/"1e5d4-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8faf4d97-FRA

GET
H2 200 chunk-5D7GF2J2.js Show response
www.darkreading.com/build/_shared/ 122 KB
28 KB 61ms
47ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-5D7GF2J2.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b9dac65a3277574c2577423c174f7a3ec11e01d2c5e190b8320dbedc6e31dc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700095
cf-polished: origSize=125229
etag: W/"1e92d-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fb04d97-FRA

GET
H2 200 chunk-RHVHWKPF.js Show response
www.darkreading.com/build/_shared/ 45 KB
15 KB 49ms
35ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-RHVHWKPF.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11f6a1494b79e441443c27625e7135b68c04ee9d6f8b650545477501ebb414ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700095
cf-polished: origSize=47008
etag: W/"b7a0-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fb14d97-FRA

GET
H2 200 chunk-QOAYTZQA.js Show response
www.darkreading.com/build/_shared/ 7 KB
3 KB 48ms
33ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-QOAYTZQA.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2013f742b764fbcb98d198d820eb0538210279514dd486eefb218bd95e363667

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 936580
cf-polished: origSize=7317
etag: W/"1c95-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fb24d97-FRA

GET
H2 200 chunk-ZSCMMWXX.js Show response
www.darkreading.com/build/_shared/ 1006 B
628 B 60ms
46ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-ZSCMMWXX.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5beedf0a9b1e24fb846f1f256f5ba7c62af6ad06ea0965540b1c467dce23944

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1215707
cf-polished: origSize=1007
etag: W/"3ef-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fb34d97-FRA

GET
H2 200 chunk-S2HH2CQR.js Show response
www.darkreading.com/build/_shared/ 2 KB
819 B 67ms
52ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-S2HH2CQR.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5edae2bb1e57075798286bd4c36782a2439285a5f56087fec35bab764d1c06a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1199709
cf-polished: origSize=1595
etag: W/"63b-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fb64d97-FRA

GET
H2 200 chunk-TEVQ7J7N.js Show response
www.darkreading.com/build/_shared/ 2 KB
874 B 62ms
47ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-TEVQ7J7N.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1400afceac90350a1670b94883cd946729f1438f683bf39bef044d945c067269

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=1765
etag: W/"6e5-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd8fb84d97-FRA

GET
H2 200 chunk-HMDLJJKU.js Show response
www.darkreading.com/build/_shared/ 1 MB
379 KB 91ms
76ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-HMDLJJKU.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f4f87402842b39426dfe4ab187ef20334b1fc84b18f62fa1c0695f1be08fa63

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=1234160
etag: W/"12d4f0-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fbc4d97-FRA

GET
H2 200 chunk-2MQOLYJ6.js Show response
www.darkreading.com/build/_shared/ 99 B
190 B 68ms
53ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-2MQOLYJ6.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 850509
cf-polished: origSize=100
etag: W/"64-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fbd4d97-FRA

GET
H2 200 chunk-4OFPQ62H.js Show response
www.darkreading.com/build/_shared/ 99 B
226 B 68ms
54ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-4OFPQ62H.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757341
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fbe4d97-FRA

GET
H2 200 chunk-GZWEOPF7.js Show response
www.darkreading.com/build/_shared/ 2 KB
817 B 69ms
55ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-GZWEOPF7.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d8eb3acd720ba9dbd34dbe5d44940911c49eb4e428d3d19b35783d3c0e4a8a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=1873
etag: W/"751-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fbf4d97-FRA

GET
H2 200 chunk-KE3KK45X.js Show response
www.darkreading.com/build/_shared/ 514 B
434 B 67ms
53ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-KE3KK45X.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45ddf694907dcccbb3e58a25db206428001f6e3d426ae5e7aa1bdd2279ddd42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 28 Mar 2024 12:32:43 GMT
server: cloudflare
age: 476253
cf-polished: origSize=515
etag: W/"203-18e850c59f8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc04d97-FRA

GET
H2 200 chunk-EJDXW353.js Show response
www.darkreading.com/build/_shared/ 99 B
173 B 99ms
85ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-EJDXW353.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757341
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc34d97-FRA

GET
H2 200 chunk-YHUF3CTF.js Show response
www.darkreading.com/build/_shared/ 332 B
285 B 75ms
62ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-YHUF3CTF.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89dd0def6e41e34c5abb970e20d1694fa04ae257303e332872cbd8f3bce88d4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=333
etag: W/"14d-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc54d97-FRA

GET
H2 200 chunk-WEHOAVOD.js Show response
www.darkreading.com/build/_shared/ 21 KB
5 KB 71ms
57ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-WEHOAVOD.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f2e3ebbddb67be0cddf814e8f73792f8dcdc0441b501a00d19575d5796195f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=21171
etag: W/"52b3-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc64d97-FRA

GET
H2 200 chunk-VJASBGR7.js Show response
www.darkreading.com/build/_shared/ 335 B
303 B 70ms
56ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-VJASBGR7.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cffac44b5cee00fdea3a0efde9194902d5e93066a8fa0b0cb8775abfc2bc0e01

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=336
etag: W/"150-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc74d97-FRA

GET
H2 200 chunk-LPTDBOLJ.js Show response
www.darkreading.com/build/_shared/ 100 KB
31 KB 79ms
66ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-LPTDBOLJ.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f277b531867b0201224cc8596420538564e55b1857b9130f185a9593717d746

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=102358
etag: W/"18fd6-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc84d97-FRA

GET
H2 200 chunk-CDN2H3VJ.js Show response
www.darkreading.com/build/_shared/ 2 KB
791 B 68ms
55ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-CDN2H3VJ.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e35d773f99acc3b79d1d143fe1d31b80980f074796dd771ded6dcde8d5d61aa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=1539
etag: W/"603-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fc94d97-FRA

GET
H2 200 chunk-WUXNYJ43.js Show response
www.darkreading.com/build/_shared/ 2 KB
1 KB 85ms
72ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-WUXNYJ43.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3640f98bec10fbed8feedbe9eac65c2a476d2b86cc7e766665d37a9a6e01234

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=2275
etag: W/"8e3-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fcb4d97-FRA

GET
H2 200 chunk-J56IETE6.js Show response
www.darkreading.com/build/_shared/ 99 B
183 B 68ms
56ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-J56IETE6.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761858
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fcc4d97-FRA

GET
H2 200 chunk-33V2LWKA.js Show response
www.darkreading.com/build/_shared/ 5 KB
2 KB 75ms
62ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-33V2LWKA.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd6343973cf256840cf7e0786441d39fbe5f94fc5c1fec788bcf22b989b3f610

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=4959
etag: W/"135f-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fcd4d97-FRA

GET
H2 200 chunk-NYVDH3MD.js Show response
www.darkreading.com/build/_shared/ 99 B
154 B 73ms
61ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-NYVDH3MD.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761858
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fce4d97-FRA

GET
H2 200 chunk-5Q6XQIXI.js Show response
www.darkreading.com/build/_shared/ 73 KB
24 KB 83ms
71ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-5Q6XQIXI.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1b3f01585edd12c9ee1dbc769bb8e313430a9b3b1fcf6cc48020d83d7c693fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=76565
etag: W/"12b15-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fd04d97-FRA

GET
H2 200 chunk-BGVAJVIT.js Show response
www.darkreading.com/build/_shared/ 268 B
311 B 75ms
63ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-BGVAJVIT.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c104bc5974423b88e53e00bca716b0943a8287088540a368eac8ba0e4d6c9428

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761858
cf-polished: origSize=269
etag: W/"10d-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fd34d97-FRA

GET
H2 200 chunk-RV3JR3RD.js Show response
www.darkreading.com/build/_shared/ 99 B
160 B 76ms
64ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-RV3JR3RD.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 694115
cf-polished: origSize=100
etag: W/"64-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fd74d97-FRA

GET
H2 200 chunk-U4RHUKDM.js Show response
www.darkreading.com/build/_shared/ 99 B
155 B 75ms
63ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-U4RHUKDM.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761858
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fd84d97-FRA

GET
H2 200 chunk-WDD67XQQ.js Show response
www.darkreading.com/build/_shared/ 15 KB
6 KB 77ms
65ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-WDD67XQQ.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90523092a383e5b3308aa18e8807788a6d5401f7a7eea157e9fcf3fb8050242e

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757340
cf-polished: origSize=15141
etag: W/"3b25-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fd94d97-FRA

GET
H2 200 chunk-WH6AJUET.js Show response
www.darkreading.com/build/_shared/ 137 KB
42 KB 98ms
86ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-WH6AJUET.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02579708d575bf5ea71adbb4f0a0dd7899ae7165bbc02f382f5bbfd0d866ba6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 941111
cf-polished: origSize=140869
etag: W/"22645-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fda4d97-FRA

GET
H2 200 chunk-EZOUF6JW.js Show response
www.darkreading.com/build/_shared/ 857 B
590 B 84ms
72ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-EZOUF6JW.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcb44b892cd3b232b76ff10d32f0d4006f575066f1c8b18308eec10929749c26

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700094
cf-polished: origSize=858
etag: W/"35a-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fdb4d97-FRA

GET
H2 200 chunk-AEBM4IWQ.js Show response
www.darkreading.com/build/_shared/ 99 B
210 B 92ms
81ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-AEBM4IWQ.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1752448
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fdc4d97-FRA

GET
H2 200 chunk-I6L43IMI.js Show response
www.darkreading.com/build/_shared/ 213 KB
74 KB 95ms
84ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-I6L43IMI.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07df21385dfe089a7da035f39d98df643aa243022cf03aab9de176d76c34fd02

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=218934
etag: W/"35736-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fdd4d97-FRA

GET
H2 200 root-4MPM2SIN.js Show response
www.darkreading.com/build/ 44 KB
13 KB 84ms
73ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/root-4MPM2SIN.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f65a059496e96bb89afa6995ef8c583a68cecb4927be4f7c37235a311527f5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 28 Mar 2024 12:32:43 GMT
server: cloudflare
age: 476253
cf-polished: origSize=45073
etag: W/"b011-18e850c59f8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fde4d97-FRA

GET
H2 200 chunk-6QWN4GPQ.js Show response
www.darkreading.com/build/_shared/ 1 KB
814 B 75ms
64ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-6QWN4GPQ.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c9e3d2c9a7f38a13dbe19fa82dca632d414552c8203239bbd2549ee2f6bb4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=1499
etag: W/"5db-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fdf4d97-FRA

GET
H2 200 chunk-3ZHEZDRY.js Show response
www.darkreading.com/build/_shared/ 3 KB
1 KB 86ms
76ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-3ZHEZDRY.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99b80e9b45e3bc936046fa3d7f229debf2d23b6224b4cd4aa6fa78168156de0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=3247
etag: W/"caf-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe04d97-FRA

GET
H2 200 chunk-LKXTK3LT.js Show response
www.darkreading.com/build/_shared/ 2 KB
734 B 86ms
75ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-LKXTK3LT.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af9b6a643408fbaa0199be8f2f5e7df183f18d6e21a9e275991407930241143a

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=2070
etag: W/"816-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe14d97-FRA

GET
H2 200 chunk-QLSZ4YLY.js Show response
www.darkreading.com/build/_shared/ 1 KB
703 B 91ms
80ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-QLSZ4YLY.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ddc129f9561ac971801ea536d9ac8848ed2c0f5abafeebf249b8caa14ce601a

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=1240
etag: W/"4d8-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe24d97-FRA

GET
H2 200 chunk-7LVL2DAB.js Show response
www.darkreading.com/build/_shared/ 9 KB
3 KB 92ms
82ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-7LVL2DAB.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f6eaa015629c736b229a9bfd7a2bec3fab3badfce8325724cd6422e2cca380d

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=9163
etag: W/"23cb-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe34d97-FRA

GET
H2 200 chunk-YC5H4QYS.js Show response
www.darkreading.com/build/_shared/ 4 KB
2 KB 90ms
80ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-YC5H4QYS.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d08bf1d099825a825373db1db17d3d94edf808c1982b241eea47d7f3eacc4470

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=4128
etag: W/"1020-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe44d97-FRA

GET
H2 200 chunk-CEMO46RE.js Show response
www.darkreading.com/build/_shared/ 975 B
642 B 96ms
87ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-CEMO46RE.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8185af1afef86650ddcbc63448d0309632745e88f9d002592635a5a2d992aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=976
etag: W/"3d0-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe54d97-FRA

GET
H2 200 chunk-C43N4R3G.js Show response
www.darkreading.com/build/_shared/ 594 B
419 B 93ms
84ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-C43N4R3G.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf758c21fe9f158956c03c195e33bdf871c8af1e36c6bfe4d2f0fd5dc4edf12

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=595
etag: W/"253-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe64d97-FRA

GET
H2 200 chunk-SECIREA6.js Show response
www.darkreading.com/build/_shared/ 2 KB
807 B 90ms
81ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-SECIREA6.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

767e0284835687eb41592ae328639f74a01063985d5fcd4d36dd7ec4d2975159

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700093
cf-polished: origSize=1801
etag: W/"709-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe84d97-FRA

GET
H2 200 chunk-KTCP2DGX.js Show response
www.darkreading.com/build/_shared/ 2 KB
1 KB 90ms
82ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-KTCP2DGX.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

951ba24499d8b2b03e7da9af81e0c535d896c53cda076eb4ea07c0b826f7b5b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 28 Mar 2024 12:32:43 GMT
server: cloudflare
age: 476253
cf-polished: origSize=2298
etag: W/"8fa-18e850c59f8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fe94d97-FRA

GET
H2 200 chunk-6A2GLJQM.js Show response
www.darkreading.com/build/_shared/ 99 B
189 B 90ms
82ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-6A2GLJQM.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757339
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fea4d97-FRA

GET
H2 200 chunk-DZ55IFS4.js Show response
www.darkreading.com/build/_shared/ 225 KB
75 KB 94ms
86ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-DZ55IFS4.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c35f701a35d3a2d21473d8fc6e119d10c1d237260859416fcdbd25c154026f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=230795
etag: W/"3858b-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9feb4d97-FRA

GET
H2 200 chunk-6DTAGCDK.js Show response
www.darkreading.com/build/_shared/ 3 KB
1 KB 91ms
83ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-6DTAGCDK.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78252040753f69af3a38b2355740febcf712d41b02e4466f1c53a76ffecb7dfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=3232
etag: W/"ca0-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fec4d97-FRA

GET
H2 200 chunk-YB2PZH4U.js Show response
www.darkreading.com/build/_shared/ 99 B
160 B 90ms
82ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-YB2PZH4U.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761858
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fee4d97-FRA

GET
H2 200 chunk-GY4YSMUY.js Show response
www.darkreading.com/build/_shared/ 99 B
160 B 89ms
81ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-GY4YSMUY.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766173
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9fef4d97-FRA

GET
H2 200 chunk-7ABGLIHU.js Show response
www.darkreading.com/build/_shared/ 99 B
155 B 92ms
85ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-7ABGLIHU.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1752448
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff04d97-FRA

GET
H2 200 chunk-7U7P2TQH.js Show response
www.darkreading.com/build/_shared/ 6 KB
2 KB 92ms
85ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-7U7P2TQH.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94835538629072787bd0f2dc3f92007918882e423f2f45ec2f8518cd211a8fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=6391
etag: W/"18f7-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff14d97-FRA

GET
H2 200 chunk-34PP7A63.js Show response
www.darkreading.com/build/_shared/ 459 KB
70 KB 97ms
90ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-34PP7A63.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f19835fa00c4904c84d19210f06ce39fa4e776c81dc837843d9a1c3de423738

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=470095
etag: W/"72c4f-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff34d97-FRA

GET
H2 200 chunk-XZULDXOR.js Show response
www.darkreading.com/build/_shared/ 7 KB
3 KB 90ms
83ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-XZULDXOR.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bda560e1b47fe886f72faafe85501a9c014b96323dc273baa07daa2d3386c66

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=7376
etag: W/"1cd0-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff44d97-FRA

GET
H2 200 chunk-7XNKXIBY.js Show response
www.darkreading.com/build/_shared/ 149 KB
24 KB 90ms
84ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-7XNKXIBY.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

316aaf31d8e513c553ecf0da6fba97a000f38f0fa541ff1a9bece4372f6f485f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=152480
etag: W/"253a0-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff54d97-FRA

GET
H2 200 chunk-UWJXSYID.js Show response
www.darkreading.com/build/_shared/ 1 KB
778 B 88ms
81ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-UWJXSYID.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b89ecf06a4514d4a20055fccbccb8c6eca0faf0138f43978e156c753de0288a

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=1342
etag: W/"53e-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff64d97-FRA

GET
H2 200 chunk-EKJYTYS3.js Show response
www.darkreading.com/build/_shared/ 1000 B
555 B 91ms
85ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-EKJYTYS3.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bb1199054cb7ba3280a7d772f99715eb3cc48babd4b28f9ceacbe37b8cf107c

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=1001
etag: W/"3e9-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff74d97-FRA

GET
H2 200 chunk-3MS3TJ6I.js Show response
www.darkreading.com/build/_shared/ 99 B
154 B 89ms
83ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-3MS3TJ6I.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761858
cf-polished: origSize=100
etag: W/"64-18e146dffa8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff84d97-FRA

GET
H2 200 chunk-FSOMJEU7.js Show response
www.darkreading.com/build/_shared/ 1 KB
684 B 90ms
84ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_shared/chunk-FSOMJEU7.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f23309ea6a54534a6028847a4db27e83e2ad3265a13898c844a108490cb56

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1700092
cf-polished: origSize=1062
etag: W/"426-18e3c1d4ce8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ff94d97-FRA

GET
H2 200 $topic.$slug-ZY4UKJVX.js Show response
www.darkreading.com/build/routes/ 239 KB
73 KB 93ms
87ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/routes/$topic.$slug-ZY4UKJVX.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9f4798574902affc091f45cea5a31b4c172631691da3f7a2a77ba6e0f5cf3f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 28 Mar 2024 12:32:43 GMT
server: cloudflare
age: 476253
cf-polished: origSize=245446
etag: W/"3bec6-18e850c59f8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ffa4d97-FRA

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 131ms
48ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 86e586ce081018ef-FRA

GET
H2 200 Bars-F4G2A5NO.svg
www.darkreading.com/build/_assets/ 554 B
333 B 87ms
87ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Bars-F4G2A5NO.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e4d00cfee02d472b0c80124f87c00a8cb8ea5610201ebbf922d894d2fea4db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 28 Mar 2024 12:32:43 GMT
server: cloudflare
age: 465424
etag: W/"22a-18e850c59f8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ffb4d97-FRA

GET
H2 200 Search-T2ANYVG5.svg
www.darkreading.com/build/_assets/ 493 B
428 B 84ms
84ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Search-T2ANYVG5.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

592356a6c52e99185da7862c1bc4929308efd3618e8f1c8e1dd665abf205ee62

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766172
etag: W/"1ed-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ffc4d97-FRA

GET
H2 200 ChevronDown-PF4EH6J6.svg
www.darkreading.com/build/_assets/ 449 B
352 B 86ms
86ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/ChevronDown-PF4EH6J6.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

882c0ef9f4096af29e037f9ba9dcbc71a46605828ae12a77002c0fa5e00c309a

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 854773
etag: W/"1c1-18e3c1d4ce8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cd9ffd4d97-FRA

GET
H2 200 Clock-MSX4SBCD.svg
www.darkreading.com/build/_assets/ 471 B
378 B 82ms
82ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Clock-MSX4SBCD.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae59b218ab2a4bdc90c9da5d696d7c14eb10c26ddfe9882dc74f4e4e0deb7255

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761856
etag: W/"1d7-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdbfff4d97-FRA

