www.zdnet.com Open in urlscan Pro
2.18.233.143 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/Wqf77UJbb0
Effective URL:
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Submission: On November 18 via api (November 18th 2019, 7:08:54 pm UTC) from US

Summary HTTP 339 Redirects Links 48 Behaviour Indicators

Summary

This website contacted 66 IPs in 7 countries across 58 domains to perform 339 HTTP transactions. The main IP is 2.18.233.143, located in Ascension Island and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.zdnet.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on April 23rd 2019. Valid for: a year.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER - Twitter Inc.)
1 1	67.199.248.12 67.199.248.12	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD - Google LLC)
8	2.18.233.143 2.18.233.143	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
56	2a04:4e42:1b:... 2a04:4e42:1b::444	54113 (FASTLY) (FASTLY - Fastly)
1	2.20.171.216 2.20.171.216	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	2a02:26f0:6c0... 2a02:26f0:6c00:181::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
16	172.217.22.34 172.217.22.34	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	52.2.113.48 52.2.113.48	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	172.217.21.230 172.217.21.230	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.215.98.88 52.215.98.88	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.190.38.167 35.190.38.167	15169 (GOOGLE) (GOOGLE - Google LLC)
27	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
14	152.199.23.241 152.199.23.241	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1 2	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER - Twitter Inc.)
3	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff18	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
6	2606:4700::68... 2606:4700::6810:a40d	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	64.30.230.22 64.30.230.22	6623 (CBSI-1) (CBSI-1 - CBS Interactive Inc.)
3	95.101.203.206 95.101.203.206	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
9	2606:4700::68... 2606:4700::6810:4ea5	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2 8	34.248.158.173 34.248.158.173	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2606:4700:20:... 2606:4700:20::6819:a322	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	3.93.243.95 3.93.243.95	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2606:4700:20:... 2606:4700:20::6819:a222	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY - Fastly)
1	2600:9000:20e... 2600:9000:20eb:7e00:18:1fcd:349:ca21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	23.67.136.71 23.67.136.71	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 2	18.203.144.219 18.203.144.219	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 3	3.120.224.89 3.120.224.89	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 4	54.77.236.71 54.77.236.71	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.73.113.243 52.73.113.243	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	23.99.128.52 23.99.128.52	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2	52.212.90.74 52.212.90.74	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	15.188.31.119 15.188.31.119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	52.214.93.23 52.214.93.23	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a02:26f0:6c0... 2a02:26f0:6c00:184::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	185.33.223.80 185.33.223.80	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 4	66.117.28.68 66.117.28.68	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 2	52.211.50.74 52.211.50.74	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 6	23.5.97.37 23.5.97.37	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2600:9000:215... 2600:9000:2156:800:1d:8c8c:47c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
37	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
2 2	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE - Google LLC)
1	35.227.208.151 35.227.208.151	15169 (GOOGLE) (GOOGLE - Google LLC)
4	151.101.13.181 151.101.13.181	54113 (FASTLY) (FASTLY - Fastly)
1 1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE - Google LLC)
1 4	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1288:110... 2a00:1288:110:c305::a000	34010 (YAHOO-IRD) (YAHOO-IRD)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
4	2a00:1450:400... 2a00:1450:4001:820::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	35.157.160.140 35.157.160.140	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
39	72.247.226.64 72.247.226.64	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	72.247.226.173 72.247.226.173	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	2.19.38.84 2.19.38.84	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	72.247.224.248 72.247.224.248	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	69.173.144.142 69.173.144.142	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
5	3.9.36.140 3.9.36.140	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	213.254.244.13 213.254.244.13	36062 (DOUBLE-VE...) (DOUBLE-VERIFY - DoubleVerify)
2	69.173.144.154 69.173.144.154	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
5	213.254.244.19 213.254.244.19	36062 (DOUBLE-VE...) (DOUBLE-VERIFY - DoubleVerify)
2	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.114.109 151.101.114.109	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
339	66

1 104.244.42.197 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.12 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD - Google LLC, US)
PTR: cname.bitly.com

zd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.233.143 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-143.deploy.static.akamaitechnologies.com

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a04:4e42:1b::444 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

zdnet2.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet3.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet4.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
zdnet1.cbsistatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.171.216 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-20-171-216.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.247.225.98 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:181::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
364bf6cc.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 172.217.22.34 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.2.113.48 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-113-48.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.230 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.98.88 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-215-98-88.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.38.167 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 167.38.190.35.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 152.199.23.241 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.72 (United States) 1 redirects

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff18 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

iicbsi-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 64.30.230.22 (Fremont, United States)

ASN6623 (CBSI-1 - CBS Interactive Inc., US)
PTR: phx2-dw-cbsi-xw-ext-lb.cnet.com

dw.cbsi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.101.203.206 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-203-206.deploy.static.akamaitechnologies.com

www.everestjs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:4ea5 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api1.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.248.158.173 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::6819:a322 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.93.243.95 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-93-243-95.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::6819:a222 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

beacon.tru.am	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

vidtech.cbsinteractive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:7e00:18:1fcd:349:ca21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.136.71 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-136-71.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.72.21 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Ascension Island) 2 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.203.144.219 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-203-144-219.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.120.224.89 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-120-224-89.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.77.236.71 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-236-71.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.113.243 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-73-113-243.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.99.128.52 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: waws-prod-dm1-001.cloudapp.net

lightboxapi2.azurewebsites.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.90.74 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-212-90-74.eu-west-1.compute.amazonaws.com

cbsi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.188.31.119 (Paris, France)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

saa.cbsi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.214.93.23 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-214-93-23.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:184::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

0211c83c.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.223.80 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.117.28.68 (United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.50.74 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-211-50-74.eu-west-1.compute.amazonaws.com

secure-us.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.5.97.37 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-5-97-37.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.208.240 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:800:1d:8c8c:47c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

cdn-magiclinks.trackonomics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 151.101.14.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.117.28.86 (United States) 2 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.208.151 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 151.208.227.35.bc.googleusercontent.com

web-sdk.urbanairship.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.13.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

widget.perfectmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s45-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::a000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

ad.yieldmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.160.140 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-160-140.eu-central-1.compute.amazonaws.com

www.summerhamster.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 72.247.226.64 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-226-64.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cbsdfp5832910442.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.247.226.173 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-226-173.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn3.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.38.84 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-38-84.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.247.224.248 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a72-247-224-248.deploy.static.akamaitechnologies.com

rev.cbsi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.142 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

optimized-by.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.9.36.140 (London, United Kingdom)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-9-36-140.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.254.244.13 (Ireland)

ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.154 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.254.244.19 (Ireland)

ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US)

tps20513.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	cbsistatic.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com zdnet4.cbsistatic.com zdnet1.cbsistatic.com	596 KB
37	taboola.com cdn.taboola.com trc.taboola.com images.taboola.com	385 KB
33	moatads.com z.moatads.com geo.moatads.com px.moatads.com	922 KB
22	doubleclick.net 2 redirects securepubads.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	218 KB
14	googletagservices.com www.googletagservices.com	388 KB
14	tiqcdn.com tags.tiqcdn.com	89 KB
11	moatpixel.com cbsdfp5832910442.s.moatpixel.com	5 KB
10	doubleverify.com cdn.doubleverify.com cdn3.doubleverify.com rtb0.doubleverify.com tps20513.doubleverify.com	35 KB
10	cbsi.com dw.cbsi.com saa.cbsi.com rev.cbsi.com	14 KB
10	viglink.com cdn.viglink.com api.viglink.com	113 KB
9	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	235 KB
9	ml314.com 2 redirects ml314.com in.ml314.com	16 KB
9	lightboxcdn.com www.lightboxcdn.com api1.lightboxcdn.com	161 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	107 KB
9	zdnet.com www.zdnet.com urs.zdnet.com	198 KB
8	rubiconproject.com ads.rubiconproject.com optimized-by.rubiconproject.com beacon-eu2.rubiconproject.com eus.rubiconproject.com	19 KB
6	scorecardresearch.com 1 redirects sb.scorecardresearch.com	4 KB
6	everesttech.net 3 redirects pixel.everesttech.net cm.everesttech.net	3 KB
6	demdex.net 1 redirects dpm.demdex.net cbsi.demdex.net	4 KB
5	adnxs.com secure.adnxs.com	6 KB
5	google.com 1 redirects adservice.google.com www.google.com	2 KB
5	google.de adservice.google.de www.google.de	2 KB
4	perfectmarket.com widget.perfectmarket.com	94 KB
3	eyeota.net 2 redirects ps.eyeota.net	898 B
3	tru.am tru.am beacon.tru.am	14 KB
3	everestjs.net www.everestjs.net	8 KB
3	twimg.com cdn.syndication.twimg.com pbs.twimg.com	13 KB
3	go-mpulse.net c.go-mpulse.net	49 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	facebook.com www.facebook.com	440 B
2	facebook.net connect.facebook.net	113 KB
2	imrworldwide.com 1 redirects secure-us.imrworldwide.com	855 B
2	casalemedia.com as-sec.casalemedia.com	1 KB
2	akstat.io 0211c83c.akstat.io 364bf6cc.akstat.io	708 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	mathtag.com 2 redirects pixel.mathtag.com	1 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com	849 B
2	betrad.com l.betrad.com	240 B
1	gstatic.com fonts.gstatic.com	13 KB
1	jsdelivr.net cdn.jsdelivr.net	2 KB
1	googleapis.com fonts.googleapis.com	440 B
1	summerhamster.com www.summerhamster.com	181 B
1	yieldmanager.com ad.yieldmanager.com	341 B
1	googleadservices.com 1 redirects www.googleadservices.com	850 B
1	urbanairship.com web-sdk.urbanairship.com	17 KB
1	trackonomics.net cdn-magiclinks.trackonomics.net	18 KB
1	qualtrics.com zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com	15 KB
1	azurewebsites.net lightboxapi2.azurewebsites.net	502 B
1	chartbeat.net ping.chartbeat.net	168 B
1	bluekai.com 1 redirects tags.bluekai.com	856 B
1	chartbeat.com static.chartbeat.com	14 KB
1	cbsinteractive.com vidtech.cbsinteractive.com	281 KB
1	akamaihd.net iicbsi-a.akamaihd.net	272 B
1	adsrvr.org match.adsrvr.org	536 B
1	indexww.com js-sec.indexww.com	29 KB
1	evidon.com c.evidon.com	512 B
1	zd.net 1 redirects zd.net	521 B
1	t.co t.co	466 B
339	58