GET
H2 200 Linkedin-VQUF3EEQ.svg
www.darkreading.com/build/_assets/ 400 B
344 B 83ms
82ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Linkedin-VQUF3EEQ.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fe6411146e7aabcda85d71ec42eabe4fe5fb199f0e9ad759bfa78a42a853535

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766171
etag: W/"190-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8014d97-FRA

GET
H2 200 Facebook-CJB5G2HY.svg
www.darkreading.com/build/_assets/ 272 B
273 B 85ms
84ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Facebook-CJB5G2HY.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58016ccef8b151b18ba8a751a7666689dcb78facc25a8710434d2e8629a83142

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766171
etag: W/"110-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8024d97-FRA

GET
H2 200 Twitter-WD5AOEQ7.svg
www.darkreading.com/build/_assets/ 404 B
343 B 83ms
83ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Twitter-WD5AOEQ7.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f35a67f2129d433d9a690160ea7f637686033f5055199a7788f1bb500fe0e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1752342
etag: W/"194-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8034d97-FRA

GET
H2 200 Email-47H7P533.svg
www.darkreading.com/build/_assets/ 777 B
520 B 82ms
82ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Email-47H7P533.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ef59df86d3826ee2048c7707b14be9a819ffe3ce87ca7e989511ac24e447812

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761852
etag: W/"309-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8044d97-FRA

GET
H2 200 Reddit-5TRN6TDE.svg
www.darkreading.com/build/_assets/ 1 KB
707 B 83ms
82ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Reddit-5TRN6TDE.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7dd61f31dd9d4d1b9e2b24e139ddcaef62287a13664cdb50544ea421f1a1899

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757338
etag: W/"471-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8054d97-FRA

GET
H2 200 Printer-U5RDBVFZ.svg
www.darkreading.com/build/_assets/ 741 B
532 B 83ms
83ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Printer-U5RDBVFZ.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b75529201e97f7566ae404c0bd803c64ce29092a13c8e1893369ef3c32c6337

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1302555
etag: W/"2e5-18e3c1d4ce8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8064d97-FRA

GET
H2 200 ChalkBoard-7VYJPH3F.svg
www.darkreading.com/build/_assets/ 752 B
506 B 80ms
80ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/ChalkBoard-7VYJPH3F.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62eee22f7f92913689361d7cad70e166c1f0fe52937c1269996cffaa712e60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1752342
etag: W/"2f0-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8074d97-FRA

GET
H2 200 ChevronRight-W5LPP5NG.svg
www.darkreading.com/build/_assets/ 305 B
300 B 83ms
82ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/ChevronRight-W5LPP5NG.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8a03522223cf64474a1f91e02c8069ea5560a23266b37b476d7602a621f0c38

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766170
etag: W/"131-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb8084d97-FRA

GET
H2 200 Date-KJRS72FO.svg
www.darkreading.com/build/_assets/ 1 KB
537 B 82ms
82ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Date-KJRS72FO.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed870769c4fd967977ef0930a14927ac6035d0a9fcd9db0bcef385da69bea2eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757338
etag: W/"54d-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb80a4d97-FRA

GET
H2 200 Document-NG4YMZFA.svg
www.darkreading.com/build/_assets/ 801 B
430 B 81ms
81ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Document-NG4YMZFA.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b475b63a797144d91a4b2e34499ab7321bdf6d298d5f1177ec1fa3f5d3b4e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1766170
etag: W/"321-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb80b4d97-FRA

GET
H2 200 Youtube-S4PSC4UA.svg
www.darkreading.com/build/_assets/ 570 B
393 B 78ms
78ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/Youtube-S4PSC4UA.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b21643da63b2c4ecc10d42f29531dd1830ea86dc7fa876cf0e0d570b76bbb3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1752342
etag: W/"23a-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb80d4d97-FRA

GET
H2 200 RSS-3XFHIVCK.svg
www.darkreading.com/build/_assets/ 632 B
430 B 78ms
78ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/RSS-3XFHIVCK.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff5c6ccd23219200d1ba0f66c328e5c014b436bc783b6ce18873dd9d6ac216c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1761851
etag: W/"278-18e146dffa8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb80e4d97-FRA

GET
H2 200 GoogleNews-6O72APW7.svg
www.darkreading.com/build/_assets/ 897 B
559 B 77ms
77ms Image
image/svg+xml 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.darkreading.com/build/_assets/GoogleNews-6O72APW7.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62a683fb450f7fa9845bc05412211a15a4b09b406db0c7fcb6fe2fe18acff1ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 14 Mar 2024 08:38:57 GMT
server: cloudflare
age: 1193953
etag: W/"381-18e3c1d4ce8"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586cdb80f4d97-FRA

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 90ms
10ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 07:44:24 GMT
x-content-type-options: nosniff
age: 66407
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Apr 2025 07:44:24 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2
fonts.gstatic.com/s/inter/v13/ 17 KB
17 KB 99ms
33ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eba9487840439a0fa53c9be0541c524bb84b590a7af8c86573ceb1fe19c4bda9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Mar 2024 13:46:44 GMT
x-content-type-options: nosniff
age: 303867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17600
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:48:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Mar 2025 13:46:44 GMT

GET
H2 200 Logo_-_Dark_Reading.svg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blte9ead971f13c662e/65437029846d7c040a6e588d/ 3 KB
2 KB 27ms
23ms Image
image/svg+xml 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blte9ead971f13c662e/65437029846d7c040a6e588d/Logo_-_Dark_Reading.svg?width=476&auto=webp&quality=80&disable=upscale

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

c3c2e2538dd857e04bb340d6230c8eeedca607d219bceba19897333cbd74b4f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
fastly-io-error: not a supported image format
strict-transport-security: max-age=31557600
content-encoding: gzip
fastly-io-served-by: img05-europe-west2
age: 3464173
x-cache: HIT, HIT
filename1: custom
content-disposition: inline; filename=Logo_-_Dark_Reading.svg+xml
fastly-stats: io=1
content-length: 1435
x-request-id: d8e2bae8958d344190fd353b28b7b898
x-served-by: cache-ams12722-AMS, cache-fra-etou8220026-FRA
x-runtime: 94ms
server: contentstack
x-timer: S1712110272.642564,VS0,VE1
x-contentstack-organization: blt5948195ac13977b0
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3578, 1

GET
H2 200 Jai-Vijayan.jpeg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt1a674355ce57f27b/64f14f228727730c7f926217/ 1 KB
2 KB 26ms
22ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt1a674355ce57f27b/64f14f228727730c7f926217/Jai-Vijayan.jpeg?width=100&auto=webp&quality=80&disable=upscale

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

162fdc59fe32d506fa254e5f6e6ace62991757ccb10910d0e3a4be7f8724e8b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img03-europe-west2
age: 3463850
x-cache: HIT, HIT
fastly-io-info: ifsz=7323 idim=125x125 ifmt=jpeg ofsz=1268 odim=100x100 ofmt=webp
filename1: custom
content-disposition: inline; filename=Jai-Vijayan.webp
fastly-stats: io=1
content-length: 1268
x-request-id: bd01969d138225bf50e6579d707a1b0a
x-served-by: cache-ams12767-AMS, cache-fra-etou8220026-FRA
x-runtime: 123ms
server: contentstack
x-timer: S1712110272.642499,VS0,VE1
x-contentstack-organization: blt5948195ac13977b0
etag: "/WeVqa3DvOIY6igri++9rM3EJoDLK4dQ9GS2TEXSKig"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6, 1

GET
H2 200 telephone-Brian_Jackson-Alamy.jpg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltf0a85c24d58eac4a/65cbe31d59ebc9040a75707d/ 16 KB
16 KB 28ms
24ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltf0a85c24d58eac4a/65cbe31d59ebc9040a75707d/telephone-Brian_Jackson-Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

d0a07ad8e9357db88f70cb80d5bc568083733252b09cb039e6276038abce1405

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img11-europe-west2
age: 1686926
x-cache: HIT, HIT
fastly-io-info: ifsz=1422294 idim=8688x5792 ifmt=jpeg ofsz=16462 odim=700x467 ofmt=webp
filename1: custom
content-disposition: inline; filename=telephone-Brian_Jackson-Alamy.webp
fastly-stats: io=1
content-length: 16462
x-request-id: 67af09b8a2d08f819d7fe554c5dca706
x-served-by: cache-ams21041-AMS, cache-fra-etou8220026-FRA
x-runtime: 106ms
server: contentstack
x-timer: S1712110272.642500,VS0,VE1
x-contentstack-organization: blt5948195ac13977b0
etag: "pD3d71fHRdsQui+tlJbB6GoHxYKhPyvHioN5nHc0wFY"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 9, 1

GET
H2 200 Olivier_Le_Moal-zero-trust-networking-shutterstock.jpg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltb11631d927da1299/65f43df8c43817040af3eb5f/ 34 KB
35 KB 36ms
32ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltb11631d927da1299/65f43df8c43817040af3eb5f/Olivier_Le_Moal-zero-trust-networking-shutterstock.jpg?width=700&auto=webp&quality=80&disable=upscale

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

2f499b6cd0a664df05af766bd604bec68dbd30fbf0ebee481575228a70d8df8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img03-europe-west2
age: 1604806
x-cache: HIT, HIT
fastly-io-info: ifsz=176645 idim=1600x800 ifmt=jpeg ofsz=35128 odim=700x350 ofmt=webp
filename1: custom
content-disposition: inline; filename=Olivier_Le_Moal-zero-trust-networking-shutterstock.webp
fastly-stats: io=1
content-length: 35128
x-request-id: 8b09799954f6cc9d2cc45fba9c85a863
x-served-by: cache-ams12780-AMS, cache-fra-etou8220026-FRA
x-runtime: 58ms
server: contentstack
x-timer: S1712110272.642506,VS0,VE2
x-contentstack-organization: blt5948195ac13977b0
etag: "Jqyy/dWPIgzKjwHp1ArZDrY/iToiQkYP4oOhKKV2l10"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 22, 1

GET
H2 200 ML_Jirsak_shutterstock.jpg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltade80e5c93b40777/65f8a6e8f2e490040a7627a1/ 11 KB
11 KB 37ms
33ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltade80e5c93b40777/65f8a6e8f2e490040a7627a1/ML_Jirsak_shutterstock.jpg?width=700&auto=webp&quality=80&disable=upscale

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

ad25f99853892a957a8e28fc375a3a2991327368a6572a9424bb4b8f403326dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img02-europe-west2
age: 1315798
x-cache: HIT, HIT
fastly-io-info: ifsz=408373 idim=1000x667 ifmt=jpeg ofsz=11144 odim=700x467 ofmt=webp
filename1: custom
content-disposition: inline; filename=ML_Jirsak_shutterstock.webp
fastly-stats: io=1
content-length: 11144
x-request-id: 48b6a9cb83c96b00241f809ace741e27
x-served-by: cache-ams12739-AMS, cache-fra-etou8220026-FRA
x-runtime: 69ms
server: contentstack
x-timer: S1712110272.642662,VS0,VE3
x-contentstack-organization: blt5948195ac13977b0
etag: "XQu6UQo2WnKIvQl7fpSIsx5p4aZu4jbIksrCINkbT9s"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 37, 1

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 232ms
144ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 86e586ceea7e4d70-FRA
access-control-allow-headers: Content-Type

GET
H2 200 manifest-A5D1FD69.js Show response
www.darkreading.com/build/ 36 KB
3 KB 72ms
47ms Script
application/javascript 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/manifest-A5D1FD69.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2446ebe8630af649ad9e39a4c218bf8932a9459fc1a3d7d3eaf5d94d3e5c5b23

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:11 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Thu, 28 Mar 2024 12:32:43 GMT
server: cloudflare
age: 476247
etag: W/"8fbb-18e850c59f8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586ce08254d97-FRA

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/ 442 KB
139 KB 27ms
24ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35243e15497801e97fd517407580fc495bccca3828af2aff4488f7d476b4f519

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 10:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58071
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141759
x-xss-protection: 0
server: cafe
etag: 13240748619834415046
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 02 Apr 2025 10:03:20 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.39.0/ 372 KB
89 KB 30ms
30ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Zp/CcrZmK7hQ2S6c/t9Tpw==
age: 38275
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 90454
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:04 GMT
server: cloudflare
etag: 0x8DA87805EB35DE2
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d6be7b6c-401e-005c-6830-246cdb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586cf7fcb90d4-FRA

HEAD
H2

200

/
marketingplatform.google.com/about/enterprise/
Redirect Chain

https://www3.doubleclick.net/
https://marketingplatform.google.com/about/enterprise/

0
0

96ms
29ms

Fetch
text/html

2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://marketingplatform.google.com/about/enterprise/
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Server: 2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.darkreading.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Redirect headers

date: Wed, 03 Apr 2024 02:11:12 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://marketingplatform.google.com/about/enterprise/
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 251
x-xss-protection: 0
expires: Wed, 03 Apr 2024 02:41:12 GMT

GET
H2 200 iris-recommend.js Show response
static.iris.informa.com/widgets/v3/ 1 MB
1 MB 203ms
145ms Script
application/javascript 18.245.86.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.iris.informa.com/widgets/v3/iris-recommend.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-108.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c4bd898a8dfbaca019da023cf8083d579298c06ccbde560705be627ce4edd8ec

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-amz-version-id: oYToE0auV1_g0CzUkq7ZE5_NnvS58UbF
via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
last-modified: Tue, 26 Mar 2024 11:49:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P6
etag: "531041cb4cd6b74ab9a9646aeb551d21"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 1426427
x-amz-cf-id: I57Qf6n_80Zcvkh66QIg50J-3V2BtkAlK7JvHoUwO3L3ZzXhUO6xkQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
95 KB 40ms
39ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1X1EHQ3PFR&l=dataLayer&cx=c

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

445bfeb3746eef6dcddc37e3ae7570685e75fdf6c4c9d8235db255a3de132265

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97028
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Apr 2024 02:11:12 GMT

GET
H2 200 iris-t.js Show response
static.iris.informa.com/widgets/v3.0/ 14 KB
15 KB 189ms
149ms Script
application/javascript 18.245.86.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.iris.informa.com/widgets/v3.0/iris-t.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-108.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b3a87df9271496c06304e181a7349ee8f466bf3aec2594604cddda621ed5e014

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-amz-version-id: 30kR1SOzaV8mkAj3KPVCydzrzDL9neAX
via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
last-modified: Tue, 05 Mar 2024 12:58:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P6
etag: "47655d522d81661da9cec68dbc7c1a1f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 14561
x-amz-cf-id: o0-nSH66d9O-DgLqjVFY_9AK_v9xzijiNsUJxbQU2YjNOPl-PQUy4Q==

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 38 KB
15 KB 104ms
26ms Script
application/x-javascript 2600:9000:2646:600:18:1fcd:353:c61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2646:600:18:1fcd:353:c61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 9b1aaea1148044ff331b843e9fd73a06418cfe363bbd331982a84944694f6618

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 19:06:40 GMT
content-encoding: gzip
via: 1.1 5b17764336ffdab7d2a3e7707394867a.cloudfront.net (CloudFront)
last-modified: Thu, 21 Dec 2023 01:03:21 GMT
server: nginx
x-amz-cf-pop: FRA60-P5
age: 25472
etag: W/"65838ed9-9630"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: FR28FaDOcDMSFCViAV4G333O1mfRgRnCnB4iOZGBGqnKc0bwbhPAFQ==
expires: Wed, 03 Apr 2024 19:06:40 GMT

GET
H2 200 / Show response
6600d6d98e534115970f9529a45f3195.js.ubembed.com/ 415 B
681 B 124ms
47ms Script
application/javascript 2606:4700:4400::6812:27b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://6600d6d98e534115970f9529a45f3195.js.ubembed.com/
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:27b5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46532f65ff54c2eb734aa7e9fa4bddd0bff56632b34118d4b2efcfd6e0efcfdb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 840
etag: W/"0be1c595231cf88f6941d42443afd89717756a29"
vary: Accept-Encoding, Referer
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate
cf-ray: 86e586d21d5a9757-FRA

GET
H2 200 hotjar-2610568.js Show response
static.hotjar.com/c/ 14 KB
6 KB 134ms
56ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2610568.js?sv=6

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

a403746bac219db44203fc9406de144eeb0ccd5933be8994425a01d7073d2932

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 03 Apr 2024 02:11:12 GMT
via: 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/7abfa61153d0840911b28705432d05b8
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: yz6Owr6Pj-ZM4RpaZMX8E_fPzQNYBe9BZMd8NWinZLY-fRpULsMJAQ==

GET
H2 200 infinity-sakkmesterke-Alamy.jpg
eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt8586a85b5be442e6/65fc6082f5d321040aa69621/ 24 KB
25 KB 22ms
21ms Image
image/webp 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt8586a85b5be442e6/65fc6082f5d321040aa69621/infinity-sakkmesterke-Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

contentstack /

Resource Hash

b9b48cf88b67411a27f119d0671602d19678440d5d36c6391600b2af2a359bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=31557600
fastly-io-served-by: img01-europe-west2
age: 1071677
x-cache: HIT, HIT
fastly-io-info: ifsz=978310 idim=4000x3000 ifmt=jpeg ofsz=24646 odim=700x525 ofmt=webp
filename1: custom
content-disposition: inline; filename=infinity-sakkmesterke-Alamy.webp
fastly-stats: io=1
content-length: 24646
x-request-id: c14df84fe85e8008af87373d626f8651
x-served-by: cache-ams21040-AMS, cache-fra-etou8220026-FRA
x-runtime: 61ms
server: contentstack
x-timer: S1712110272.280473,VS0,VE1
x-contentstack-organization: blt5948195ac13977b0
etag: "iMwm+MLd0q2Zymimfuk3LDevSaeboNlH6cbt8YnwLIs"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 14, 1

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/4b083961-e2ac-4755-8801-f7c83a5fb187/657fbdf5-ad27-4981-b321-b96d0ec59709/ 81 KB
18 KB 45ms
45ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/4b083961-e2ac-4755-8801-f7c83a5fb187/657fbdf5-ad27-4981-b321-b96d0ec59709/en.json

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1866a87b4c049fb761b0218db2aecbef33496d878706bc56f2701965efaf88a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 33472
content-md5: NMyqdpBtpYEfMyyUOi/oVQ==
content-length: 18270
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 13:32:33 GMT
server: cloudflare
etag: 0x8DAE1C57C3EAB90
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 361060ce-b01e-003a-5c53-1423fb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586d1cc9b9bb0-FRA
expires: Thu, 04 Apr 2024 02:11:12 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
257 B 88ms
28ms Ping
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-1X1EHQ3PFR&gtm=45je4410v873922772z8891172384za200&_p=1712110271562&_gaz=1&gcd=13l3l3l3l3&npa=1&dma=0&cid=676144985.1712110272&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&dr=&dt=China-Linked%20Threat%20Actor%20Taps%20%27Peculiar%27%20Malware%20to%20Evade%20Detection&dl=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&sid=1712110272&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_type=article&ep.content_format=News&ep.content_publish_date=Apr%2002%2C%202024&ep.content_sub_brand=value%20not%20set&ep.content_buyer_journey=value%20not%20set&ep.content_id=bltda1e5475aaf04f4f&ep.content_title=China-Linked%20Threat%20Actor%20Taps%20%27Peculiar%27%20Malware%20to%20Evade%20Detection&ep.content_legacy_path=value%20not%20set&ep.content_contributor=Jai%20Vijayan&ep.content_keyword=value%20not%20set&ep.content_series=value%20not%20set&ep.content_sponsor=value%20not%20set&ep.content_main_topic=Cyberattacks%20%26%20Data%20Breaches&ep.content_additional_topics=Threat%20Intelligence%2CVulnerabilities%20%26%20Threats&ep.gtm_container_detail=GTM-5523ZCM%7C104&ep.ad_unit_path_code=3834%2Fdarkreading.home%2Farticle%2Fcyberattacks-data-breaches&ep.content_program=value%20not%20set&ep.content_group=Cyberattacks%20%26%20Data%20Breaches&ep.content_all_topics=cyberattacks%20%26%20data%20breaches%7Cthreat%20intelligence%7Cvulnerabilities%20%26%20threats&tfd=2367
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1X1EHQ3PFR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
257 B 99ms
30ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-1X1EHQ3PFR&cid=676144985.1712110272&gtm=45je4410v873922772z8891172384za200&aip=1&dma=0&gcd=13l3l3l3l3&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1X1EHQ3PFR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ae/ads/ 42 B
408 B 94ms
33ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ae/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1X1EHQ3PFR&cid=676144985.1712110272&gtm=45je4410v873922772z8891172384za200&aip=1&dma=0&gcd=13l3l3l3l3&npa=1&z=92529465