	Domain	Requested by
24	images.taboola.com	www.googletagservices.com
19	px.moatads.com
19	zdnet2.cbsistatic.com	www.zdnet.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com
16	securepubads.g.doubleclick.net	www.zdnet.com securepubads.g.doubleclick.net t.co www.googletagservices.com
14	www.googletagservices.com	t.co securepubads.g.doubleclick.net rev.cbsi.com pagead2.googlesyndication.com
14	tags.tiqcdn.com	zdnet2.cbsistatic.com tags.tiqcdn.com
14	zdnet3.cbsistatic.com	www.zdnet.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com
13	zdnet4.cbsistatic.com	www.zdnet.com zdnet2.cbsistatic.com zdnet3.cbsistatic.com
11	cbsdfp5832910442.s.moatpixel.com
10	zdnet1.cbsistatic.com	www.zdnet.com zdnet2.cbsistatic.com
9	z.moatads.com	securepubads.g.doubleclick.net
8	trc.taboola.com	cdn.taboola.com
8	ml314.com	2 redirects tags.tiqcdn.com ml314.com www.zdnet.com
8	www.lightboxcdn.com	www.zdnet.com www.lightboxcdn.com
8	www.zdnet.com	t.co zdnet3.cbsistatic.com
7	platform.twitter.com	www.zdnet.com platform.twitter.com
6	sb.scorecardresearch.com	1 redirects tags.tiqcdn.com cdn.taboola.com widget.perfectmarket.com
6	cdn.viglink.com	tags.tiqcdn.com www.zdnet.com
5	tps20513.doubleverify.com	www.zdnet.com
5	pagead2.googlesyndication.com	optimized-by.rubiconproject.com pagead2.googlesyndication.com
5	geo.moatads.com	z.moatads.com
5	cdn.taboola.com	zdnet2.cbsistatic.com cdn.taboola.com
5	secure.adnxs.com	js-sec.indexww.com
5	dw.cbsi.com	tags.tiqcdn.com www.zdnet.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net
4	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com
4	widget.perfectmarket.com	cdn.taboola.com widget.perfectmarket.com
4	pixel.everesttech.net	1 redirects
4	api.viglink.com	cdn.viglink.com
4	saa.cbsi.com	tags.tiqcdn.com
4	dpm.demdex.net	1 redirects www.zdnet.com tags.tiqcdn.com
4	adservice.google.com	securepubads.g.doubleclick.net www.googletagservices.com pagead2.googlesyndication.com
4	adservice.google.de	securepubads.g.doubleclick.net www.googletagservices.com pagead2.googlesyndication.com
3	cdn.doubleverify.com	t.co cdn.doubleverify.com
3	ps.eyeota.net	2 redirects www.zdnet.com
3	www.everestjs.net	tags.tiqcdn.com www.everestjs.net
3	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net zdnet1.cbsistatic.com
2	eus.rubiconproject.com	www.zdnet.com
2	beacon-eu2.rubiconproject.com	www.zdnet.com
2	optimized-by.rubiconproject.com	ads.rubiconproject.com
2	ads.rubiconproject.com	t.co
2	www.google-analytics.com	widget.perfectmarket.com
2	www.facebook.com	connect.facebook.net
2	cm.everesttech.net	2 redirects
2	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
2	secure-us.imrworldwide.com	1 redirects
2	as-sec.casalemedia.com	js-sec.indexww.com
2	cbsi.demdex.net	tags.tiqcdn.com
2	sync.crwdcntrl.net	2 redirects
2	pixel.mathtag.com	2 redirects
2	idsync.rlcdn.com	2 redirects
2	pbs.twimg.com	www.zdnet.com
2	tru.am	tags.tiqcdn.com tru.am
2	syndication.twitter.com	1 redirects www.zdnet.com
2	l.betrad.com	www.zdnet.com
1	fonts.gstatic.com	www.lightboxcdn.com
1	cdn.jsdelivr.net	www.lightboxcdn.com
1	fonts.googleapis.com	www.lightboxcdn.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	cdn3.doubleverify.com	cdn.doubleverify.com
1	rev.cbsi.com	t.co
1	364bf6cc.akstat.io	c.go-mpulse.net
1	www.summerhamster.com
1	ad.yieldmanager.com
1	www.google.de
1	www.google.com	1 redirects
1	www.googleadservices.com	1 redirects
1	web-sdk.urbanairship.com	zdnet3.cbsistatic.com
1	cm.g.doubleclick.net	1 redirects
1	cdn-magiclinks.trackonomics.net	tags.tiqcdn.com
1	zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com	tags.tiqcdn.com
1	0211c83c.akstat.io	zdnet1.cbsistatic.com
1	api1.lightboxcdn.com	www.lightboxcdn.com
1	lightboxapi2.azurewebsites.net	www.lightboxcdn.com
1	ping.chartbeat.net	www.zdnet.com
1	tags.bluekai.com	1 redirects
1	static.chartbeat.com	zdnet2.cbsistatic.com
1	vidtech.cbsinteractive.com	zdnet2.cbsistatic.com
1	beacon.tru.am	tru.am
1	in.ml314.com	ml314.com
1	iicbsi-a.akamaihd.net	tags.tiqcdn.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	urs.zdnet.com	zdnet2.cbsistatic.com
1	match.adsrvr.org	js-sec.indexww.com
1	ad.doubleclick.net	www.zdnet.com
1	js-sec.indexww.com	www.zdnet.com
1	c.evidon.com	www.zdnet.com
1	zd.net	1 redirects
1	t.co
339	89

This site contains links to these domains. Also see Links.

Domain
www.zdnet.com.cn
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
www.techrepublic.com
downloads.zdnet.com
bugs.php.net
github.com
php-fpm.org
nextcloud.com
www.php.net
lab.wallarm.com
www.youtube.com
www.cnet.com
popup.taboola.com
www.giga.de
www.kino.de
mackeeper.com
trf.greatviews.de
www.holzkern.com
ad.doubleclick.net
trkwl.me
www.10bestesingleboersen.de
cbsi.force.com
www.cbsinteractive.com
cbsi.secure.force.com
cbslnk.cbsileads.com
www.facebook.com
twitter.com
www.linkedin.com
legalterms.cbsinteractive.com
narratives.zdnet.com
academy.zdnet.com

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
www.cbs.com GeoTrust RSA CA 2018	`2019-04-23` - `2020-07-22`	a year	crt.sh
*.cbsistatic.com DigiCert SHA2 High Assurance Server CA	`2019-02-22` - `2021-02-26`	2 years	crt.sh
*.evidon.com DigiCert ECC Secure Server CA	`2019-02-01` - `2020-05-02`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2019-04-16` - `2020-06-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
l.betrad.com Go Daddy Secure Certificate Authority - G2	`2019-04-25` - `2021-06-24`	2 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.zdnet.com DigiCert SHA2 High Assurance Server CA	`2017-12-12` - `2020-12-15`	3 years	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2017-10-25` - `2020-05-13`	3 years	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2019-08-13` - `2020-08-12`	a year	crt.sh
ssl418259.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-10` - `2020-02-16`	6 months	crt.sh
*.cbsi.com DigiCert SHA2 High Assurance Server CA	`2017-11-07` - `2021-02-04`	3 years	crt.sh
www.everestjs.net DigiCert SHA2 Secure Server CA	`2018-10-15` - `2020-10-15`	2 years	crt.sh
ssl516460.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-24` - `2020-03-01`	6 months	crt.sh
*.ml314.com Amazon	`2019-03-16` - `2020-04-16`	a year	crt.sh
ssl389962.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-11-18` - `2020-05-26`	6 months	crt.sh
vidtech.cbsinteractive.com DigiCert SHA2 High Assurance Server CA	`2018-12-13` - `2020-12-17`	2 years	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2019-04-10` - `2020-04-10`	a year	crt.sh
*.eyeota.net Let's Encrypt Authority X3	`2019-09-19` - `2019-12-18`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2018-12-20` - `2020-01-01`	a year	crt.sh
*.azurewebsites.net Microsoft IT TLS CA 5	`2019-09-24` - `2021-09-24`	2 years	crt.sh
saa.cbsi.com DigiCert SHA2 High Assurance Server CA	`2019-06-23` - `2020-09-25`	a year	crt.sh
viglink.com Amazon	`2019-02-09` - `2020-03-09`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.imrworldwide.com DigiCert SHA2 Secure Server CA	`2019-02-25` - `2020-02-25`	a year	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2018-10-08` - `2021-01-06`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
*.trackonomics.net Go Daddy Secure Certificate Authority - G2	`2018-12-22` - `2020-02-20`	a year	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
*.everesttech.net DigiCert SHA2 Secure Server CA	`2017-04-13` - `2020-04-17`	3 years	crt.sh
*.urbanairship.com DigiCert ECC Secure Server CA	`2018-06-20` - `2020-06-24`	2 years	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-03` - `2021-02-22`	a year	crt.sh
www.google.de GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-06-27` - `2019-12-24`	6 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.summerhamster.com Let's Encrypt Authority X3	`2019-09-30` - `2019-12-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
moatads.com DigiCert ECC Secure Server CA	`2018-11-10` - `2020-02-09`	a year	crt.sh
*.doubleverify.com DigiCert ECC Secure Server CA	`2019-01-22` - `2020-01-22`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-02-13` - `2021-02-17`	2 years	crt.sh
*.moatads.com DigiCert SHA2 Secure Server CA	`2019-03-12` - `2021-06-10`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Frame ID: BEF99B7AC76CB5A642052C94E453DE0E
Requests: 260 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: B8ABF9B9B47CAC0239A5008850B0BC4C
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d991e3dfc9abb2549972ce8b64c5d85.html?origin=https%3A%2F%2Fwww.zdnet.com
Frame ID: 37F3AFDB0D9A6796E268D7490BD932A3
Requests: 1 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1574104116958&lv=1
Frame ID: 98109E4B3FBD84583976EAD262676468
Requests: 2 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=637091106076939970
Frame ID: 8B429D20F85F648D9559306A89A2BC98
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 8B98452CE909B1A7AE3B4040BCB011CE
Requests: 1 HTTP requests in this frame