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFloatingRoundedIcon.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 16 KB
4 KB 44ms
44ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otFloatingRoundedIcon.json

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86dbd997ead92464b9d3e6228dab6902a3f8cdbd17de1da8923cb2f0fb600bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Mbb70m5YOd2/+METBtRttw==
age: 33472
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3803
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:56 GMT
server: cloudflare
etag: 0x8DA87805A12E7D8
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 827a648c-101e-00a5-4e35-236ff9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586d26d619bb0-FRA

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/ 64 KB
13 KB 33ms
33ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/otPcPanel.json

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd2879e3b0d373936b3a4f85f24bf5ae631ea76ec7c79b528b53bd4f3ea44de6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Kw22gRKC0ogRtsT2RwAR9Q==
age: 85245
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13290
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:57 GMT
server: cloudflare
etag: 0x8DA87805AF0078C
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ed1cb394-601e-0080-0957-79c685000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586d26d629bb0-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 22 KB
5 KB 34ms
33ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: B55i3ZY9miZIaUrwjufy0w==
age: 25295
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 55d7051a-201e-0017-22ff-219088000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 86e586d26d639bb0-FRA

GET
H2 200 bundle.js Show response
assets.ubembed.com/universalscript/releases/v0.180.1/ 176 KB
48 KB 86ms
24ms Script
application/javascript 108.138.26.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ubembed.com/universalscript/releases/v0.180.1/bundle.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.26.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-31.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 011c2e9cca2dd810784f85ccbee288959b13d10c6a1bd740f4486b75985187af

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 19 Sep 2023 19:08:38 GMT
content-encoding: gzip
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
last-modified: Fri, 12 May 2023 18:18:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 16959754
etag: W/"feaa1c0619023f29d47853e5ffd5cec4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: Z6frLayT7hdObooBKZeQ6RByCeLrcy9tlAyinKHlr6XIUVekUFwjjA==

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 380ms
127ms Image
image/gif 18.214.208.237
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=darkreading.com&p=%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&u=Dpjtq8qEf-HCWMVw7&d=darkreading.com&g=53678&g0=Cyberattacks%20%26%20Data%20Breaches&g1=Jai%20Vijayan&g4=article&n=1&f=00001&c=0&x=0&m=0&y=4876&o=1600&w=1113&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&b=2421&t=g7fcmBFrv88Uli8LBOwGDNDbm_9y&V=143&i=China-Linked%20Threat%20Actor%20Taps%20%27Peculiar%27%20Malware%20to%20Evade%20Detection&tz=-120&sn=1&sv=D3Uwq_CiPYzeBg9UWQHPb-NBvp0w0&sr=external&sd=1&im=067b2fff&_
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.208.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-208-237.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:12 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 modules.4bbac2bdc7f1b66d3009.js Show response
script.hotjar.com/ 221 KB
55 KB 82ms
25ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.4bbac2bdc7f1b66d3009.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

261e44bd5998183c1bde239149a4be112fd5afd76c1efb12da82f24cf20561d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 12:55:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 0d4b487d54766de7560aa02de852bbf8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 47766
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55706
last-modified: Tue, 02 Apr 2024 12:54:16 GMT
etag: "d8eecaf9ad4fc4bf64b1230f03df9166"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: DRR-MPvBrFvbnoPCBLYaJovGGlB1tI_8Q_GnF00ZP3mIr8QDdrG_Jw==

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Informa_Logo_1Line_Indigo_Grad_RGB.jpg
cdn.cookielaw.org/logos/c1f53e84-9f05-4169-a854-85052b63c50b/ce37e4cd-9426-40d2-9adb-174d6acdf507/b0d971e9-0178-47c1-aace-784223d87041/ 145 KB
145 KB 32ms
31ms Image
image/jpeg 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/c1f53e84-9f05-4169-a854-85052b63c50b/ce37e4cd-9426-40d2-9adb-174d6acdf507/b0d971e9-0178-47c1-aace-784223d87041/Informa_Logo_1Line_Indigo_Grad_RGB.jpg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21102c999da99aa5a6c8403c9e2367ca2e8d3e7fd2d6b5c1aef9e4fab888749c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 8NigNwrkdBmjWsQuvIR/Tg==
age: 29167
content-length: 148084
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Fri, 26 Nov 2021 15:49:29 GMT
server: cloudflare
etag: 0x8D9B0F4552FB1EF
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 286fded7-101e-008a-2bbf-216232000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 86e586d3089690d4-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 31ms
31ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 Apr 2024 02:11:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 6839
x-ms-lease-status: unlocked
last-modified: Tue, 02 Apr 2024 02:41:02 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: af9a52b2-001e-0086-6730-85f53a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 86e586d3089790d4-FRA

GET
H2 200 ZGFya3JlYWRpbmcuY29t.json Show response
static.iris.informa.com/widgets/config/cdl/ 24 B
493 B 187ms
144ms Fetch
binary/octet-stream 18.245.86.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.iris.informa.com/widgets/config/cdl/ZGFya3JlYWRpbmcuY29t.json
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-108.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ced6d94498388b24b48c4e2aa311815357ab9489c735aedd7725e0b18a02433e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: rR96SWqxdC6RFg.yCtn7XL4AuxoTa4oV
date: Wed, 03 Apr 2024 02:11:13 GMT
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
content-length: 24
last-modified: Tue, 28 Feb 2023 08:49:48 GMT
server: AmazonS3
etag: "d14dcd26bd0521dd67cdde302d3ac4a2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: -EKsMp9Mu51kXDphx_Ob3HkLXJJAD5Z7JSwlOpoNa4CSrNwsw93Tcw==

GET
H2 200 f23io39d.js Show response
static.iris.informa.com/ 70 KB
23 KB 30ms
29ms Script
application/javascript 18.245.86.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.iris.informa.com/f23io39d.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-108.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4f381ccb6f965e2011700b253aa446e84060a338cc416055eabca3b62fa35435

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: r.70SgccGRmRk8cXfo6q55SZB1TmHyVy
content-encoding: gzip
via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
date: Tue, 02 Apr 2024 03:14:28 GMT
last-modified: Thu, 02 Sep 2021 16:02:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P6
age: 82605
x-amz-server-side-encryption: AES256
etag: W/"a790df23a63287b42b6e7324cb81afd9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: vGIM2s3a2jiWV7-fI5kM9P5jZfdQP-bv_X5VE8fPPx62j9X1CZxpcw==

GET
H/1.1 200
OK td.min.js Show response
cdn.treasuredata.com/sdk/3.0/ 58 KB
19 KB 82ms
24ms Script
application/javascript 13.32.99.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.treasuredata.com/sdk/3.0/td.min.js
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-103.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 262f87d47643975a4633b675fc224c7a178d99e579e5d767f4a43ca7cc0bb9de

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 15 Jan 2024 08:40:28 GMT
Content-Encoding: gzip
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
Age: 6802245
X-Amz-Cf-Pop: FRA60-P3
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Last-Modified: Mon, 05 Jul 2021 08:58:13 GMT
Server: AmazonS3
Etag: W/"4b9abb36767431f05495228eb82edf01"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=315360000
X-Amz-Cf-Id: MlmFVdcR5jRbAMqpdk_FU-vTnaSuUcQC-f285FA5zl22VRHSj62d5A==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1018 B
560 B 60ms
60ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1712110272538&lmt=1712109712&adxs=0&adys=0&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=1600x5376&msz=1600x0&fws=0&ohw=0&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3Dbigsky_v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=1472602147&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be6ea41c33833bc22aa109b6cfb496dace7caf7be33796e3801a7097feb5c379

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 38E6 0
0 97ms
29ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.darkreading.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 Apr 2024 02:11:12 GMT
expires: Thu, 03 Apr 2025 02:11:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
6 KB 69ms
69ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=2&sfv=1-0-40&ists=1&sc=1&cookie_enabled=1&abxe=1&dt=1712110272625&lmt=1712109712&adxs=800&adys=299&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=1036x4709&msz=1036x0&fws=4&ohw=1600&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3Dwallpaper_v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=1884216441&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fca26285c6fdab454752c7c97217ed671aaed044af7bb2f0ab9982e8491d632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5961
x-xss-protection: 0
google-lineitem-id: 6429265870
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138455053305
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 794 B
375 B 58ms
58ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=3&sfv=1-0-40&ists=1&sc=1&cookie_enabled=1&abxe=1&dt=1712110272629&lmt=1712109712&adxs=800&adys=300&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=1036x4709&msz=1036x1&fws=4&ohw=1600&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3Doop_v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=695945270&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f28cced99e9e1b527f605aa14cd89b53821798287e177ebaab0bf85131ee863c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 794 B
373 B 54ms
54ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=4&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1712110272632&lmt=1712109712&adxs=800&adys=301&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=1036x4709&msz=1036x1&fws=4&ohw=1600&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3Dfloor_v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=1879026654&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f45ffb55422140bdd3fc4df9995f9d9eaa7bfdc0849d281854b3e5685d9e52f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 342
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 794 B
371 B 64ms
64ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=5&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1712110272635&lmt=1712109712&adxs=800&adys=4958&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=1&ucis=5&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=1036x4709&msz=1036x1&fws=4&ohw=1600&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3Dadhesion_v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=1225283951&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1788f7a15fec499d56a62fc6a7917f455a3488097d7cfa8fcfcef7a223b7d408

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 340
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
17 KB 64ms
63ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x100%7C300x250%7C300x600&ifi=6&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1712110272665&lmt=1712109712&adxs=1006&adys=645&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=324x4253&msz=324x100&fws=4&ohw=1600&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3D300_1v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=415513864&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5ed737b4a283d76a04806bffb91990c948f646b330c43de8ef0b2fc6076de01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17586
x-xss-protection: 0
google-lineitem-id: 6429265870
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138455165102
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 62ms
62ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=5x5&ifi=7&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1712110272685&lmt=1712109712&adxs=1154&adys=561&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=324x37&msz=324x5&fws=4&ohw=1600&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3Dresource_v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=3442304164&frm=20

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f650311d83e5a6ef2891c4eed7008464f181401bc15b188a988640b1ee08102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13465
x-xss-protection: 0
google-lineitem-id: 6429265870
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138455056341
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
17 KB 69ms
69ms XHR
text/plain 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3879373680855958&correlator=2293750398793013&eid=31079957%2C31081518%2C31082256%2C95327887%2C31082436&output=ldjh&gdfp_req=1&vrg=202404010101&ptt=17&impl=fif&npa=1&iu_parts=3834%2Cdarkreading.home%2Carticle%2Ccyberattacks-data-breaches&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%7C970x90%7C970x250&ifi=8&sfv=1-0-40&sc=1&cookie=ID%3D298397dac87c7862%3AT%3D1712110272%3ART%3D1712110272%3AS%3DALNI_Ma7qW-I8QWnzL9OK6rZfVdDfsonjA&gpic=UID%3D00000d87d5b6ce70%3AT%3D1712110272%3ART%3D1712110272%3AS%3DALNI_MZNzHrxnvFQ103qCf1QMknwYtfbFA&abxe=1&dt=1712110272756&lmt=1712109712&adxs=436&adys=274&biw=1600&bih=1113&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&url=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&vis=1&psz=1036x4709&msz=1036x50&fws=4&ohw=1600&psts=AOrYGslXqzWxZnMwa10HhsoG5C0a&ga_vid=676144985.1712110272&ga_sid=1712110273&ga_hid=359027171&ga_fc=true&dlt=1712110271450&idt=420&prev_scp=pos%3D728_1v%26ptype%3Darticle%26nid%3Dbltda1e5475aaf04f4f%26aid%3D338356%26reg%3Danonymous&cust_params=welcad%3Doff%26gdpr_banner%3Don&adks=4110567004&frm=20&eo_id_str=ID%3Dd787a30c4167d78e%3AT%3D1712110272%3ART%3D1712110272%3AS%3DAA-AfjajnBd6KnV5mjentSg7VOol

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e510167b9613297291ada3270d36b04898c9d73fc42600c5f4ac021b53bd3aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17247
x-xss-protection: 0
google-lineitem-id: 6140096305
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138446632021
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.darkreading.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame E6E9 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a50ce68ff989d007c63ad2a2ef5893f30243ba991ff7d8851d76cab478cf005

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9927 0
0 57ms
57ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstLJ0E0ghoJd9MRx7yZ8dDiIokXPc2o1OlNlgt7QoYU6yDVZzhw4faLK-P1duLrHekVc7ITgFbuy_rAhd0ucTYvKICKBhSBK3ei6m6j04BEa7MIqOyh4-ifAcZ1C4xWrZnq1nUOzlp0HsKKmzwLTrI4j829I_jfY364WQxDlXk-DTh6sys9ePFGNm_nHHOt0sgcfxbAm2JQlbLb32ZKVf-Rmb1ufT2hN8T-rcvSqjnXA2-NZ3QCf7-zTrDGv9vtmsNklaPiLuKD7MHDsxRKGqLNOvkaW8dzxoyn6pyWyoynwxUAnalSo7HqWlg2XR39VhzDYnDzsnOEacd283s5bObLKvv1GzfALNf5UmtsKQo2izdpiLXsbbCQ1RYIYGtnsHsRfpThNUiZr7VxNpDYKmcr&sai=AMfl-YSruu6pUH05OHxv_4Rua19sOojPVwwZf-2ygxMw7vosPHv5J6fOfPLJamIumI_lz51ITJtKhoqIb8MxU-H12xoBSLJxuRDVg1sRgQK8KG35Bimozid1YryCpqz3jg&sig=Cg0ArKJSzN5nZGlLLytZEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240328/r20110914/client/ Frame 9927 3 KB
2 KB 87ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240328/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 18:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27795
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 16 Apr 2024 18:27:57 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 9927 214 KB
65 KB 73ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90bb36c4c0d901feb3f32e1c95032cf5521bc5fbe675bc91100e31ee27f93643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 01:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2018
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66538
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 Apr 2024 02:37:34 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/informagamdisplay218733383007/ Frame 9927 332 KB
113 KB 128ms
38ms Script
application/x-javascript 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/informagamdisplay218733383007/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 897185e79b72545761bb5fd4c6eac979d32e8298aa2f0e83b87a646ede71bd99

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 03 Apr 2024 02:11:12 GMT
last-modified: Tue, 26 Mar 2024 11:06:49 GMT
server: AmazonS3
x-amz-request-id: 94QAF6T0K1JESNX2
etag: "18ca483e04623a79130636fc93233229"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=48642
accept-ranges: bytes
content-length: 115714
x-amz-id-2: qMWXqff/e80HZH6i5Bvd3AI9HoE44ZjGorn5d2oO+V4zXf5u6Xw2/7bAHJA8/ZRjeDrhAFKcibY=

GET
H2 200 2805070989159670542
tpc.googlesyndication.com/simgad/ Frame 9927 20 KB
21 KB 86ms
23ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2805070989159670542

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

641efc942ff0ad9b83a82ca21e5e369cfc8d7cd073bcc351d439bfb7192b5f2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 31 Mar 2025 00:23:06 GMT
date: Sun, 31 Mar 2024 00:23:06 GMT
x-content-type-options: nosniff
age: 265686
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20648
x-xss-protection: 0
last-modified: Tue, 30 May 2023 20:47:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET l
www.google.com/ads/measurement/ Frame 9927 0
0

GET
DATA 200
OK truncated
/ Frame 9927 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f16455c2fc7592ed72120c0d670e681b4f482c23a36034b3a1d868c998773bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 44BA 0
0 57ms
57ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqtD17VI7Rte-H6f5gEd7kp--0gYdg8BNGFLdLDIqccAhqzSHXEEWWYHgi3BlbziqYWxWiKsLEU2zBwkeLGLIai7Is0V0h9S03ZslObiqugDort28_tcCj8S9K1qF7yd_mL8PYv3A4jffvs6FDYHL_6TlA4F7OQuP8SviHnu0C1woO0eLOocAelLb6QZZn6HrR0989tfxQwRTFE0LXLeIyRC5NLwtUOmbJmvglB3Z07wWoJ8nuPu6M5ccJwAWWtZdYgElcrn8eJFRApuhKvVyFm0Yff3VG2oFu8t48w9EV-K90if96tqRDfRqmMtvzyOGkQKuTFwUcDXHv0L4agdcZMn5cYFCLDoaU0e-TxrVEKiRgzBZ1dZ0uziEj6xuVpn1vctCGqRHs5wq6FBnWAVkL&sai=AMfl-YS34zrfsVokkYUol5g5_fVBjvhXd-CgYqH8t1Q8wUqDiPVklxjhLhh4aaCmR1u97Wia0RlSNWOmQzBrhsCLO5wmsL44tV94Gx825BL7SvJJDVjfzSKGgXvQ9T4ijv4&sig=Cg0ArKJSzLjAN_qXG_fxEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 44BA 214 KB
65 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90bb36c4c0d901feb3f32e1c95032cf5521bc5fbe675bc91100e31ee27f93643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 01:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66538
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 Apr 2024 02:37:34 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/informagamdisplay218733383007/ Frame 44BA 332 KB
113 KB 35ms
35ms Script
application/x-javascript 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/informagamdisplay218733383007/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 897185e79b72545761bb5fd4c6eac979d32e8298aa2f0e83b87a646ede71bd99

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Tue, 26 Mar 2024 11:06:49 GMT
server: AmazonS3
x-amz-request-id: 94QAF6T0K1JESNX2
etag: "18ca483e04623a79130636fc93233229"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=48641
accept-ranges: bytes
content-length: 115714
x-amz-id-2: qMWXqff/e80HZH6i5Bvd3AI9HoE44ZjGorn5d2oO+V4zXf5u6Xw2/7bAHJA8/ZRjeDrhAFKcibY=

OPTIONS
H2 200 ed0
c.darkreading.com/com.iiris/ Frame 0
0 217ms
138ms Preflight 2606:4700::6812:6b2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.darkreading.com/com.iiris/ed0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6b2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.darkreading.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.darkreading.com
access-control-max-age: 600
cf-cache-status: DYNAMIC
cf-ray: 86e586d81b6630c4-FRA
content-length: 0
date: Wed, 03 Apr 2024 02:11:13 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 ed0
c.darkreading.com/com.iiris/ 2 B
280 B 143ms
142ms Ping
text/plain 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.darkreading.com/com.iiris/ed0

Requested by

Host: static.iris.informa.com
URL: https://static.iris.informa.com/f23io39d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.darkreading.com
access-control-allow-credentials: true
cf-ray: 86e586d8ed944d97-FRA
content-length: 2

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E6E9 0
26 B 59ms
58ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsviIVAD8wnCfSfxainYby-B7DiXfexyM2ItD4mKrdnEEJZpUnaTbiECSFmL0XDQLOF71hWa0S2oepMEXcm156_9iMYonTqngefxlPFDh2vsSGCHlb6h-mCFHeIYd8MUTlU1r5x0elBWZ_iqEOgOcXsE1-AMxSZlngGy0rcMKrJ8IKcutkNPHb6BjCB7cFFy9C9N1iARtg1e9HSH02_gyaBI8_2VxtF_qf7VygtE5M3ONmf2dJtsb9Zi8zsFqS64yvAx9zyaJkwjXPZ1yUeBhSTlfUBw_RxM87IdewVTQe53YeXZ1rBYKoEAGg4eX6Pg-7of1rJNScV--_BOpl0v8mlgT9Pba2CnbO2HV0pxY5qYUL1qj3gXpAmaV9PAJDglXRUD5Klzd30ppu5JkktvYp9aLN9K&sai=AMfl-YT12dgvRIyL0VkQbLXBDAgQO_rwzq0dDBC_3WJtP7-Vi5DSu7tp6CmYFLIqLupMdUvsxIuOD0D63iUgxlhExtFqCSqz1VMbnLdhG03w1s3OS_m5tlxAZPvRnDVYcA&sig=Cg0ArKJSzKA3py05SzLMEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 8314428602504792424
tpc.googlesyndication.com/simgad/ 164 KB
164 KB 25ms
24ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8314428602504792424?