Frame: https://cbsi.demdex.net/dest5.html?d_nsid=undefined
Frame ID: C51CE6788D2A20D7CD045EFC6D77933C
Requests: 1 HTTP requests in this frame

Frame: https://www.everestjs.net/static/pixel_details.html
Frame ID: 5E0CEA69E6D345A1655665E7A663F13F
Requests: 1 HTTP requests in this frame

Frame: https://cbsi.demdex.net/dest5.html?d_nsid=0
Frame ID: CDCA48B855C1ADE38BC09009CE6BAB23
Requests: 1 HTTP requests in this frame

Frame: https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22a%22%3A1%7D%7D
Frame ID: E41957BB6F586995B74FEB1D67AF116D
Requests: 1 HTTP requests in this frame

Frame: https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22v%22%3A1%7D%7D
Frame ID: 76C858B39999EFA7D3D4401B90E89D05
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRfWgeg_RfhH0EOOdqG8vu2wR3G-jbEqGP4woMQqlyZqWC-mhjU1-IcRexGrYkZFoWM1L7qTokK20JbMOGnqYmzbyFze8uPRZ2VU6HXk16qJnkT0dMAFWadkQX42IXXUdSrIcgJKSWpiToxpp9pjJYhUZU4SwNSUYIRDI2xTxZiSAM8Reab2xHIQy3yLd8sy7B0qwnC6m2CsoNzDwM1jKyOdNo7o00QyvkE61D0ksgYs-KEX-l0l6vOy_ninw14sLd806gHizs&sig=Cg0ArKJSzDVJ59AHhurIEAE&urlfix=1&adurl=
Frame ID: 2541969F017BC536262F0B50CBFCEE56
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Frame ID: 297DB730A9851EEF9F9D28369E6FF18E
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZYlFsKjYZwxx5bGUWaARjDrATdFA8_GTBSkFTmV5KGdYHACkeJzEF23rQJSdlXfQ69Gk7OzqQI7bm3psXQn_2H02UhCap3xo-BVoHAzC84BfwzdPbYUCo_MnEhOyzTpoH7hUGfOeG5XraMhPkCCxE48DRUB_i0GmC1KkDgG6uuKpanOCXewkB42npMenyvMDpQYGO2CtP-62uE858ci-Y93e6F37IUNiMSEZEy61pc5MCDw-Bt4aYDc63L6bXrcIcJtzVxuqWQA&sig=Cg0ArKJSzKwrafvh7OPfEAE&urlfix=1&adurl=
Frame ID: FCA05CC6C3319BBC621E9EDACD3610EE
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss3-_dSFyeafGUKwn7mwJMtZRUf1UiNAegDQDZN4oyklTZk8eOLT69Ftj-YXyshXWDH_GqLq2CLi67JjQMGDf0-Qdq7suPiI5knhwOK4njWUvcdT9-xYnVtxxhqs7v12yiHCFnVYoCcJ0GfOQryKlziRegEXNDjBO1rLay6wDecX-VU9ZFqtiLbpeGpuEG7eqwjwAkrfySqoeVJLTlKTIHImX4I4J2VMHwhYG0_KEBtaVks8o68iVM8XMsSZCI8CrkIgUUmxh4-&sig=Cg0ArKJSzKPKbw50ZWBNEAE&urlfix=1&adurl=
Frame ID: 7FEC8483D75FB0E39D6DA641D911B728
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuyDu3ZhFXHgpjgDNISfVG-v0iWYc9GVFO5dSDxAVPX_BE8mrOCmfOVJds5s0AMNb5uhQFSuqYjdgwSsVFnRvlFJrYCxZgh07tl2hTgoLbFotbSWNHdeKjxTbdewIw_FD1VJNFuXhyfYWpIHHrE0itAKsIdEKkTOr0JGXOtHx_g3K2yvpQFZ_pRJgxijUvFKicH5vjJS9AXA0sqdh5mmNdqkAwYceEt4DtZOYoO2wRcfruYK81BXM7s6iocU6ojWkyr43I&sig=Cg0ArKJSzI4AXByr7I8kEAE&urlfix=1&adurl=
Frame ID: 9452F7D2AE50B9463D8A0D9598657908
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGRJkukIP_k9p_KRJuv5bpqrYqyWN7JZu7UJZG5tu4YCDlewA8lPqjGs-ypt3ImRpZ_SJjOoPR8V8SOYUQpy8dZ7RAafNdpmE0tUQ_o9S9-dbrlsZxyVjrTGdEMoKGdzBMmEjJvcim3CUBRnkVx_Dx034UqtxeaRfIdvdb0BEv4wZXXSYK35tsaOgtMPvOKDy-5rJZSINPO8D80ElmFFc9yTAa_BUltvtDO33Gl0O0AJne7jkdSSD09rcdqRcWzJuhOqM&sig=Cg0ArKJSzIaxsWAhCgXnEAE&urlfix=1&adurl=
Frame ID: 58C194AA90BADF01E8E2E1F1C94BF01A
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssJ4vK7gC3nMWWzwfBaQPHVxL_3CNy4SEbdhXC_CdKNhS7qILkTJN9LeqVG192z8NDFtPDKVFJsCMMKTm3S_2JVnXuQ9AiL9fXtilMI-Mp85vmeLdZsoSbYEPAGVGL5dbeW6YNb-p0LtRwTmupmK-Qwzeh7DQ5x-zIm5l3_SVkxBclWWGFLKzVIMbv2mghMo5vAHs2eHowq1c5xr2haOSyLZFBehNhCYFSt9fjcjmbaSodQPKRyJAb_pxp2nzmPxn7j0FZxqcZr&sig=Cg0ArKJSzDSpxnfpg8r9EAE&urlfix=1&adurl=
Frame ID: CB19CF43A634B464E37DF590922D06F3