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86819e8068b9b78f20bd91bfef13b1252196882c8a95a9d4680007b731c92bbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Mon, 31 Mar 2025 00:23:05 GMT
date: Sun, 31 Mar 2024 00:23:05 GMT
x-content-type-options: nosniff
age: 265688
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167646
x-xss-protection: 0
last-modified: Wed, 22 Nov 2023 14:34:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6AF2 0
0 56ms
56ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsue9xE22QFdJ64O__WIjLrpW020bpMjqDdo8elbNjnebay47XSOmzpysUfm1oJ9a3yrGJO5drMzM9qhgwYeCqnmlTPmXv5fa1Qg39wKDVgXmIsKwf7Ka2toCdQhbVhmKMrUDTTJtRFAEKQXHgWISLevRbwSKckaX5dD1GNGYqSZ2rVAk-492C-ayj3IGpHGlYEU2t54sqPiQnRH1UlAeE0ssXgntpW3HcGwl3J8KYV4z9NwysOxW_oU_yPeqP9724h5XcSnltE4ngBcMnfVDw39lkru7y3f0BWBRF1OtjC8L_SzQKrWBROkD2xCEkZ-TiSW67xFjJ9uqr8dGKPSDmF9re4bsysP1pgi2zLsMptoeEM68sAoQncRi3TBMz4dnbM5AuWuLw_y3ThHvEY&sai=AMfl-YTYaqBnDbUswbSqfNr0os0M3MuwZZuTnoyOI_teLyB-AzvlQay_Bm5sGcG8hBZacTaWJ1o3H8-KVLUdS-7dHfS6p1c8tmLkNo8byAAvM83H8_jpX2Rn25UxUb0K2w&sig=Cg0ArKJSzLjRWd6ZbsLIEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240328/r20110914/client/ Frame 6AF2 3 KB
1 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240328/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 18:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27796
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 16 Apr 2024 18:27:57 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6AF2 214 KB
65 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90bb36c4c0d901feb3f32e1c95032cf5521bc5fbe675bc91100e31ee27f93643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 01:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66538
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 Apr 2024 02:37:34 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/informagamdisplay218733383007/ Frame 6AF2 332 KB
113 KB 35ms
35ms Script
application/x-javascript 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/informagamdisplay218733383007/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 897185e79b72545761bb5fd4c6eac979d32e8298aa2f0e83b87a646ede71bd99

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: null
content-encoding: gzip
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Tue, 26 Mar 2024 11:06:49 GMT
server: AmazonS3
x-amz-request-id: 94QAF6T0K1JESNX2
etag: "18ca483e04623a79130636fc93233229"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=48641
accept-ranges: bytes
content-length: 115714
x-amz-id-2: qMWXqff/e80HZH6i5Bvd3AI9HoE44ZjGorn5d2oO+V4zXf5u6Xw2/7bAHJA8/ZRjeDrhAFKcibY=

GET
H2 200 11615354544233020182
tpc.googlesyndication.com/simgad/ Frame 6AF2 13 KB
13 KB 62ms
61ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11615354544233020182

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202404010101/pubads_impl.js?cb=31082436

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f274598e02172fc31cb7b3eae2a897a9432c3fe360a49268b0672f09d6e03755

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Wed, 02 Apr 2025 09:17:39 GMT
date: Tue, 02 Apr 2024 09:17:39 GMT
x-content-type-options: nosniff
age: 60814
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13663
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 08:46:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET l
www.google.com/ads/measurement/ Frame 6AF2 0
0

GET
DATA 200
OK truncated
/ Frame 6AF2 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: daa21030f5056116e368bf5cec7418c593bb813e53e0fca50ab1aba2079ad624

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 204 js_pageviews_itcyber_darkreading
eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/ Frame 0
0 78ms
23ms Preflight 18.193.44.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/js_pageviews_itcyber_darkreading?modified=1712110273253

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.193.44.27 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-193-44-27.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-td-fetch-api,x-td-write-key
Access-Control-Request-Method: POST
Origin: https://www.darkreading.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, X-Requested-With, X-TD-Write-Key, X-TD-Fetch-Api, Content-Type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.darkreading.com
access-control-max-age: 7200
date: Wed, 03 Apr 2024 02:11:13 GMT
strict-transport-security: max-age=31536000

POST
H2 200 js_pageviews_itcyber_darkreading Show response
eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/ 16 B
477 B 74ms
25ms Fetch
application/json 18.193.44.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu01.in.treasuredata.com/js/v3/event/webtracking_itcyber/js_pageviews_itcyber_darkreading?modified=1712110273253

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.193.44.27 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-193-44-27.eu-central-1.compute.amazonaws.com

Software

Resource Hash

56587cffbb30e338497c9114f74803a530a713ebe374b69fcfa8551ad8dad1e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-TD-Write-Key: 100/bb9cbe21de3db7a5428506d7528e45b2c801a48c
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.darkreading.com/
X-TD-Fetch-Api: true
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST
p3p: CP="This is not a P3P policy! See https://docs.treasuredata.com/articles/p3p"
access-control-allow-origin: https://www.darkreading.com
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Authorization, X-Requested-With, X-TD-Write-Key, X-TD-Fetch-Api, Content-Type
content-length: 16

GET
H/1.1 200
OK web.js Show response
ads.celtra.com/6067d1e2/ Frame 44BA 14 KB
5 KB 486ms
129ms Script
application/javascript 52.72.222.255
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.celtra.com/6067d1e2/web.js?&clickUrl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuOZl64NSa1aFcSn0L1ddghRurPcFqtGv4ko41XVmNhZOWiZmIzKlsuACudebigTS201GML90_vQeKKRxEZhxemzsTfgMAfa_FsMP23shfVBVw4goG8B4yBpPCRLFqngnFOF2_u8SK4GGpo3cn5E2PlXVO7EhSbEa4CKJq_VTT6yRJ39o6ZNOgdu1j8tiHH556NHFOwMfniWFraeZZZ_ZCExt-P2C1w6KL5hTg8BpQxDiDiVRWzLYL7843fDI5f3zeGpwTHTBrMrvS2JTkUAh1J6k3TqdXgXHVeS6uZ3Eze9MzXEaf1_Zze7_0WA0JYnkAb1sP7pycVtan1OgHAT-EeXYY0qCocLdeLBz89nNq2enQK2x1Q_GCtTZtLDZQOq4mZx2cqrVzTQEwZLfQZ3gZ9KKs%26sai%3DAMfl-YStyqsMCqJW_xQYuqQQ_15MnB1Z_Rd5yuTjJiIqunPJOBUc-uPkbUerTebgru5zrBsvsW77upzV360F6zUO22jfN8HqavG0DfvYkR0ToXJdQ50jIhbDpUEBSQoEZ8s%26sig%3DCg0ArKJSzPWd49MJ2T2WEAE%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26adurl%3D&expandDirection=undefined&clickEvent=advertiser&iosAdvId=&androidAdvId=&externalAdServer=DFPPremium&tagVersion=html-standard-7&eas.JWVjaWQh=138455056341&externalCreativeId=138455056341&externalPlacementId=23004606261&externalSiteId=22316126855&externalSiteName=darkreading.com&externalLineItemId=6429265870&externalCampaignId=3281686722&externalAdvertiserId=5004232532&scriptId=celtra-script-1&clientTimestamp=1712110273.257&clientTimeZoneOffsetInMinutes=-120&hostPageLoadId=4397733997551363
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.222.255 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-222-255.compute-1.amazonaws.com
Software: /
Resource Hash: 2a1276ae810ca2f9fbf64394c0f222335ac8c05d46c24c0459ad551f868cbfa7

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:13 GMT
content-encoding: gzip
Content-Type: application/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 4980
Expires: 0

OPTIONS
H2 200 /
cognito-identity.eu-west-1.amazonaws.com/ Frame 0
0 156ms
47ms Preflight 2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cognito-identity.eu-west-1.amazonaws.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-amz-target
Access-Control-Request-Method: POST
Origin: https://www.darkreading.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-amz-target
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age: 172800
content-length: 0
date: Wed, 03 Apr 2024 02:11:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-amzn-requestid: 7e4be915-30e4-4f46-b05e-0835ae94d73a

POST
H2 200 / Show response
cognito-identity.eu-west-1.amazonaws.com/ 2 KB
2 KB 80ms
79ms XHR
application/x-amz-json-1.1 2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cognito-identity.eu-west-1.amazonaws.com/

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

447e1fd6e251fbc13b94caf038232a8ce3fb33d8bc08a41f5f01d89b18744e58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/x-amz-json-1.1
Accept: application/json, text/plain, */*
Referer: https://www.darkreading.com/
X-Amz-Target: AWSCognitoIdentityService.GetCredentialsForIdentity
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Wed, 03 Apr 2024 02:11:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-expose-headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid: 76556759-01cb-4c91-8ea9-105e4ed9e7ab
content-length: 1780
content-type: application/x-amz-json-1.1

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 44BA 0
0 107ms
55ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9927 0
0 100ms
56ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstzkVgk3t6_D_ZXihjt9c7VRkNqtZCAkz2MF2fxE4vsoKpbQF0-PIdLNlhYlZahJkBmj8CWaSVSCZDO6TnopxxmSGIx387fM21lknNzxWyJ92w9-01iFPa9Lu56pgu8C7t50w1qCwG7OuO2xMUq_qIs6FJYE-VPyQ9OcpH47rSS-trE57WChjTuCZC9Vhoa2P-IXMmvLH9VHUaf2xIPUN3Q8NWn51hfSJCFou9_9dqIJ5P8QRv7-hd4gEtGvx2rZ3PsNvtgXZFMlgIZKQ3DYrPZAR2th1LKtUh-9PTCDhqymQtVseVpV4LqzLLooMuAIabbRy061oIhid5m0e4q2iAnCTvVEP4s2oQXHFc70Jy_OBTILwWd-om0FniIzlu6arSCF05sUXv1_CuLoTZKEfUCh9k&sai=AMfl-YQwz-9v9PKL6FgQeWD9Uj1nJ2BfsElZIWPpw53hBXwziQ2Q7IPjKL2kxCP6tk5J0ZUzw_XcgjPFziU0G-5J_RthcSq9o3Xqhi25U5TEXgDd4hATdBQd-F92Nxc-wQ&sig=Cg0ArKJSzI-rbmKs6fP0EAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9927 0
0 81ms
54ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ Frame 9927 33 KB
11 KB 81ms
23ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?332024
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/informagamdisplay218733383007/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c613bd0434cd5a0f6d1db345a5b36c8bdc6339e96ffde9695340aa1094399f43

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 01:57:16 GMT
via: 1.1 google
content-encoding: br
age: 837
x-guploader-uploadid: ABPtcPrhLQ-gbR_cgdya4ERjcLg7iteXJ4_rBud7ri7WONymZ-2Bve4XAjO9eytPCvK0KW9mjf5C94TS2Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10617
last-modified: Tue, 19 Mar 2024 18:01:29 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1710871289439515
x-goog-hash: crc32c=HinCJA==, md5=x4MOkeS+jF0j70aOQ9M5fQ==
content-type: application/javascript
cache-id: FRA-fa985ced
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 34224
accept-ranges: bytes

GET
H2 200 n.js Show response
mb.moatads.com/ 98 B
276 B 193ms
62ms Script
text/html 132.226.214.62
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/n.js?e=35&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&i=INFORMA_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=&t=1712110273341&de=706591027931&m=0&ar=4c05630205a-clean&iw=e12b8d1&q=2&cb=0&ym=0&cu=1712110273341&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5004232532%3A3281686722%3A6429265870%3A138455165102&zMoatPS=300_1v&zMoatSZ=300x250&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&bo=22316126855&bp=23004606261&bd=300_1v&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&gw=informagamdisplay218733383007&fd=1&it=500&ti=0&ih=2&pe=1%3A1697%3A1697%3A0%3A1676&fs=207732&na=1877853734&cs=0&callback=MoatDataJsonpRequest_18585138
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/informagamdisplay218733383007/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 132.226.214.62 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: fa08880e19d42ec4c5896494cdcd8e8ffdb542f4dd0ecf7b0858edc96ee349ed

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
server: istio-envoy
etag: "014ecf48adcfa7f760fcc3abcbdc21d73c58e018"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 14
timing-allow-origin: *
content-length: 98

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 55ms
46ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=INFORMA_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=&t=1712110273341&de=706591027931&m=0&ar=4c05630205a-clean&iw=e12b8d1&q=3&cb=0&ym=0&cu=1712110273341&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5004232532%3A3281686722%3A6429265870%3A138455165102&zMoatPS=300_1v&zMoatSZ=300x250&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&bo=22316126855&bp=23004606261&bd=300_1v&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&gw=informagamdisplay218733383007&fd=1&it=500&ti=0&ih=2&pe=1%3A1697%3A1697%3A0%3A1676&fs=207732&na=2068867073&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
DATA 200
OK truncated
/ Frame 44BA 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f303af7321c5099ce8fadfb1dc1009ddadc0364b2660b7c01917d4cf0fea06e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6AF2 0
0 56ms
56ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstzExBAgmIWqPc_-bL-iLdizMe1FFjZRkjkccWLF6Loawr77lkgIuntuea0ONJsSlfs8lv_WHWhVfIBFa83WmcpzrtEAI7aB68kO4KU0ZyL-dNcbLvcgMcDO9qJfFxVVRlxL_Gt5JXzvGgbT0HVsB9ESUUQoY4bzvOwW-dq6x1F679yZDwwxk3CSA1mZ4gFgPF1qCicsEi-nQ0wynPsT5pb69OyG14KwLjBTpWpr2XIAbDcgLn5U7z34WVbWZc1F3__QOK3hgUUQV1H9_wnUFhyQDNLgT1kxDi2wDji97MjpHf9C85QWysFQOM46HJDOSg_4kBBabZeVhx572bfoJ5awzMdheUDCCCIN_spIzZ_xCSc6ySnOzY3B9qKFfRn6ZDm27M6--7aiwjOUal7JA&sai=AMfl-YTmvMhpzx6_AajkBvq_tW5zOlEPyBnTjGAb_CPQB1XwC-9J0NTiG-I4Kfh8wM1Ze-TEtoLxSQqplr6C_cB0QYwb3K3i-mVED5JpSXOFs8yEJCR0--gd5Jj84UsKwA&sig=Cg0ArKJSzH9Ih8235SDTEAE&uach_m=%5BUACH%5D&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6AF2 0
0 55ms
54ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F2805070989159670542&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&bq=0&g=0&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273341&de=706591027931&cu=1712110273341&m=67&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5467&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1697%3A1697%3A0%3A1676&as=0&ag=24&an=0&gf=24&gg=0&ix=24&ic=24&ez=1&aj=1&pg=100&pf=0&ib=1&cc=0&bw=24&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=48&cd=0&ah=48&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455165102&bo=22316126855&bp=23004606261&bd=300_1v&zMoatPS=300_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=300x250&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=300_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=1267120052&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H2 200 utsync.ashx Show response
ml314.com/ Frame 9927 62 B
254 B 42ms
41ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=62439&ct=js&pi=&fp=&clid=&if=1&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&pv=1712110273484_rxruwjjom&bl=en-us&cb=7454437&return=&ht=&d=&dc=&si=1712110273484_rxruwjjom&cid=&s=800x600&rp=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&v=2.7.1.157
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?332024
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ Frame 9927 20 B
482 B 582ms
189ms Script
application/javascript 54.204.151.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=332024&v=2.7.1.157
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?332024
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.151.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-204-151-223.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Apr 2024 02:11:13 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Thu, 04 Apr 2024 02:11:13 GMT

OPTIONS
H2 200 darkreading
api.iiris.com/v3/recommend/public/content/similar-items/it/cybersecurity/ Frame 0
0 186ms
121ms Preflight
application/json 172.64.150.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.iiris.com/v3/recommend/public/content/similar-items/it/cybersecurity/darkreading?item=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&limit=4&mode=db&item_age=12

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.107 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-amz-date,x-amz-security-token
Access-Control-Request-Method: GET
Origin: https://www.darkreading.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key,application_id,iris_profile_id,sponsor_id
access-control-allow-methods: DELETE,GET,POST,PUT,OPTIONS
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 86e586d9eac9699f-FRA
content-length: 0
content-type: application/json
date: Wed, 03 Apr 2024 02:11:13 GMT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-apigw-id: VoIeTFmkjoEF8NQ=
x-amzn-requestid: 4181bc2a-784c-4d96-ac80-91531f23d21f
x-content-type-options: nosniff

GET
H2 200 darkreading Show response
api.iiris.com/v3/recommend/public/content/similar-items/it/cybersecurity/ 4 KB
2 KB 159ms
159ms XHR
application/json 172.64.150.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.150.107 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fea8ac7df0af02425b877ef0455357d98a715c736a4504d21178971ce3983a7b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src 'self'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; require-trusted-types-for 'script'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY, DENY
X-Xss-Protection	1; mode=block, 0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
Authorization: AWS4-HMAC-SHA256 Credential=ASIAQ2DDO5RJ3R6SMIYG/20240403/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=c0420ffae267d1ff6daf58457035bdcb7d87662c36e9cbf93ae488a66c42d18c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
X-Amz-Security-Token: IQoJb3JpZ2luX2VjEEIaCWV1LXdlc3QtMSJIMEYCIQCK8dV2+CRb6pIBGb7hoJmeYs2zS89iSt1VNWbyjM2g8QIhALVivbM8owCMZb76/N3Y2WJR0DNo0Kaj7aQZOg7I/YXGKskFCGsQAxoMMDU2MDQzMTcwODk5IgzxBV2XHSXTZxQnrcwqpgU6HQzrUnXDLAGWfVLq3FAwCCYSwp3H2kfEzwFNJup9tyi+yPKAVxZI0JqiTfMYAeL3wm3nOjwnNIUdwt6AABRxBnhlelGJdLW/VV3E4EWpUJ1nMeONNDLwE+KLFLJz4gbmJI2SKIVQCRYAiqvKHmEKJh5dx/JgIKV6ULl3orJ9cpjoA/lzX0CROE/fXrM2zr/F5RPvRLTWx5A0gTINSpuU2nSSnt3iuGXmpB6JSSOZkSCNwpPiVm1Nz17mgCZfz3uN4A5QOs6WXRuvru4dgQmvchjWaUPZxbyuJc4GtgqPMzjVzZZt1AoU2rKLMq82dzGUmko4xZBR1tvEU5PMECz0z6rg5b8Q0iUbHSgWMSwM8oFTl2vOQrSruwk60pH5XY5KG9xxSiIL63X9zB1IsvJa1+WgJxK1yLP4r6yNqH+eLh9WwPaxoshI8KwgQ7qfv9+KIBOU0OyQ28drDWHoq9R0C3Krp28i/LG9teroSDpZUfWhvlfv2pTfd5zcT+lLpdkN+C0ySmcyD+wnOATGimkRWeaPSvXyMOIUpkbmsJx0Xe8FTA/Gi6jDjIznzbSZ2puUEoLyteZ/IKTvLKVhXD1rQRwBZGwkNd/LpPAZ56z7otAOOIAEmRDzV2bEnWACTkzJd+dkSwAUnl62XdumYJ+H+/WPS/Z5ZltwcsxjYFPG13azI5gS50N5ugjw+B1abxzKdnwwrYaI3dWBUF4XrCefknaSpLTg14FNYo/OMotkNm5XhSo1CUOp49IMOC6VEmxaVK8+QzBdpU8AFu2Od6f5nJF9PshEya+8uDoWoWREYHXJua91L+zditbMwoei6fV/qxrgrwvss4dpA2L21eQts+OgbZEbE96Er4yALboQYsnGycrE57PLN7hf4l1tC0dX8TDyc6gwwfWysAY63AKo8yqIsoCmwyzoyTBDhDBfWLDekv93KT5gAq+alQcVQVcA8lkxV6n/x7NX0bcwhdIOugXfLe+KVKC9iSzIO3KdrbPyxowsevp8fUo7ZizC3qjeNU5Bqtdf8xjoyGu74EwKUFUH+75q1L7KZVrxNNQhDAZORBybTCJoIL1XjPiSDvL/RaUIGSnATJeQ1eujfXFtH3agB3Og2vBxdJCEcrD0gLplTIBDzDRAWqo1kXZioCuQy/PsVaIpG5EXeuDMA7xpx98dJhXkx7bJzSbTpnS5YAoTp7Y1JNaGUzpc6WTT9DI01b8jSjZldsTiunJ0pIm4CAoKsMyA0K0BPWqwAc0ljavinEexUdg+bdIWBRWTtAqvJN9t/Yl/Gdcxgmx1+UjUdPBrFzgz3Wv2sm01qYZkOzC/QYw1HD0Hy0FBwFSYjD8BGn2I2DbzXmEqvSFst8RTJESVskVBTh9uekA=
Referer: https://www.darkreading.com/
x-amz-date: 20240403T021113Z
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 3935
x-amzn-remapped-server: uvicorn
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src 'self'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; require-trusted-types-for 'script'
content-encoding: gzip
cross-origin-embedder-policy: unsafe-none
x-amzn-requestid: 975c1faf-0e80-4207-8f1b-43f27a49a679
x-amzn-remapped-connection: keep-alive
x-dns-prefetch-control: off
cf-cache-status: DYNAMIC
x-amz-apigw-id: VoIeUEFFjoEFZSQ=
x-xss-protection: 1; mode=block, 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
cross-origin-opener-policy: unsafe-none
x-download-options: noopen
x-frame-options: DENY, DENY
content-type: application/json
access-control-allow-origin: *
origin-agent-cluster: ?1
cache-control: no-cache, no-store, must-revalidate, max-age=86400, private
cf-ray: 86e586daab07699f-FRA
x-amzn-remapped-date: Wed, 03 Apr 2024 02:11:13 GMT
expires: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 39ms
38ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=INFORMA_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=&t=1712110273438&de=809023220842&m=0&ar=4c05630205a-clean&iw=e12b8d1&q=7&cb=0&ym=0&cu=1712110273438&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5004232532%3A3281686722%3A6429265870%3A138455056341&zMoatPS=resource_v&zMoatSZ=5x5&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&bo=22316126855&bp=23004606261&bd=resource_v&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&gw=informagamdisplay218733383007&fd=1&it=500&ti=0&ih=2&pe=1%3A1697%3A1697%3A0%3A1676&fs=207732&na=779677927&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 38ms
38ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=INFORMA_GAM_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=&t=1712110273446&de=507155031044&m=0&ar=4c05630205a-clean&iw=e12b8d1&q=11&cb=0&ym=0&cu=1712110273446&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&zMoatPS=728_1v&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&bo=22316126855&bp=23004606261&bd=728_1v&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&gw=informagamdisplay218733383007&fd=1&it=500&ti=0&ih=2&pe=1%3A1697%3A1697%3A0%3A1676&fs=207732&na=1151991975&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 39ms
38ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F11615354544233020182&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&bq=0&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273446&de=507155031044&cu=1712110273446&m=7&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5467&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1697%3A1697%3A0%3A1676&as=0&ag=1&an=0&gf=1&gg=0&ix=1&ic=1&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=1&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=2&cd=0&ah=2&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&bo=22316126855&bp=23004606261&bd=728_1v&zMoatPS=728_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=728_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=1101253238&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:13 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H2 200 web.js Show response
cache-ssl.celtra.com/api/creatives/e780031c/compiled/ Frame 44BA 584 KB
128 KB 110ms
26ms Script
application/javascript 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cache-ssl.celtra.com/api/creatives/e780031c/compiled/web.js?v=59-1ff68865fd&secure=1&cachedVariantChoices=W10-&isPurposePreview=0&eventMetadataExperiment=newMeta&inmobi=0
Requested by: Host: ads.celtra.com
URL: https://ads.celtra.com/6067d1e2/web.js?&clickUrl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuOZl64NSa1aFcSn0L1ddghRurPcFqtGv4ko41XVmNhZOWiZmIzKlsuACudebigTS201GML90_vQeKKRxEZhxemzsTfgMAfa_FsMP23shfVBVw4goG8B4yBpPCRLFqngnFOF2_u8SK4GGpo3cn5E2PlXVO7EhSbEa4CKJq_VTT6yRJ39o6ZNOgdu1j8tiHH556NHFOwMfniWFraeZZZ_ZCExt-P2C1w6KL5hTg8BpQxDiDiVRWzLYL7843fDI5f3zeGpwTHTBrMrvS2JTkUAh1J6k3TqdXgXHVeS6uZ3Eze9MzXEaf1_Zze7_0WA0JYnkAb1sP7pycVtan1OgHAT-EeXYY0qCocLdeLBz89nNq2enQK2x1Q_GCtTZtLDZQOq4mZx2cqrVzTQEwZLfQZ3gZ9KKs%26sai%3DAMfl-YStyqsMCqJW_xQYuqQQ_15MnB1Z_Rd5yuTjJiIqunPJOBUc-uPkbUerTebgru5zrBsvsW77upzV360F6zUO22jfN8HqavG0DfvYkR0ToXJdQ50jIhbDpUEBSQoEZ8s%26sig%3DCg0ArKJSzPWd49MJ2T2WEAE%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26adurl%3D&expandDirection=undefined&clickEvent=advertiser&iosAdvId=&androidAdvId=&externalAdServer=DFPPremium&tagVersion=html-standard-7&eas.JWVjaWQh=138455056341&externalCreativeId=138455056341&externalPlacementId=23004606261&externalSiteId=22316126855&externalSiteName=darkreading.com&externalLineItemId=6429265870&externalCampaignId=3281686722&externalAdvertiserId=5004232532&scriptId=celtra-script-1&clientTimestamp=1712110273.257&clientTimeZoneOffsetInMinutes=-120&hostPageLoadId=4397733997551363
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: fc05c1b0f1fab9c9da3d3ca36352227d15d37b7f8d331dcc3c2711215ab8b546

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 07:24:34 GMT
content-encoding: gzip
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 67599
x-cache: Hit from cloudfront
content-length: 130626
server: Apache
etag: "6ae9e13082daca5117d3320bd93e8e082d0812335dd4b5e3ba6f54c0cdbb2a7b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
x-amz-cf-id: yN4c_OinvBf8BeC8p8yT0bndpoAIAlMoDDqYMZbrK83MND6EHQi8Rg==

GET
DATA 200
OK truncated
/ Frame 44BA 167 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26432e661658ef9d3d538b1f71b1478193f6c141f1cd7dfed03e5b677d178c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 71eb68b1-9a39-4b25-9b39-5bc6c2c549cd
https://www.darkreading.com/ Frame 44BA 167 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.darkreading.com/71eb68b1-9a39-4b25-9b39-5bc6c2c549cd
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26432e661658ef9d3d538b1f71b1478193f6c141f1cd7dfed03e5b677d178c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 167
Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 44BA 0
0 61ms
60ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu30nJ919kYFLqJX6bpaI3LQlMLLM35QK9eq-WYTHzbKre5dVqtfHAd35Wu4IZ2CtgXYeUl6CN69IECcaKKUTt45o4jNeOkdHBTz6-N2kU5HlvpQKA0LA8O1iUDeQ-GS8_oJSDk478dAeZeUT5cAaKUfeYGms81gtOlQr9ytvWV4QIr8INqYQOnjSHCMrpeNk99zjZl8nfMeMpNfdEOAKvEIpzrchP5Vx2yP6CuzIbQmWRyMzoDDG_JLGFeFfSLs27Z7Mofc8ai_5q607ZZRAGd4aChRzxDA2sV6GEPz0FG7ktTlsfnV7LTi63AdjK0jrljm4KeJxarteTbSUB10x-U8Uh7Vawgbc2XFDD4x-O9K14EIPKDtVG5sLkoV_52z3lrKgaLVmx4ueTGgO6LDCEPAjE&sai=AMfl-YQeO_Ss4lGL32Ozyy0VV_oQPLGcIRyt9TGnh5hPrlJr9IVQWz4iAv_pvkj_wd1kVNtHo10hr3PbxODGDcITj77SflQhNQ42QiJgrc2uH5rFG-LNQzj2guif296Nd5k&sig=Cg0ArKJSzK4CQRObDUmoEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 Apr 2024 02:11:13 GMT

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 468ms
114ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MCwiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjczLjk2NywibmFtZSI6ImNvbnRhaW5lckJlY2FtZVZpZXdhYmxlIn1dfQ==?crc32c=1736196893
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:14 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 3_webfont.woff2
cache-ssl.celtra.com/api/fonts/google/Lato:400/ Frame 341B 4 KB
4 KB 65ms
22ms Font
application/font-woff2 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cache-ssl.celtra.com/api/fonts/google/Lato:400/3_webfont.woff2?subset=BCDEGILORSTUVW
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 4e3544834b91e44441b532b1543211033bbf7dfdb06b1c540c6539ce2f04c806

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 23:48:19 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 91dc0292eef4e22508a3ae73fe64bbf4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15733375
x-cache: Hit from cloudfront
content-length: 4052
server: Apache
etag: "4e3544834b91e44441b532b1543211033bbf7dfdb06b1c540c6539ce2f04c806"
content-type: application/font-woff2
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 3155953
accept-ranges: bytes
x-amz-cf-id: 4SGuTDJfdJGHBAaeOu8v6Gq6eh_9iNNricptXz7F7apEIlc1EE4CLw==

GET
H2 200 DR_Team%20Cymru_What-Elite-Threat-Hunters.png
cache-ssl.celtra.com/api/blobs/bede08de67d51f6eb5b7ddcd1fcf2a30c7bb2d87b5ab77efef4577d2c52daa73/ Frame 341B 6 KB
6 KB 22ms
22ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/bede08de67d51f6eb5b7ddcd1fcf2a30c7bb2d87b5ab77efef4577d2c52daa73/DR_Team%20Cymru_What-Elite-Threat-Hunters.png?transform=crush&quality=256
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 831a8c85d0e84aee2510d3b2a3bd4812c5c754a38ae3ea31d3bb64c0ecb70904

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "831a8c85d0e84aee2510d3b2a3bd4812c5c754a38ae3ea31d3bb64c0ecb70904"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 5917
x-amz-cf-id: sAc722Hn7_hCshD2wbtIKbvvIm9i6QKOORqmhOfnbgWMr4IhG1jV5g==

GET
H2 200 DR_Team%20Cymru_Forrester-Total-Economic-Impact-Report.png
cache-ssl.celtra.com/api/blobs/acd9bf59a8490d1f842771a2bf385a7944a3e468220c6243e9a67a25f5638110/ Frame 341B 4 KB
5 KB 22ms
22ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/acd9bf59a8490d1f842771a2bf385a7944a3e468220c6243e9a67a25f5638110/DR_Team%20Cymru_Forrester-Total-Economic-Impact-Report.png?transform=crush&quality=256
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 40c1dce0cd9a55cbad2eae9804b4b014f25e4dce64c47efb2507e5267b23f44c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "40c1dce0cd9a55cbad2eae9804b4b014f25e4dce64c47efb2507e5267b23f44c"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 4490
x-amz-cf-id: 2tADKFYyveDvFu8aP1Ryie8WHObDqSDt_4_Q4FfoGehCMg-GDtet3w==

GET
H2 200 PS.jpeg
cache-ssl.celtra.com/api/blobs/7ef598962abb43f925225e5d5a494274297d7f2e3888e76fe218926fac91369b/ Frame 341B 176 KB
176 KB 23ms
23ms Image
image/jpeg 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/7ef598962abb43f925225e5d5a494274297d7f2e3888e76fe218926fac91369b/PS.jpeg?transform=crush&quality=85
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: e2cb4c0d7e08a05a9a62040040b8b01771c43010b25ef58807be795ce0e24027

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "e2cb4c0d7e08a05a9a62040040b8b01771c43010b25ef58807be795ce0e24027"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 180041
x-amz-cf-id: cxFnDZ5yeVCCE3b9xbWOeiCvq17H6mF0HzFRBPlGjA_oNeLiWBVu7Q==

GET
H2 200 PSR.jpeg
cache-ssl.celtra.com/api/blobs/70c4d85f4879e743a38617a4a9730891b436a866e9b7c1eefbce2049d11527c2/ Frame 341B 21 KB
21 KB 42ms
41ms Image
image/jpeg 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/70c4d85f4879e743a38617a4a9730891b436a866e9b7c1eefbce2049d11527c2/PSR.jpeg?transform=crush&quality=85
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: a4dc256375df0c29e96e35e200d184aeaf532de63fce8e776126ccb2362e7fc3

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 12:20:50 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6529824
etag: "a4dc256375df0c29e96e35e200d184aeaf532de63fce8e776126ccb2362e7fc3"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 21122
x-amz-cf-id: FKLcLy5qaeAVVRQhXtzJVQpS4S31ympH9C6hTk3L7LTfHYE1-Z6v5g==

GET
H2 200 DR_Team%20Cymru_The-4-Major-Safety-Checks-Needed.jpg
cache-ssl.celtra.com/api/blobs/f47ca8e6afe887d43b9ead2dc20b88e1886175e50074d0d8a1fd914e06a8042a/ Frame 341B 87 KB
87 KB 47ms
46ms Image
image/jpeg 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/f47ca8e6afe887d43b9ead2dc20b88e1886175e50074d0d8a1fd914e06a8042a/DR_Team%20Cymru_The-4-Major-Safety-Checks-Needed.jpg?transform=crush&quality=85
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: b4a7308752688529258b3a289507524cdfbfc0aa3f731313b81b17b3321a071a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "b4a7308752688529258b3a289507524cdfbfc0aa3f731313b81b17b3321a071a"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 88673
x-amz-cf-id: i21VjHG1WI1kTfM9FJgxgbjnE8rY_o_LO27P4ecO8H64y--0r3u-Iw==

GET
H2 200 tw_hover.png
cache-ssl.celtra.com/api/blobs/f0cccd681d168932db801410643c93f0df03370d5c638ab3e4a16e92b80b3aa0/ Frame 341B 777 B
1 KB 53ms
52ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/f0cccd681d168932db801410643c93f0df03370d5c638ab3e4a16e92b80b3aa0/tw_hover.png?transform=crush
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 1ace1b17e77ec3828eda87eb3fea3671ce2a0f706426fbd158873546c4f9366e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 08:24:10 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15788824
x-cache: Hit from cloudfront
content-length: 777
server: Apache
etag: "1ace1b17e77ec3828eda87eb3fea3671ce2a0f706426fbd158873546c4f9366e"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 1967391
accept-ranges: bytes
x-amz-cf-id: RRsLFGwHvrWkVL32u_Qf3lIaZjiPe6eEBcg1cOogb6JBOdVeejCSZQ==

GET
H2 200 tw.png
cache-ssl.celtra.com/api/blobs/9ad81786e386c3155cbc468769eddcc96e3e991156ad745860288c59c63a417c/ Frame 341B 781 B
1 KB 53ms
53ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/9ad81786e386c3155cbc468769eddcc96e3e991156ad745860288c59c63a417c/tw.png?transform=crush
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 308e134d9a0df8031a894aa2bb6e70515cb9db2403e3e568e7554ae69f474c96

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 08:24:10 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15788824
x-cache: Hit from cloudfront
content-length: 781
server: Apache
etag: "308e134d9a0df8031a894aa2bb6e70515cb9db2403e3e568e7554ae69f474c96"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 34649
accept-ranges: bytes
x-amz-cf-id: Awtx0qK4Njxc26tGUz5q1eMakvd57yrwJjvCcxAF3IWcVDCDpHN88Q==

GET
H2 200 li_hover.png
cache-ssl.celtra.com/api/blobs/e3228348fc17573d7db7d135ba5cf60985157f70dae6643939d3a6686b2aa699/ Frame 341B 591 B
1 KB 53ms
53ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/e3228348fc17573d7db7d135ba5cf60985157f70dae6643939d3a6686b2aa699/li_hover.png?transform=crush
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: c19345a03fed44d267abbe2f427bdcd261aa86a447320f15f3eef8e121690794

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 08:24:10 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15788824
x-cache: Hit from cloudfront
content-length: 591
server: Apache
etag: "c19345a03fed44d267abbe2f427bdcd261aa86a447320f15f3eef8e121690794"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 755605
accept-ranges: bytes
x-amz-cf-id: klakiNJV-xwC36TLtddq8q1PMt_pxFbI1_ooFKwegF6s0JXspH-0TQ==

GET
H2 200 li.png
cache-ssl.celtra.com/api/blobs/2e1d1ae5940fbdaa5f95c1c17393175faf02b27a8c6b37dca2419c70113760ab/ Frame 341B 585 B
1 KB 53ms
53ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/2e1d1ae5940fbdaa5f95c1c17393175faf02b27a8c6b37dca2419c70113760ab/li.png?transform=crush
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: d10a2d03c9fb4943f449b97d333b8d22990200afa70d13d5c1c23ad4d783200c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 08:24:10 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15788824
x-cache: Hit from cloudfront
content-length: 585
server: Apache
etag: "d10a2d03c9fb4943f449b97d333b8d22990200afa70d13d5c1c23ad4d783200c"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 394368
accept-ranges: bytes
x-amz-cf-id: Ggo713qFoaWEjRcS_aEedwYJRjiMqQG2wCCuCkCyzS3z1JF-i_niWw==

GET
H2 200 Signature_logo_Corrected.png
cache-ssl.celtra.com/api/blobs/8bb05c01031cecc027b948e9ee77e0ff47fb4a67eac7276630346d15c5925727/ Frame 341B 6 KB
6 KB 53ms
53ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/8bb05c01031cecc027b948e9ee77e0ff47fb4a67eac7276630346d15c5925727/Signature_logo_Corrected.png?transform=crush&quality=256
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 3896425056e84980f798884821675550d176d2b74fc0521a0cae84c6a202bb27