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Frame ID: D384A7496F03249B08A9996726BF980D
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsupCO_aVnZdUgVhxF9h6JceapvKCQNtekYISlG-7F9NET2jRvYuc9fDluYSOowc8oIfzt2aV9Itqz0Ru_YLMBf5CWpYdXMox03AyKbf-J9xT2n5wQFgeHFyxkdw6v43yBKXwXhb6OBw6HHq6KdVpGD-b9YYuPxNCmlgydWCSO8tUFg0pk6y4CE_H9aYRoTLsuY8l9GOae7fK0bH-ZCeH9dXi-X4CL32AJ3CMW_iAw4GNUC4B1Q96X_yo75NMN0qudwn0mEOBEXN&sig=Cg0ArKJSzJFiVIICul-YEAE&urlfix=1&adurl=
Frame ID: 0FB6E37813DEE3482EA48589F24B8CC7
Requests: 13 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 412EC63F889FA7FD98AFA0BA4C6B8585
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: E3202E43462B508236E2BDC93323671C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20191112/r20190131/zrt_lookup.html
Frame ID: CFBC101ED6B84590AD81A0735CD87DF2
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: E17E3C88BA9A1FB35EC3ACECC6A5403B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 6A0BFDC1CC3F9CBF4E230ACE255B13F7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1991679624331369&output=html&h=250&slotname=8385808081&adk=418362401&adf=1742708721&w=300&guci=1.2.0.0.2.2.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1574104119461&bpp=18&bdt=489&fdt=174&idt=174&shv=r20191112&cbv=r20190131&saldr=sa&correlator=1891936790509&frm=23&ife=5&pv=2&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=1245090354&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1043&ady=3150&biw=1585&bih=1200&isw=300&ish=250&ifk=881345343&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=4136482211391883&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.87w6ys5k7n14&btvi=1&fsb=1&dtd=187
Frame ID: 06332BC9A7C967768FB89FE46C06DF4C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1991679624331369&output=html&h=250&slotname=8385808081&adk=418362401&adf=1742708726&w=300&guci=1.2.0.0.2.2.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1574104119498&bpp=6&bdt=532&fdt=196&idt=196&shv=r20191112&cbv=r20190131&saldr=sa&correlator=1891936790509&frm=23&ife=5&pv=1&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=792623160&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1043&ady=1573&biw=1585&bih=1200&isw=300&ish=250&ifk=631702996&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=846308062925913&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.aw3hggq3wvcf&btvi=1&fsb=1&dtd=200
Frame ID: CEE9D902A9478C62987A533B5DA2DCD7
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJIeuAigVtf7zkQWdBC-M-_UiiNroNlMtRi5mjHBFQWr35lwEdlChie6Q6EQz9GWtNWnnreCOjXoEAfiMy8wIOiu9Ih3Uym9FjwXjYU4WO1aZbFQSHN9SHWbW86oGK3UrsnJ4TRTfDTckBwA6wsbgjl2MjmuCfJlpGAWWcRgWTnyw-pOwMfAbuDAEYxXKD0Ok6EqHe_7Nz54UcbKhPzI7f_bTkAEJIU2yiFZGZ1AGByyHpQmCmhrvTq5N1-_5bcWHDZox8cDMw&sig=Cg0ArKJSzH9PDf4vWBzjEAE&urlfix=1&adurl=
Frame ID: 022659F1C6FBAC6510F17452109D322C
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvIjjD3-C3U1YxEESnLb8AYJ4wp9aZIV47KtbzmVR0Py_vcHGnHJrgU6CAO72U2bS8N0Dj3uSNXK24BHYPMVVyWwYn6JwUQ8i8Ck53z3jxfMP55dYrnZvfDVY41JDnrz1B3bDeo51qVGGQDZy9_ZITtTjAMjgCb_sT520UK-cRMm2Pv15BpRAZPM6DTw4xc7-bRKo2DoFkG6m4uMIxbguSde_e8090uy6CkC9nqASLFJizV2DFLOH8hvlKovzr3AofFsKSD4m2E&sig=Cg0ArKJSzDelbIobbLIfEAE&urlfix=1&adurl=
Frame ID: 0ED0B92B7B430CB71FEAD2B00F31A7E2
Requests: 3 HTTP requests in this frame