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "3896425056e84980f798884821675550d176d2b74fc0521a0cae84c6a202bb27"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 5800
x-amz-cf-id: g8yHdrx-NeVCY4huhZIRq17H3MtSu6PoWplMTJhQnZylODOiqqiiLw==

GET
H2 200 tw.png
cache-ssl.celtra.com/api/blobs/9ad81786e386c3155cbc468769eddcc96e3e991156ad745860288c59c63a417c/ Frame 341B 781 B
1 KB 24ms
23ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/9ad81786e386c3155cbc468769eddcc96e3e991156ad745860288c59c63a417c/tw.png?transform=crush
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 308e134d9a0df8031a894aa2bb6e70515cb9db2403e3e568e7554ae69f474c96

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 08:24:10 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15788824
x-cache: Hit from cloudfront
content-length: 781
server: Apache
etag: "308e134d9a0df8031a894aa2bb6e70515cb9db2403e3e568e7554ae69f474c96"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 34649
accept-ranges: bytes
x-amz-cf-id: Norx_tMFeqTNEpdsOFEs0HJ2kVhHkoUxA6N0_IVcwnaPV_tnPM0_rQ==

GET
H2 200 li.png
cache-ssl.celtra.com/api/blobs/2e1d1ae5940fbdaa5f95c1c17393175faf02b27a8c6b37dca2419c70113760ab/ Frame 341B 585 B
1 KB 25ms
24ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/2e1d1ae5940fbdaa5f95c1c17393175faf02b27a8c6b37dca2419c70113760ab/li.png?transform=crush
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: d10a2d03c9fb4943f449b97d333b8d22990200afa70d13d5c1c23ad4d783200c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 03 Oct 2023 08:24:10 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15788824
x-cache: Hit from cloudfront
content-length: 585
server: Apache
etag: "d10a2d03c9fb4943f449b97d333b8d22990200afa70d13d5c1c23ad4d783200c"
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-varnish: 394368
accept-ranges: bytes
x-amz-cf-id: N1IYuSZZF49uNpjL2c6wSzHziRPPfVeqBuj2FY4e9MJPoMN7izZKMw==

GET
H2 200 Signature_logo_Corrected.png
cache-ssl.celtra.com/api/blobs/8bb05c01031cecc027b948e9ee77e0ff47fb4a67eac7276630346d15c5925727/ Frame 341B 6 KB
6 KB 24ms
23ms Image
image/png 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/8bb05c01031cecc027b948e9ee77e0ff47fb4a67eac7276630346d15c5925727/Signature_logo_Corrected.png?transform=crush&quality=256
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 3896425056e84980f798884821675550d176d2b74fc0521a0cae84c6a202bb27

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "3896425056e84980f798884821675550d176d2b74fc0521a0cae84c6a202bb27"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 5800
x-amz-cf-id: QzzdFVRmq94mnXvZRJVSUSRfQ8OpOOhwI1nK5SJwddgnsbfukHuFHw==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/bede08de67d51f6eb5b7ddcd1fcf2a30c7bb2d87b5ab77efef4577d2c52daa73/DR_Team%20Cymru_What-Elite-Threat-Hunters.png?transform=crush&quality=256
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 831a8c85d0e84aee2510d3b2a3bd4812c5c754a38ae3ea31d3bb64c0ecb70904

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "831a8c85d0e84aee2510d3b2a3bd4812c5c754a38ae3ea31d3bb64c0ecb70904"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 5917
x-amz-cf-id: ZPvpf3qx6Wt77T4vT1uA4K6rwnYLFFTb3K7S2rsPIIOC6IxV_JM0aw==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/acd9bf59a8490d1f842771a2bf385a7944a3e468220c6243e9a67a25f5638110/DR_Team%20Cymru_Forrester-Total-Economic-Impact-Report.png?transform=crush&quality=256
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 40c1dce0cd9a55cbad2eae9804b4b014f25e4dce64c47efb2507e5267b23f44c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "40c1dce0cd9a55cbad2eae9804b4b014f25e4dce64c47efb2507e5267b23f44c"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 4490
x-amz-cf-id: IaoznChX9WxFfm-gIOri_ZUDQkn9sm8n-TSp0mctx5SWxPb0OlbhGQ==

GET
H2 200 PS.jpeg
cache-ssl.celtra.com/api/blobs/7ef598962abb43f925225e5d5a494274297d7f2e3888e76fe218926fac91369b/ Frame 341B 176 KB
176 KB 26ms
25ms Image
image/jpeg 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/7ef598962abb43f925225e5d5a494274297d7f2e3888e76fe218926fac91369b/PS.jpeg?transform=crush&quality=85
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: e2cb4c0d7e08a05a9a62040040b8b01771c43010b25ef58807be795ce0e24027

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "e2cb4c0d7e08a05a9a62040040b8b01771c43010b25ef58807be795ce0e24027"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 180041
x-amz-cf-id: 1SJ13l7h-INUs3u3WeBrF7Hni87gH6vcW_dCUDCfjoLWoW8Iz0idYQ==

GET
H2 200 PSR.jpeg
cache-ssl.celtra.com/api/blobs/70c4d85f4879e743a38617a4a9730891b436a866e9b7c1eefbce2049d11527c2/ Frame 341B 21 KB
21 KB 24ms
24ms Image
image/jpeg 18.66.112.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/70c4d85f4879e743a38617a4a9730891b436a866e9b7c1eefbce2049d11527c2/PSR.jpeg?transform=crush&quality=85
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: a4dc256375df0c29e96e35e200d184aeaf532de63fce8e776126ccb2362e7fc3

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 12:20:50 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6529824
etag: "a4dc256375df0c29e96e35e200d184aeaf532de63fce8e776126ccb2362e7fc3"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 21122
x-amz-cf-id: uHx0lmbIoRYNglLW4b5PrZqW9j9ovyW5nirlBpULbpqNq09hSqv3Og==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/f47ca8e6afe887d43b9ead2dc20b88e1886175e50074d0d8a1fd914e06a8042a/DR_Team%20Cymru_The-4-Major-Safety-Checks-Needed.jpg?transform=crush&quality=85
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-43.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: b4a7308752688529258b3a289507524cdfbfc0aa3f731313b81b17b3321a071a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Jan 2024 08:09:34 GMT
via: 1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-P5
age: 6544900
etag: "b4a7308752688529258b3a289507524cdfbfc0aa3f731313b81b17b3321a071a"
x-cache: Hit from cloudfront
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
accept-ranges: bytes
content-length: 88673
x-amz-cf-id: twHer5BmgSiGPJQc0ftZ7YI63i14ibZ0GSuqMsvo5B9jlltH7avSlg==

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 413ms
117ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MSwiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjczLjk4Niwic2NvcGUiOiJnbG9iYWwiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIzLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJvcmllbnRhdGlvbiI6MCwidG9wbW9zdFJlYWNoYWJsZVdpbmRvdyI6eyJ3aWR0aCI6MTYwMCwiaGVpZ2h0IjoxMTEzfSwiaG9zdFdpbmRvdyI6eyJ3aWR0aCI6NSwiaGVpZ2h0Ijo1fSwibmVzdGluZyI6eyJpZnJhbWUiOnRydWUsImZyaWVuZGx5SWZyYW1lIjp0cnVlLCJpYWJGcmllbmRseUlmcmFtZSI6dHJ1ZSwiaG9zdGlsZUlmcmFtZSI6ZmFsc2UsImlmcmFtZURlcHRoIjoxfSwicGFnZVZpc2liaWxpdHlBcGkiOnRydWUsInJlcXVlc3RBbmltYXRpb25GcmFtZSI6dHJ1ZSwidG9wV2luZG93TmF0aXZlUkFGU3VwcG9ydGVkIjp0cnVlLCJhbGxvd05vbk5hdGl2ZVJBRkZvclZpZXdhYmxlVGltZVVzZWQiOmZhbHNlLCJjbGllbnRUaW1lWm9uZU9mZnNldEluTWludXRlcyI6LTEyMCwic3VwcG9ydHNDb250YWluZXJWaWV3YWJpbGl0eSI6dHJ1ZSwic3VwcG9ydHNDb250YWluZXJJbml0aWFsVmlld2FiaWxpdHkiOnRydWUsInRhZ1BhcmVudFdpZHRoIjowLCJ0YWdQYXJlbnRIZWlnaHQiOjAsImFtcERldGVjdGVkIjpmYWxzZSwiYW1wTmVzdGluZ0xldmVsIjoiIiwic2FmZUZyYW1lRGV0ZWN0ZWQiOmZhbHNlLCJmZXRjaFN1cHBvcnRlZCI6dHJ1ZSwiYXNhcEVuYWJsZWQiOm51bGwsIm5hdGl2ZVByb21pc2VzU3VwcG9ydGVkIjp0cnVlLCJiZWFjb25TdXBwb3J0ZWQiOnRydWUsIkludGVyc2VjdGlvbk9ic2VydmVyU3VwcG9ydGVkIjp0cnVlLCJpc011dGF0aW9uT2JzZXJ2ZXJTdXBwb3J0ZWQiOnRydWUsIndlYlZpZXciOm51bGwsImlzV2luZG93T3Blbk5hdGl2ZSI6dHJ1ZSwicHJvdG9Mb2FkaW5nIjp7ImRhdGFMb2FkU3RhdHVzIjoic3VwcG9ydGVkIiwiYmxvYkxvYWRTdGF0dXMiOiJzdXBwb3J0ZWQifSwidG9wV2luZG93TG9jYXRpb24iOiJodHRwczovL3d3dy5kYXJrcmVhZGluZy5jb20iLCJ0b3BXaW5kb3dMb2NhdGlvbkxlbmd0aCI6MjcsIm5hbWUiOiJlbnZpcm9ubWVudEluZm8ifSx7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MiwiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjc0LjEyNywibmFtZSI6ImNyZWF0aXZlTG9hZGVkIiwidmlld2FiaWxpdHkwME1lYXN1cmFibGUiOnRydWUsInZpZXdhYmlsaXR5NTAxTWVhc3VyYWJsZSI6dHJ1ZSwidmlld2FibGVUaW1lTWVhc3VyYWJsZSI6dHJ1ZSwiY2RuVmFyaWFudCI6Im5vbmUifSx7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MywiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjc0LjE0NCwibmFtZSI6InZpZXdwb3J0UGxhY2VtZW50R2VvbWV0cnkiLCJwYWdlRGltZW5zaW9ucyI6eyJoZWlnaHQiOjU1OTEsIndpZHRoIjoxNjAwfSwidmlld3BvcnRQb3NpdGlvblJlY3QiOnsid2lkdGgiOjE2MDAsImhlaWdodCI6MTExMywibGVmdCI6MCwidG9wIjowfSwiZmlyc3RQbGFjZW1lbnRQb3NpdGlvblJlY3QiOnsibGVmdCI6MTAwNiwidG9wIjo1OTcuNDg0Mzc1LCJ3aWR0aCI6MzAwLCJoZWlnaHQiOjgyNX19XX0=?crc32c=1632499729
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:14 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6NCwiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjc0LjE0NiwibmFtZSI6InZpZXdhYmxlMDAiLCJjcml0ZXJpb24iOnsibmFtZSI6IkNvcmUiLCJyYXRpbyI6MCwidGltZSI6MH19LHsic2Vzc2lvbklkIjoiczE3MTIxMTAyNzN4Njc0MjRjNjBmMmUzODV4NTQ0NTg1NDYiLCJhY2NvdW50SWQiOiI0NGI3NGIzNSIsInN0cmVhbSI6ImFkRXZlbnRzIiwiaW5zdGFudGlhdGlvbiI6IjA1NDEwMzYxNzMwMTEwNjI0NCIsImluZGV4Ijo1LCJjbGllbnRUaW1lc3RhbXAiOjE3MTIxMTAyNzQuMTUzLCJ1bml0TmFtZSI6ImJhbm5lciIsInVuaXRWYXJpYW50TG9jYWxJZCI6bnVsbCwic2NyZWVuTG9jYWxJZCI6MTM2OCwic2NyZWVuVGl0bGUiOiJSZXNvdXJjZXMiLCJzY3JlZW5Jc01hc3RlciI6ZmFsc2UsIm9iamVjdExvY2FsSWQiOm51bGwsIm9iamVjdE5hbWUiOm51bGwsIm9iamVjdENsYXp6IjpudWxsLCJpbml0aWF0aW9uVGltZXN0YW1wIjoxNzEyMTEwMjc0LjE1MywibmFtZSI6InNjcmVlblNob3duIn0seyJzZXNzaW9uSWQiOiJzMTcxMjExMDI3M3g2NzQyNGM2MGYyZTM4NXg1NDQ1ODU0NiIsImFjY291bnRJZCI6IjQ0Yjc0YjM1Iiwic3RyZWFtIjoiYWRFdmVudHMiLCJpbnN0YW50aWF0aW9uIjoiMDU0MTAzNjE3MzAxMTA2MjQ0IiwiaW5kZXgiOjYsImNsaWVudFRpbWVzdGFtcCI6MTcxMjExMDI3NC4xNTMsIm5hbWUiOiJjcmVhdGl2ZVJlbmRlcmVkIn1dfQ==?crc32c=2262202501
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:14 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6NywiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjc0LjE3MywibmFtZSI6InZpZXdhYmxlVGltZSIsImZyb20iOjE3MTIxMTAyNzQuMTQ3LCJ0byI6MTcxMjExMDI3NC4xNDd9XX0=?crc32c=3594374298
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:14 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=3&uk=null&pk=0&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.darkreading.com%2F%2Fcyberattacks-data-breaches%2F-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=0&h=825&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273438&de=809023220842&cu=1712110273438&m=1029&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=62&vx=62%3A-%3A-&pe=1%3A1697%3A1697%3A0%3A1676&as=0&ag=99&an=0&gf=0&gg=0&ix=0&ic=0&ez=1&aj=1&pg=62&pf=0&ib=1&cc=0&bw=99&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=198&cd=0&ah=198&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455056341&bo=22316126855&bp=23004606261&bd=resource_v&zMoatPS=resource_v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=5x5&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=resource_v&hv=Celtra%20API&ab=3&fd=1&kt=strict&it=500&fz=1&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=2068356517&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:14 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:14 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6AF2 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstEvt7Go30iJKmz7hKrK8OQZcck6UsZOJSw5XIY963RmaUmXkpuZnhGEEclXk0I4pMzm1N5KArYNNxr48K5pA4zf9RxoemR6_S9HTLqbt4WZPQEbqdmzzOAfHQTUyI5CWcR8oer7LXCM0LwKxRblFPvufaHWM_GYMM&sig=Cg0ArKJSzGHBEregmY0LEAE&id=lidar2&mcvt=1002&p=249,436,339,1164&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20240401&bin=7&avms=nio&bs=1600,1113&mc=1&vu=1&app=0&itpl=3&adk=4110567004&rs=4&la=0&cr=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyMy4wLjYzMTIuODYiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuODYiXSxbIk5vdDpBLUJyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMjMuMC42MzEyLjg2Il1dLDBd&vs=4&r=v&co=804307300&rst=1712110273216&rpt=216&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Apr 2024 02:11:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 46ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273446&de=507155031044&cu=1712110273446&m=1028&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1697%3A1697%3A0%3A1676&as=1&ag=1023&an=1&gi=1&gf=1023&gg=1&ix=1023&ic=1023&ez=1&ck=1023&kw=820&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1023&bx=1&ci=1023&jz=820&dj=1&aa=0&ad=923&cn=0&gk=923&gl=0&ik=923&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=820&cd=2&ah=820&am=2&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&bo=22316126855&bp=23004606261&bd=728_1v&zMoatPS=728_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=728_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=1342003178&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:14 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:14 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 37ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273446&de=507155031044&cu=1712110273446&m=1029&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1697%3A1697%3A0%3A1676&as=1&ag=1023&an=1023&gi=1&gf=1023&gg=1023&ix=1023&ic=1023&ez=1&ck=1023&kw=820&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1023&bx=1023&ci=1023&jz=820&dj=1&aa=0&ad=923&cn=923&gk=923&gl=923&ik=923&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=820&cd=820&ah=820&am=820&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&bo=22316126855&bp=23004606261&bd=728_1v&zMoatPS=728_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=728_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=1914101702&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:14 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:14 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 38ms
37ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273446&de=507155031044&cu=1712110273446&m=1029&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1697%3A1697%3A0%3A1676&as=1&ag=1023&an=1023&gi=1&gf=1023&gg=1023&ix=1023&ic=1023&ez=1&ck=1023&kw=820&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1023&bx=1023&ci=1023&jz=820&dj=1&aa=0&ad=923&cn=923&gk=923&gl=923&ik=923&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=820&cd=820&ah=820&am=820&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&bo=22316126855&bp=23004606261&bd=728_1v&zMoatPS=728_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=728_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=996281083&cs=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:14 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:14 GMT

GET
H2 200 nr-spa-1.253.0.min.js Show response
js-agent.newrelic.com/ 99 KB
32 KB 72ms
21ms Script
application/javascript 2602:816:5001::39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.253.0.min.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2602:816:5001::39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e72e22c9fd71d91300781105175767a7275aa469946f7f72cdda5adaa5c548e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
Origin: https://www.darkreading.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fCBpomkNr2k.mGTnq1v.Ze6YZpq.zil8
content-encoding: br
via: 1.1 varnish
date: Wed, 03 Apr 2024 02:11:14 GMT
strict-transport-security: max-age=300
x-amz-request-id: EB22CMJE5NT06V29
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 32390
x-amz-id-2: msdfT8OtDd1XPmy6wUZHbMPq1YEFkovD8EM7dr7FbfO8EQkshdu9A9AbiqH9n9UaQSWC0Ev2uyw=
x-served-by: cache-fra-eddf8230125-FRA
last-modified: Wed, 13 Mar 2024 21:07:25 GMT
server: AmazonS3
etag: "4a6ecb6da3c4e819773b0e3331ff5e7a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 569428

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 37ms
37ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202404010101&st=env

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f55b561a0ad7d1256b817af984122e3a8a2b512ec52328c4e6b836f75af2ca9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12286
x-xss-protection: 0

POST
H2 204 rum Show response
www.darkreading.com/cdn-cgi/ 0
37 B 73ms
49ms XHR
text/plain 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/cdn-cgi/rum?

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-NewRelic-ID: Vw8EV1VXABAFVVVSAggEVlE=
tracestate: 3288925@nr=0-1-3936348-538480682-5ed5530d753f9309----1712110274651
traceparent: 00-e3fc8cbba8870e648e1a601080a2cdf1-5ed5530d753f9309-01
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM5MzYzNDgiLCJhcCI6IjUzODQ4MDY4MiIsImlkIjoiNWVkNTUzMGQ3NTNmOTMwOSIsInRyIjoiZTNmYzhjYmJhODg3MGU2NDhlMWE2MDEwODBhMmNkZjEiLCJ0aSI6MTcxMjExMDI3NDY1MSwidGsiOiIzMjg4OTI1In19
content-type: application/json
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:14 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.darkreading.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 86e586e0a9184d97-FRA

POST
H2 204 rum Show response
www.darkreading.com/cdn-cgi/ 0
160 B 72ms
49ms XHR
text/plain 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/cdn-cgi/rum?