Frame: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox_builder.js?cb=637091106076939970
Frame ID: 826758038A46EA1A808CC1A0A03BB1A8
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/Wqf77UJbb0 Page URL
https://zd.net/2KuapCh HTTP 301
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:^[^\/]*\/\/[^\/]*viglink\.com\/api\/|vglnk\.js)/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

339
Requests

100 %
HTTPS

31 %
IPv6

58
Domains

89
Subdomains

66
IPs

7
Countries

4221 kB
Transfer

13041 kB
Size

9
Cookies

48 Outgoing links

These are links going to different origins than the main page.

URL: http://www.zdnet.com.cn/
Title: ZDNet China

Search URL Search Domain Scan URL

URL: http://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: http://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: http://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: http://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/resource-library/whitepapers/
Title: White Papers

Search URL Search Domain Scan URL

URL: https://downloads.zdnet.com/
Title: Downloads

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/forums/
Title: TechRepublic Forums

Search URL Search Domain Scan URL

URL: https://bugs.php.net/bug.php?id=78599
Title: CVE-2019-11043

Search URL Search Domain Scan URL

URL: https://github.com/neex/phuip-fpizdam
Title: published on GitHub

Search URL Search Domain Scan URL

URL: https://php-fpm.org/
Title: PHP-FPM

Search URL Search Domain Scan URL

URL: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
Title: a security advisory

Search URL Search Domain Scan URL

URL: https://www.php.net/ChangeLog-7.php#7.3.11
Title: 7.3.11

Search URL Search Domain Scan URL

URL: https://www.php.net/ChangeLog-7.php#7.2.24
Title: 7.2.24

Search URL Search Domain Scan URL

URL: https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
Title: This blog post

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=EOgWXyo0Y6o
Title: Fixing data leaks in Jira (ZDNet YouTube)

Search URL Search Domain Scan URL

URL: https://www.cnet.com/how-to/the-best-home-security-systems-of-2019/?ftag=CMG-01-10aaa1b
Title: Best home security of 2019: Professional monitoring and DIY (CNET)

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/article/how-to-control-location-tracking-on-your-iphone-in-ios-13/?ftag=CMG-01-10aaa1b
Title: How to control location tracking on your iPhone in iOS 13 (TechRepublic)

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=cbsinteractive-zdnet&utm_medium=referral&utm_content=alternating-thumbnails-a:ZDNETarticleDesktop/Tablet-Below%20Article%20Thumbnails:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://www.giga.de/extra/netzkultur/gallery/die-haesslichsten-platten-cover-der-musikgeschichte/?utm_source=taboola&utm_medium=reco_widgets&utm_term=cbsinteractive-zdnet&utm_content=391_Giga_Desktop_die-haesslichsten-platten-cover-der
Title: Giga

Search URL Search Domain Scan URL

URL: https://www.kino.de/star/linda-de-mol/bilderstrecken/was-wurde-aus-linda-de-mol-das-macht-die-traumhochzeit-moderatorin-heute/?utm_source=taboola&utm_medium=reco_widgets&utm_term=cbsinteractive-zdnet&utm_content=0113_Kino_Desktop_star/linda-de-mol/bilderstrecken/wa
Title: Kino

Search URL Search Domain Scan URL

URL: https://mackeeper.com/link/4e54bcec-f1b3-11e9-936e-127369ec21d1?lang=de&tid_ext=Die+wahre+Leistung+Ihres+Mac+sehen+Sie+bei+diesem+Hack;2840492160;1039694;CjA1MzBlNTc3ZS1kZGYzLTQzZWUtOGM4Ny0wMTlhNGNjOWVjMDUtdHVjdDRjYzcxYjcSC2tyb21ldGNoLXNj
Title: MacKeeper

Search URL Search Domain Scan URL

URL: https://trf.greatviews.de/cl?m315=c&q=UuUhGp3Jm7uQbNkxXx5Lkkjg&pscode=01_100_42648_1020_2187_0007_00_AFsite_cbsinteractive-zdnet_cid_249867283ID_GV00ID
Title: Parship