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-NewRelic-ID: Vw8EV1VXABAFVVVSAggEVlE=
tracestate: 3288925@nr=0-1-3936348-538480682-8ff284b4d1f50378----1712110274653
traceparent: 00-6cd9c17604addd6a8ba89e7ad663c6b4-8ff284b4d1f50378-01
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM5MzYzNDgiLCJhcCI6IjUzODQ4MDY4MiIsImlkIjoiOGZmMjg0YjRkMWY1MDM3OCIsInRyIjoiNmNkOWMxNzYwNGFkZGQ2YThiYTg5ZTdhZDY2M2M2YjQiLCJ0aSI6MTcxMjExMDI3NDY1MywidGsiOiIzMjg4OTI1In19
content-type: application/json
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:14 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.darkreading.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 86e586e0e92a4d97-FRA

GET
H2 200 darkreading-DSJITCUD.ico
www.darkreading.com/build/_assets/ 7 KB
3 KB 80ms
60ms Other
image/x-icon 2606:4700::6812:6e2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.darkreading.com/build/_assets/darkreading-DSJITCUD.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6e2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4af04cf7a5f045d2a21abb3f93d90f175680f07b9ccecb1d5559864b9716cca

Security Headers

Name	Value
Strict-Transport-Security	max-age=3153600000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:14 GMT
strict-transport-security: max-age=3153600000
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Mar 2024 15:42:17 GMT
server: cloudflare
age: 1757339
etag: W/"1cee-18e146dffa8"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: public, max-age=31536000, immutable
cf-ray: 86e586e0e92b4d97-FRA

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 52ms
51ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273446&de=507155031044&cu=1712110273446&m=1231&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=1&ag=1226&an=1023&gi=1&gf=1226&gg=1023&ix=1226&ic=1226&ez=1&ck=1023&kw=820&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1226&bx=1023&ci=1023&jz=820&dj=1&aa=1&ad=1126&cn=923&gn=1&gk=1126&gl=923&ik=1126&co=1126&cp=1024&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1024&cd=820&ah=1024&am=820&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&bo=22316126855&bp=23004606261&bd=728_1v&zMoatPS=728_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=728_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=2033169775&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:14 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:14 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 02:11:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Apr 2024 02:11:14 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 695C 0
0 359ms
24ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.darkreading.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 19013
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Apr 2024 20:54:22 GMT
expires: Wed, 02 Apr 2025 20:54:22 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame 1982 0
0 364ms
32ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FYcOk11DuvNRS32-9c0pkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.darkreading.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-FYcOk11DuvNRS32-9c0pkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 03 Apr 2024 02:11:15 GMT
expires: Wed, 03 Apr 2024 02:11:15 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H/1.1 200 NRJS-26ae6a3b09493bbcc87 Show response
bam.eu01.nr-data.net/1/ 127 B
637 B 357ms
37ms XHR
text/plain 185.221.87.23
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-26ae6a3b09493bbcc87?a=514059305&v=1.253.0&to=MhBSZQoZWEEDU0ZaXgtadUkIClNBEVpBHHYgIR8eUg%3D%3D&rst=4773&ck=0&s=a03ef8d651600bc9&ref=https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&hr=0&tt=011982d76956255f&af=err,xhr,stn,ins,spa&ap=216.35864&be=1469&fe=3202&dc=388&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1712110269976,%22n%22:0,%22f%22:0,%22dn%22:9,%22dne%22:9,%22c%22:9,%22s%22:31,%22ce%22:59,%22rq%22:59,%22rp%22:1470,%22rpe%22:1566,%22di%22:1676,%22ds%22:1857,%22de%22:1857,%22dc%22:4668,%22l%22:4668,%22le%22:4671%7D,%22navigation%22:%7B%7D%7D&fp=1696&fcp=1696
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 8c16e8bedb9e949293721877db18702ebf5baa6234dd7e819fa70bf6c12994e8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 03 Apr 2024 02:11:15 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.darkreading.com
access-control-expose-headers: Date
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
cross-origin-resource-policy: cross-origin
Connection: keep-alive
timing-allow-origin: https://www.darkreading.com
Content-Length: 127
x-served-by: cache-fra-eddf8230081-FRA

POST
H/1.1 200 NRJS-26ae6a3b09493bbcc87 Show response
bam.eu01.nr-data.net/events/1/ 24 B
346 B 26ms
26ms XHR
image/gif 185.221.87.23
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/events/1/NRJS-26ae6a3b09493bbcc87?a=514059305&v=1.253.0&to=MhBSZQoZWEEDU0ZaXgtadUkIClNBEVpBHHYgIR8eUg%3D%3D&rst=5181&ck=0&s=a03ef8d651600bc9&ref=https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&hr=0
Requested by: Host: www.darkreading.com
URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Wed, 03 Apr 2024 02:11:15 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.darkreading.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230081-FRA

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 123ms
123ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6OCwiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjc1LjE1NiwibmFtZSI6InZpZXdhYmxlNTAxIiwiY3JpdGVyaW9uIjp7Im5hbWUiOiIzMC8xIiwicmF0aW8iOjAuMywidGltZSI6MTAwMH19XX0=?crc32c=1702740047
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:15 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 115ms
115ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6OSwiY2xpZW50VGltZXN0YW1wIjoxNzEyMTEwMjc1LjE4MSwibmFtZSI6InZpZXdhYmxlVGltZSIsImZyb20iOjE3MTIxMTAyNzQuMTQ3LCJ0byI6MTcxMjExMDI3NS4xNzN9XX0=?crc32c=313883974
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:15 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=3&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&h=825&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273438&de=809023220842&cu=1712110273438&m=2039&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=62&vx=62%3A63%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=1&ag=1112&an=99&gf=0&gg=0&ix=0&ic=0&ez=1&ck=1112&kw=1010&aj=1&pg=62&pf=62&ib=1&cc=1&bw=1112&bx=99&ci=1112&jz=1010&dj=1&aa=0&ad=905&cn=0&gk=0&gl=0&ik=0&cq=1&im=1&in=1&pd=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=198&ah=1010&am=198&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455056341&bo=22316126855&bp=23004606261&bd=resource_v&zMoatPS=resource_v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=5x5&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=resource_v&hv=Exps%3A%20Celtra%20Banner%2FVideo%20%7C%20Celtra%20API&ab=3&fd=1&kt=strict&it=500&fz=1&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=604403716&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:15 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:15 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=3&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=825&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273438&de=809023220842&cu=1712110273438&m=2040&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=62&vx=62%3A63%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=1&ag=1112&an=1112&gf=0&gg=0&ix=0&ic=0&ez=1&ck=1112&kw=1010&aj=1&pg=62&pf=62&ib=1&cc=1&bw=1112&bx=1112&ci=1112&jz=1010&dj=1&aa=0&ad=905&cn=905&gk=0&gl=0&ik=0&cq=1&im=1&in=1&pd=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1010&cd=1010&ah=1010&am=1010&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455056341&bo=22316126855&bp=23004606261&bd=resource_v&zMoatPS=resource_v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=5x5&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=resource_v&hv=Exps%3A%20Celtra%20Banner%2FVideo%20%7C%20Celtra%20API&ab=3&fd=1&kt=strict&it=500&fz=1&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=2080114866&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:15 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:15 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=3&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=825&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273438&de=809023220842&cu=1712110273438&m=2242&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=62&vx=62%3A63%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=1&ag=1315&an=1112&gf=0&gg=0&ix=0&ic=0&ez=1&ck=1112&kw=1010&aj=1&pg=62&pf=62&ib=1&cc=1&bw=1315&bx=1112&ci=1112&jz=1010&dj=1&aa=1&ad=1108&cn=905&gk=0&gl=0&ik=0&co=1108&cp=1211&cq=1&im=1&in=1&pd=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1211&cd=1010&ah=1211&am=1010&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455056341&bo=22316126855&bp=23004606261&bd=resource_v&zMoatPS=resource_v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=5x5&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=resource_v&hv=Exps%3A%20Celtra%20Banner%2FVideo%20%7C%20Celtra%20API&ab=3&fd=1&kt=strict&it=500&fz=1&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=1178921253&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:15 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:15 GMT

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 115ms
115ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MTAsImNsaWVudFRpbWVzdGFtcCI6MTcxMjExMDI3Ni4xOTgsIm5hbWUiOiJ2aWV3YWJsZVRpbWUiLCJmcm9tIjoxNzEyMTEwMjc1LjE3MywidG8iOjE3MTIxMTAyNzYuMTgxfV19?crc32c=3294750749
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:16 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 114ms
114ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MTEsImNsaWVudFRpbWVzdGFtcCI6MTcxMjExMDI3Ny4yMTUsIm5hbWUiOiJ2aWV3YWJsZVRpbWUiLCJmcm9tIjoxNzEyMTEwMjc2LjE4MSwidG8iOjE3MTIxMTAyNzcuMTk4fV19?crc32c=1232116177
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273446&de=507155031044&cu=1712110273446&m=5049&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=1&ag=5045&an=1226&gi=1&gf=5045&gg=1226&ix=5045&ic=5045&ez=1&ck=1023&kw=820&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5045&bx=1226&ci=1023&jz=820&dj=1&aa=1&ad=4945&cn=1126&gn=1&gk=4945&gl=1126&ik=4945&co=1126&cp=1024&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4845&cd=1024&ah=4845&am=1024&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=5006753165%3A2994564374%3A6140096305%3A138446632021&bo=22316126855&bp=23004606261&bd=728_1v&zMoatPS=728_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=728x90&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=728_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=10436101&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:18 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:18 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=0&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273341&de=706591027931&cu=1712110273341&m=5266&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A0%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=0&ag=701&an=24&gf=701&gg=24&ix=701&ic=701&ez=1&aj=1&pg=100&pf=100&ib=1&cc=0&bw=701&bx=24&dj=1&aa=0&ad=601&cn=0&gk=601&gl=0&ik=601&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5053&cd=48&ah=5053&am=48&xd=00&rf=0&re=1&ft=601&fv=0&fw=601&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455165102&bo=22316126855&bp=23004606261&bd=300_1v&zMoatPS=300_1v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=300x250&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=300_1v&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=590667774&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:18 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:18 GMT

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRle...
track.celtra.com/json/ 35 B
242 B 115ms
115ms Image
image/gif 54.173.102.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNzEyMTEwMjczeDY3NDI0YzYwZjJlMzg1eDU0NDU4NTQ2IiwiYWNjb3VudElkIjoiNDRiNzRiMzUiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiIwNTQxMDM2MTczMDExMDYyNDQiLCJpbmRleCI6MTIsImNsaWVudFRpbWVzdGFtcCI6MTcxMjExMDI3OS4yMzEsIm5hbWUiOiJ2aWV3YWJsZVRpbWUiLCJmcm9tIjoxNzEyMTEwMjc3LjE5OCwidG8iOjE3MTIxMTAyNzkuMjE1fV19?crc32c=2374461473
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.102.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-102-53.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Expires: 0
Pragma: no-cache
Date: Wed, 03 Apr 2024 02:11:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
265 B 36ms
36ms Image
image/gif 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&sgs=3&vb=8&kq=1&lo=3&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=INFORMA_GAM_DISPLAY1&ol=3984263267&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!b.%5BMhS%3A15.snxNz3%2B1bmlLntoDUj%7B!%3CFeid%5BOV%7C%2B2x%3D(%3Ce7%25tDkkcRYG%3EZcTOc9!x%5E%7D%2Cap.%3E%25.s)yeA1%7Cu%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ2MJ2%2C%7BK%24%3D!%2509.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C5%2C747835005%2C1%2C2%2C0%2Cprobably%2Cprobably&rb=1-CxVYrdgGjX5DKO5X%2BNSW1ckg%2FF4GLhl3AVpTH3Rq9Z4ILVN3UpY2LAh4B7fp%2BKXCrUw%3D&rs=1-AtzSsj5UIp%2B9WA%3D%3D&sc=1&os=1-Vw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqEKiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=770&qd=570&qf=1600&qe=1113&qh=1600&qg=1200&qm=-120&qa=800&qb=600&qi=800&qj=600&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aa%5DmJVOG)%2C~%405%2F%5BGI%3F6C(TgPB*e%5D1(rI%24(rj2Iy!pw%40aOS%3DyNX8Y%7BQgPB*e%5D1(rI%24(rj%5EB61%2F%3DSqcMr1%7B%2CJA%24Jz_%255tTL%3Fwbs_T%234%25%60X%3CA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=825&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&id=1&ii=4&f=0&j=&t=1712110273438&de=809023220842&cu=1712110273438&m=6062&ar=4c05630205a-clean&iw=e12b8d1&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=87&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5591&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=62&vx=62%3A63%3A-&pe=1%3A1697%3A1697%3A4671%3A1676&as=1&ag=5135&an=1315&gf=0&gg=0&ix=0&ic=0&ez=1&ck=1112&kw=1010&aj=1&pg=62&pf=62&ib=1&cc=1&bw=5135&bx=1315&ci=1112&jz=1010&dj=1&aa=1&ad=4928&cn=1108&gk=0&gl=0&ik=0&co=1108&cp=1211&cq=1&im=1&in=1&pd=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5033&cd=1211&ah=5033&am=1211&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5004232532%3A3281686722%3A6429265870%3A138455056341&bo=22316126855&bp=23004606261&bd=resource_v&zMoatPS=resource_v&gw=informagamdisplay218733383007&zMoatOrigSlicer1=22316126855&zMoatOrigSlicer2=23004606261&zMoatDomain=darkreading.com&zMoatSubdomain=darkreading.com&dfp=0%2C1&la=23004606261&zMoatSZ=5x5&zMoatMMV_MAX=na&zMoatMGV_MAX=na&zMoatCURL=darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&zMoatDev=Desktop&zMoatDfpSlotId=resource_v&hv=Exps%3A%20Celtra%20Banner%2FVideo%20%7C%20Celtra%20API&ab=3&fd=1&kt=strict&it=500&fz=1&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=207732&na=1400396134&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.darkreading.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

unused62: 8096267
pragma: no-cache
date: Wed, 03 Apr 2024 02:11:19 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 03 Apr 2024 02:11:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.com
URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT766aJ6QNpIPs2niHQtCC-PLX8no2lznbO6CzSeciuZKz6FlIhJAjgnjDxhIVwFHWAY520

Domain: www.google.com
URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSAyzNSpQ34o9TiInleFtDusncO_ien5uk2lxHdRIKyaiuPuW6tjL9EZh0pQhbnTaS9aFcF

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202404010101&jk=3879373680855958&bg=!k5ClkN_NAAYQOWS2MDk7ADQBe5WfOCEz3eQbM1oobSOs4Zp_WTg00WWsxx2lfNk-WSUHkidhNl3fAUv0ZGlMZnsbJ-oqAgAAAFtSAAAAA2gBB34ANVeoYV5lHDLp_jKUcYkkAGhwtiwpcIgpwZTjlX8IArT3Juv-BNb-pJJv2e92_lD6DYnCgC18CgCOrVIU80kloe4vW1CS5qVPtiZnAdEVdZBR668eiLyIxe-Kakkx8QD-aI2HDU6T7nfg2NoZKQ80GmPl16a4qMXD47ixWrA9AcfECVbCCQGZtNsrhrqvyBo31WtCVjci5mNL2IwOb4QQ7YzIas54kABAhcmPQ5Zc-PkgiOC8y7gqAgav8EfL9cb4q7NCTffOOpkCnkMq8F784g6mP5YB_09_opJIwde-TYF6hgLPxPWjd33Bu5exn2-mmKSQizbXhF-LiUMpCE2wcGUN5hSyInA3sTEFjnD2MGWKWGK7tYkt-uoksj6zOnDEvxMso06Pq4ZkkYXhVYfDRfct7vyEs-wK80BavA_VucIjCuCykN6rycm3swPl8SP7a75inTQpYZyhmnr5lH-l_NBvugcw0nrIVeoSJCDH0JdL6iYuUuAXpJQnEak-PsIAymxHXl8wIcd7FgaKTN1zxF4_c5CGmZNg9t8K1sIUzs2U0zMBrzicln4mqEtwybXT6SPswnFK1nUUbi4F_Zim4co1iys599v0sqLS1lOH7q3zPr-GnwRbeAO3Es23Og7biDVfKzxuG2bEtPOnKfU4pO2-_o793VPXNbBgsRYsyQzJGC9AjBA2IjlBs0AxYND6bTIAMCxxJ-t28orPJpR4pb5p8dqFU6qwao5Jptgrc6ATkZnzKZuHbvqYTpKd4ObXYonVDFl3PahydTvtPEgHAaVgnM0hfLfoxQ7z6pgJsFGQw9l5U7MIzEqkN16gUusrLa20XJ_WpIdDkx7P_jsamz6HbvtibSYzf8FNnUExUJgJ6l4efoMViCQBJ5K0fmsfcejFEOCL7gIJD5GP70DhcirvRg_kyD-_zTmJWFi8USdfskvGQVUov41fF8EhhrrheRxXRLgRyU-H6tus9vkMOyEi7TK3tPbFfwn7PQpQEAVMYDtaZxnXOMqIja3Wq8m2xMbMke0FqttZ-c4dJGGpY7A8jQOIAL_jOGOzACKkgmawBoiPAMjETo6ldciNfavFV1AKSExU9sSF40Rs7KBREPs9ot7H3CsmFL4Wxt2cSOD8uEbmybRYAaJPvcZR2yWVh1UqJz49hyw

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.darkreading.com/	1970-01-20 19:35:12	Name: __cf_bm Value: y5W2Xy0JtD83MP.JDOP1lfurPp_uWuGYuSks1qThH.g-1712110271-1.0.1.1-X0sFXKki3fnwajq4m4Y1_rn.CWQjux6JUvaat9a2PgH0uNQ.SnkJdyq7Z3i8pL7MzdyTWRsVzAGqb.tzTskCxA
.darkreading.com/	1970-01-20 21:44:46	Name: _gcl_au Value: 1.1.1662438741.1712110272
.darkreading.com/	1970-01-21 05:11:10	Name: _ga_1X1EHQ3PFR Value: GS1.1.1712110272.1.0.1712110272.60.0.0
.darkreading.com/	1970-01-21 05:11:10	Name: _ga Value: GA1.1.676144985.1712110272
.js.ubembed.com/	1970-01-20 19:35:12	Name: __cf_bm Value: ocpaprkKXfLjIUSFfRuaUhn3kgh3GvHgVmp.TEAZIg4-1712110272-1.0.1.1-4vGc4q9e1_pDJVeTGJUE7cqupdOFCsGMJ.uFjrFjFN1OKF6vKcQUXRCFM_0VAy4EZBI1npT1JCp5g82yIBSBrw
.darkreading.com/	1970-01-21 05:03:58	Name: _cb Value: Dpjtq8qEf-HCWMVw7
.darkreading.com/	1970-01-21 05:03:58	Name: _chartbeat2 Value: .1712110272384.1712110272384.1.D3Uwq_CiPYzeBg9UWQHPb-NBvp0w0.1
.darkreading.com/	1970-01-20 19:35:12	Name: _cb_svref Value: external
.darkreading.com/	1970-01-20 23:54:22	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Apr+03+2024+04%3A11%3A12+GMT%2B0200+(Central+European+Summer+Time)&version=6.39.0&isIABGlobal=false&hosts=&consentId=d51b3e78-d0f5-49bf-a7f4-6afe5b1914da&interactionCount=0&landingPath=https%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fchina-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.darkreading.com/	1970-01-21 04:20:46	Name: _hjSessionUser_2610568 Value: eyJpZCI6IjhiZGQ2NGUyLTQ1NTMtNTYxOC1iNzU2LWEwYzU1ZjFiZDRiMiIsImNyZWF0ZWQiOjE3MTIxMTAyNzI3MjUsImV4aXN0aW5nIjpmYWxzZX0=
.darkreading.com/	1970-01-20 19:35:12	Name: _hjSession_2610568 Value: eyJpZCI6ImYyYzZiYzk3LTNhZjgtNGJlYS05YmY5LTQ4MmI3YzI3NjVmNSIsImMiOjE3MTIxMTAyNzI3MjcsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.doubleclick.net/	1970-01-21 05:11:10	Name: IDE Value: AHWqTUmr0z_i2qduQws8y1hIVszzcsZ1r-nDMMPOqDGyEeY7vMQ0vViAgshzZTsUmHs
.darkreading.com/	1970-01-21 04:56:46	Name: __gads Value: ID=e868d121f30f8bdf:T=1712110272:RT=1712110272:S=ALNI_Mb1xTIeLWDU4wEBfplTsHc-wPJn7A
.darkreading.com/	1970-01-21 04:56:46	Name: __gpi Value: UID=00000d87d5a25876:T=1712110272:RT=1712110272:S=ALNI_MY_LC9T-h4q6U_afvx6pUI_jTUDOQ
.darkreading.com/	1970-01-20 23:54:22	Name: __eoi Value: ID=237cecf019d2ff25:T=1712110272:RT=1712110272:S=AA-AfjZVFjGtXiE-rGRG9xSz3NiB
.darkreading.com/	1970-01-20 19:35:12	Name: _sp_ses.94c4 Value: *
.darkreading.com/	1970-01-21 05:11:10	Name: _sp_id.94c4 Value: 05176aa2-afd1-4f28-aa9f-a6fd43089d6e.1712110273.1.1712110273.1712110273.71292855-7d7d-4582-91a4-b7789b3462d3
.darkreading.com/	1970-01-21 05:11:10	Name: __td_signed Value: true
.darkreading.com/	1970-01-21 05:11:10	Name: _td Value: 6bd576db-2a00-4af4-832b-efc1277cbcfe
www.darkreading.com/	1970-01-20 19:36:36	Name: _iris_cdl Value: Ki50cmFkZXB1Yi5jb20=
.in.treasuredata.com/	1970-01-21 05:11:10	Name: _td_global Value: 10a531cd-ffdc-44ae-8b93-3a32f9e2de16
.darkreading.com/	1970-01-21 04:20:46	Name: sp Value: 2b366f63-a5b0-494e-998c-1bf5c31aefb1

26 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-actor-using-peculiar-malware-to-hide-malicious-activities Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=3153600000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6600d6d98e534115970f9529a45f3195.js.ubembed.com
832d5e0893a045e453d189e48ea22c9c.safeframe.googlesyndication.com
ads.celtra.com
analytics.google.com
api.iiris.com
assets.ubembed.com
bam.eu01.nr-data.net
c.darkreading.com
cache-ssl.celtra.com
cdn.cookielaw.org
cdn.treasuredata.com
cognito-identity.eu-west-1.amazonaws.com
connect.facebook.net
eu-images.contentstack.com
eu01.in.treasuredata.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
in.ml314.com
js-agent.newrelic.com
marketingplatform.google.com
mb.moatads.com
ml314.com
pagead2.googlesyndication.com
ping.chartbeat.net
px.moatads.com
script.hotjar.com
securepubads.g.doubleclick.net
static.chartbeat.com
static.cloudflareinsights.com
static.hotjar.com
static.iris.informa.com
stats.g.doubleclick.net
tpc.googlesyndication.com
track.celtra.com
www.darkreading.com
www.google.ae
www.google.com
www.googletagmanager.com
www3.doubleclick.net
z.moatads.com
pagead2.googlesyndication.com
www.google.com
108.138.26.31
13.32.27.54
13.32.99.103
132.226.214.62
151.101.66.137
172.64.150.107
18.193.44.27
18.214.208.237
18.245.86.108
18.66.102.106
18.66.112.43
185.221.87.23
2600:9000:2646:600:18:1fcd:353:c61
2602:816:5001::39
2606:4700:4400::6812:2089
2606:4700:4400::6812:27b5
2606:4700::6810:4f49
2606:4700::6812:6b2f
2606:4700::6812:6e2f
2606:4700::6813:b134
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:81d::200e
2a00:1450:4001:828::2003
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c00::9a
2a03:2880:f083:100:face:b00c:0:3
2a05:d018:94a:8a02:95e2:faf0:fffb:1ca1
34.117.77.79
52.72.222.255
54.173.102.53
54.204.151.223
69.192.161.152
011c2e9cca2dd810784f85ccbee288959b13d10c6a1bd740f4486b75985187af
01b6c3f20567168ba63154de34f994346f6b05c8bf22e7447515299267c1a38e
02579708d575bf5ea71adbb4f0a0dd7899ae7165bbc02f382f5bbfd0d866ba6c
07df21385dfe089a7da035f39d98df643aa243022cf03aab9de176d76c34fd02
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d8eb3acd720ba9dbd34dbe5d44940911c49eb4e428d3d19b35783d3c0e4a8a1
11f6a1494b79e441443c27625e7135b68c04ee9d6f8b650545477501ebb414ed
127c7ead87e287db401c5a3173fd190cc2c7211711e97486294ca2086754f793
12d04146373bc5fb49c6a59242e2ecf68a936d237df36502ae6019a69a22b82a
1400afceac90350a1670b94883cd946729f1438f683bf39bef044d945c067269
162fdc59fe32d506fa254e5f6e6ace62991757ccb10910d0e3a4be7f8724e8b3
1788f7a15fec499d56a62fc6a7917f455a3488097d7cfa8fcfcef7a223b7d408
1866a87b4c049fb761b0218db2aecbef33496d878706bc56f2701965efaf88a7
1a50ce68ff989d007c63ad2a2ef5893f30243ba991ff7d8851d76cab478cf005
1ace1b17e77ec3828eda87eb3fea3671ce2a0f706426fbd158873546c4f9366e
1bb1199054cb7ba3280a7d772f99715eb3cc48babd4b28f9ceacbe37b8cf107c
1f650311d83e5a6ef2891c4eed7008464f181401bc15b188a988640b1ee08102
1fca26285c6fdab454752c7c97217ed671aaed044af7bb2f0ab9982e8491d632
2013f742b764fbcb98d198d820eb0538210279514dd486eefb218bd95e363667
21102c999da99aa5a6c8403c9e2367ca2e8d3e7fd2d6b5c1aef9e4fab888749c
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2446ebe8630af649ad9e39a4c218bf8932a9459fc1a3d7d3eaf5d94d3e5c5b23
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
261e44bd5998183c1bde239149a4be112fd5afd76c1efb12da82f24cf20561d4
262f87d47643975a4633b675fc224c7a178d99e579e5d767f4a43ca7cc0bb9de
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a1276ae810ca2f9fbf64394c0f222335ac8c05d46c24c0459ad551f868cbfa7
2b21643da63b2c4ecc10d42f29531dd1830ea86dc7fa876cf0e0d570b76bbb3c
2f499b6cd0a664df05af766bd604bec68dbd30fbf0ebee481575228a70d8df8f
308e134d9a0df8031a894aa2bb6e70515cb9db2403e3e568e7554ae69f474c96
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
316aaf31d8e513c553ecf0da6fba97a000f38f0fa541ff1a9bece4372f6f485f
35243e15497801e97fd517407580fc495bccca3828af2aff4488f7d476b4f519
3635a5f6addfeeb02ebec03088c9c42619193abb0b6e5af5046c94f31e511b80
3896425056e84980f798884821675550d176d2b74fc0521a0cae84c6a202bb27
3b9dac65a3277574c2577423c174f7a3ec11e01d2c5e190b8320dbedc6e31dc4
3ddc129f9561ac971801ea536d9ac8848ed2c0f5abafeebf249b8caa14ce601a
407b0eb60d8b1b7a9f3a143b4f8c1151b7f3a995af078c45e0c433a905e35d82
40c1dce0cd9a55cbad2eae9804b4b014f25e4dce64c47efb2507e5267b23f44c
445bfeb3746eef6dcddc37e3ae7570685e75fdf6c4c9d8235db255a3de132265
447e1fd6e251fbc13b94caf038232a8ce3fb33d8bc08a41f5f01d89b18744e58
45ddf694907dcccbb3e58a25db206428001f6e3d426ae5e7aa1bdd2279ddd42f
46532f65ff54c2eb734aa7e9fa4bddd0bff56632b34118d4b2efcfd6e0efcfdb
48e81c97bc84ee508d17645d6c1071a031044061d48c55a9d547d6f2da77c73d
4b475b63a797144d91a4b2e34499ab7321bdf6d298d5f1177ec1fa3f5d3b4e0e
4bda560e1b47fe886f72faafe85501a9c014b96323dc273baa07daa2d3386c66
4e3544834b91e44441b532b1543211033bbf7dfdb06b1c540c6539ce2f04c806
4f277b531867b0201224cc8596420538564e55b1857b9130f185a9593717d746
4f381ccb6f965e2011700b253aa446e84060a338cc416055eabca3b62fa35435
4f4f87402842b39426dfe4ab187ef20334b1fc84b18f62fa1c0695f1be08fa63
509f23309ea6a54534a6028847a4db27e83e2ad3265a13898c844a108490cb56
56587cffbb30e338497c9114f74803a530a713ebe374b69fcfa8551ad8dad1e9
58016ccef8b151b18ba8a751a7666689dcb78facc25a8710434d2e8629a83142
592356a6c52e99185da7862c1bc4929308efd3618e8f1c8e1dd665abf205ee62
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5a63bbbbf6c03435c477d375da06c8903f92508c3b2af313354c85452af34f0f
5e1b2cb371789cc9c56cf7fbcc6135601164587900e7dbed52f79906bc447cb0
5edae2bb1e57075798286bd4c36782a2439285a5f56087fec35bab764d1c06a2
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a683fb450f7fa9845bc05412211a15a4b09b406db0c7fcb6fe2fe18acff1ad
62eee22f7f92913689361d7cad70e166c1f0fe52937c1269996cffaa712e60f7
641efc942ff0ad9b83a82ca21e5e369cfc8d7cd073bcc351d439bfb7192b5f2c
6ef59df86d3826ee2048c7707b14be9a819ffe3ce87ca7e989511ac24e447812
763dbbbeae9338c472651f4652721f72b22d027836c3af829ec2d4121553a8e8
767e0284835687eb41592ae328639f74a01063985d5fcd4d36dd7ec4d2975159
78252040753f69af3a38b2355740febcf712d41b02e4466f1c53a76ffecb7dfd
7b75529201e97f7566ae404c0bd803c64ce29092a13c8e1893369ef3c32c6337
7f2e3ebbddb67be0cddf814e8f73792f8dcdc0441b501a00d19575d5796195f7
7f6eaa015629c736b229a9bfd7a2bec3fab3badfce8325724cd6422e2cca380d
7fe6411146e7aabcda85d71ec42eabe4fe5fb199f0e9ad759bfa78a42a853535
831a8c85d0e84aee2510d3b2a3bd4812c5c754a38ae3ea31d3bb64c0ecb70904
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86819e8068b9b78f20bd91bfef13b1252196882c8a95a9d4680007b731c92bbc
86dbd997ead92464b9d3e6228dab6902a3f8cdbd17de1da8923cb2f0fb600bda
8751c85d4da8af34fb4d78a2ab5bb92b7a3b5380f2d0d5ca89d11fc2b5bfb6ca
882c0ef9f4096af29e037f9ba9dcbc71a46605828ae12a77002c0fa5e00c309a
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
897185e79b72545761bb5fd4c6eac979d32e8298aa2f0e83b87a646ede71bd99
89dd0def6e41e34c5abb970e20d1694fa04ae257303e332872cbd8f3bce88d4f
8c16e8bedb9e949293721877db18702ebf5baa6234dd7e819fa70bf6c12994e8
8c35f701a35d3a2d21473d8fc6e119d10c1d237260859416fcdbd25c154026f0
8e510167b9613297291ada3270d36b04898c9d73fc42600c5f4ac021b53bd3aa
8f303af7321c5099ce8fadfb1dc1009ddadc0364b2660b7c01917d4cf0fea06e
8f65a059496e96bb89afa6995ef8c583a68cecb4927be4f7c37235a311527f5b
90523092a383e5b3308aa18e8807788a6d5401f7a7eea157e9fcf3fb8050242e
90bb36c4c0d901feb3f32e1c95032cf5521bc5fbe675bc91100e31ee27f93643
90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
94835538629072787bd0f2dc3f92007918882e423f2f45ec2f8518cd211a8fc3
951ba24499d8b2b03e7da9af81e0c535d896c53cda076eb4ea07c0b826f7b5b4
99b80e9b45e3bc936046fa3d7f229debf2d23b6224b4cd4aa6fa78168156de0e
9afb4208e4d617a2672fe91e0eae18d076310ca43de095806415c10e595533cf
9b1aaea1148044ff331b843e9fd73a06418cfe363bbd331982a84944694f6618
9b89ecf06a4514d4a20055fccbccb8c6eca0faf0138f43978e156c753de0288a
9c9e3d2c9a7f38a13dbe19fa82dca632d414552c8203239bbd2549ee2f6bb4fe
9e4d00cfee02d472b0c80124f87c00a8cb8ea5610201ebbf922d894d2fea4db1
9f16455c2fc7592ed72120c0d670e681b4f482c23a36034b3a1d868c998773bb
9f19835fa00c4904c84d19210f06ce39fa4e776c81dc837843d9a1c3de423738
a26a28a57bfe12f30a5c2dfdc98a0f9a4204a750260b1b8a47d0b2fa877509a4
a403746bac219db44203fc9406de144eeb0ccd5933be8994425a01d7073d2932
a4dc256375df0c29e96e35e200d184aeaf532de63fce8e776126ccb2362e7fc3
a5beedf0a9b1e24fb846f1f256f5ba7c62af6ad06ea0965540b1c467dce23944
a8185af1afef86650ddcbc63448d0309632745e88f9d002592635a5a2d992aa6
ad25f99853892a957a8e28fc375a3a2991327368a6572a9424bb4b8f403326dc
ae59b218ab2a4bdc90c9da5d696d7c14eb10c26ddfe9882dc74f4e4e0deb7255
af9b6a643408fbaa0199be8f2f5e7df183f18d6e21a9e275991407930241143a
b1b3f01585edd12c9ee1dbc769bb8e313430a9b3b1fcf6cc48020d83d7c693fb
b3640f98bec10fbed8feedbe9eac65c2a476d2b86cc7e766665d37a9a6e01234
b3a87df9271496c06304e181a7349ee8f466bf3aec2594604cddda621ed5e014
b4a7308752688529258b3a289507524cdfbfc0aa3f731313b81b17b3321a071a
b658e2a2924aafd0112b161c8a16a91f150d10be4c69630c99ee266f6179bf35
b7dd61f31dd9d4d1b9e2b24e139ddcaef62287a13664cdb50544ea421f1a1899
b9b48cf88b67411a27f119d0671602d19678440d5d36c6391600b2af2a359bd7
b9bf837f7d1d406ad3c07b020d4eb1a27a2212aee85df2c3077d0de0e06c6ff0
b9f4798574902affc091f45cea5a31b4c172631691da3f7a2a77ba6e0f5cf3f6
be6ea41c33833bc22aa109b6cfb496dace7caf7be33796e3801a7097feb5c379
c104bc5974423b88e53e00bca716b0943a8287088540a368eac8ba0e4d6c9428
c19345a03fed44d267abbe2f427bdcd261aa86a447320f15f3eef8e121690794
c3c2e2538dd857e04bb340d6230c8eeedca607d219bceba19897333cbd74b4f3
c4bd898a8dfbaca019da023cf8083d579298c06ccbde560705be627ce4edd8ec
c5ed737b4a283d76a04806bffb91990c948f646b330c43de8ef0b2fc6076de01
c613bd0434cd5a0f6d1db345a5b36c8bdc6339e96ffde9695340aa1094399f43
c8a03522223cf64474a1f91e02c8069ea5560a23266b37b476d7602a621f0c38
ccf758c21fe9f158956c03c195e33bdf871c8af1e36c6bfe4d2f0fd5dc4edf12
ced6d94498388b24b48c4e2aa311815357ab9489c735aedd7725e0b18a02433e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf8b81c4b4e66fda5bd5c3d1b94f48fa5a031a0e4e87a016bd0e8633fe5e7a07
cffac44b5cee00fdea3a0efde9194902d5e93066a8fa0b0cb8775abfc2bc0e01
d08bf1d099825a825373db1db17d3d94edf808c1982b241eea47d7f3eacc4470
d0a07ad8e9357db88f70cb80d5bc568083733252b09cb039e6276038abce1405
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d10a2d03c9fb4943f449b97d333b8d22990200afa70d13d5c1c23ad4d783200c
d26432e661658ef9d3d538b1f71b1478193f6c141f1cd7dfed03e5b677d178c2
d8f35a67f2129d433d9a690160ea7f637686033f5055199a7788f1bb500fe0e6
daa21030f5056116e368bf5cec7418c593bb813e53e0fca50ab1aba2079ad624
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e2cb4c0d7e08a05a9a62040040b8b01771c43010b25ef58807be795ce0e24027
e35d773f99acc3b79d1d143fe1d31b80980f074796dd771ded6dcde8d5d61aa8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4af04cf7a5f045d2a21abb3f93d90f175680f07b9ccecb1d5559864b9716cca
e583a505b3313c24782794db79286f541870fa090bc02f90549fd81d5501f1e3
e72e22c9fd71d91300781105175767a7275aa469946f7f72cdda5adaa5c548e1
eba9487840439a0fa53c9be0541c524bb84b590a7af8c86573ceb1fe19c4bda9
ed870769c4fd967977ef0930a14927ac6035d0a9fcd9db0bcef385da69bea2eb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f274598e02172fc31cb7b3eae2a897a9432c3fe360a49268b0672f09d6e03755
f28cced99e9e1b527f605aa14cd89b53821798287e177ebaab0bf85131ee863c
f45ffb55422140bdd3fc4df9995f9d9eaa7bfdc0849d281854b3e5685d9e52f1
f55b561a0ad7d1256b817af984122e3a8a2b512ec52328c4e6b836f75af2ca9c
fa08880e19d42ec4c5896494cdcd8e8ffdb542f4dd0ecf7b0858edc96ee349ed
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fc05c1b0f1fab9c9da3d3ca36352227d15d37b7f8d331dcc3c2711215ab8b546
fcb44b892cd3b232b76ff10d32f0d4006f575066f1c8b18308eec10929749c26
fd2879e3b0d373936b3a4f85f24bf5ae631ea76ec7c79b528b53bd4f3ea44de6
fd6343973cf256840cf7e0786441d39fbe5f94fc5c1fec788bcf22b989b3f610
fea8ac7df0af02425b877ef0455357d98a715c736a4504d21178971ce3983a7b
ff5c6ccd23219200d1ba0f66c328e5c014b436bc783b6ce18873dd9d6ac216c6

www.darkreading.com Open in urlscan Pro 2606:4700::6812:6e2f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

229 Requests

98 %HTTPS

57 %IPv6

26 Domains

41 Subdomains

40 IPs

5 Countries

5222 kBTransfer

11722 kBSize

22 Cookies

38 Outgoing links

Redirected requests

229 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.darkreading.com Open in urlscan Pro
2606:4700::6812:6e2f Public Scan

Screenshot
Live screenshot

Full Image

229
Requests

98 %
HTTPS

57 %
IPv6

26
Domains

41
Subdomains

40
IPs

5
Countries

5222 kB
Transfer

11722 kB
Size

22
Cookies

229 HTTP transactions
6 data transactions