Search URL Search Domain Scan URL

URL: https://www.holzkern.com/de/handgefertigt-aus-holz-und-stein-warum-diese-uhren-so-besonders-sind/?utm_source=taboola&utm_medium=cbsinteractive-zdnet
Title: Holzkern

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/clk/445361661;223348962;k?https://service.pflege.de/treppenlifte?&CID=DE_DIS_1221746.cbsinteractive-zdnet.237235938&utm_source=dis_taboola&utm_medium=native&utm_campaign=2.3_Treppenlift_Desktop&utm_content=cbsinteractive-zdnet
Title: Pflege.de

Search URL Search Domain Scan URL

URL: https://trkwl.me/?flux_fts=cppipptqaxpaozlqqlecppipocxplittolqcp2e014&campaign={campaign}&publisher=cbsinteractive-zdnet&ad=The+New+Budget+SmartWatch%2C+Everyone+In+Germany+Is+Talking+About&creative=http%3A%2F%2Fblogs.dailylifetech.com%2Fb%2Fxwatch%2F292%2F007.jpg&banner_id=2850623889&tb_cid=CjA1MzBlNTc3ZS1kZGYzLTQzZWUtOGM4Ny0wMTlhNGNjOWVjMDUtdHVjdDRjYzcxYjcSE3dvcmxkbGVhZHNtZWRpYTItc2M
Title: XWatch

Search URL Search Domain Scan URL

URL: https://www.10bestesingleboersen.de/?utm_source=taboola&utm_medium=cbsinteractive-zdnet&a=T436&utm_campaign=T436&taboola_campaign=1714745&c=239220945&taboolaclickid=CjA1MzBlNTc3ZS1kZGYzLTQzZWUtOGM4Ny0wMTlhNGNjOWVjMDUtdHVjdDRjYzcxYjcSFm5hdHVyYWxpbnRlbGxpZ2VuY2Utc2M&campaign_id=1714745&ad_id=239220945&publisher_id=cbsinteractive-zdnet
Title: Top Singlebörsen

Search URL Search Domain Scan URL

URL: http://cbsi.force.com/CBSi/zdnetcommunityfaq
Title: Community Guidelines

Search URL Search Domain Scan URL

URL: http://www.cbsinteractive.com/legal/cbsi/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://cbsi.secure.force.com/CBSi/articles/FAQ/Privacy-Policy?categories=CBS_Interactive%3AmPrivacy&template=template_mobilePrivacy&referer=mobileprivacy.com&data=&cfs=default
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://cbsi.secure.force.com/CBSi/articles/FAQ/mThird-Party-Social-Networking-Services?template=template_mobilepp&referer=mobilepp.com&data=&cfs=default
Title: Video Services Policy

Search URL Search Domain Scan URL

URL: https://cbslnk.cbsileads.com/redir?edition=en&ursuid=&devicetype=desktop&pagetype=article&assettitle=nasty+php7+remote+code+execution+bug+exploited+in+the+wild&assettype=content_article&topicguid=&viewguid=8e177b97-7b58-46f3-80d2-17777e48d0b5&docid=33161585&promo=2150&ftag_cd=LGN22ef1e6&spotname=right-rail&destUrl=https%3A%2F%2Fwww.techrepublic.com%2Fresource-library%2Fwhitepapers%2Fit-security-and-privacy-concerns-initiatives-and-predictions-techrepublic-premium%2F%3Fpromo%3D2150%26ftag%3DLGN22ef1e6%26cval%3Dright-rail%26source%3Dzdnet&ctag=medc-right-rail&siteId=2&rsid=cnetzdnetglobalsite&sl=en&sc=&assetguid=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&q=&cval=33161585;2150&ttag=&bhid=
Title: IT security and privacy: Concerns, initiatives, and predictions (TechRepublic Premium)

Search URL Search Domain Scan URL

URL: https://www.techrepublic.com/resource-library/company/techrepublic-premium/
Title: TechRepublic Premium

Search URL Search Domain Scan URL

URL: https://cbslnk.cbsileads.com/redir?edition=en&ursuid=&devicetype=desktop&pagetype=article&assettitle=nasty+php7+remote+code+execution+bug+exploited+in+the+wild&assettype=content_article&topicguid=&viewguid=8e177b97-7b58-46f3-80d2-17777e48d0b5&docid=173725&promo=2150&ftag_cd=LGN22ef1e6&spotname=right-rail&destUrl=https%3A%2F%2Fwww.techrepublic.com%2Fresource-library%2Fwhitepapers%2Finformation-security-policy%2F%3Fpromo%3D2150%26ftag%3DLGN22ef1e6%26cval%3Dright-rail%26source%3Dzdnet&ctag=medc-right-rail&siteId=2&rsid=cnetzdnetglobalsite&sl=en&sc=&assetguid=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&q=&cval=173725;2150&ttag=&bhid=
Title: Information security policy

Search URL Search Domain Scan URL

URL: https://cbslnk.cbsileads.com/redir?edition=en&ursuid=&devicetype=desktop&pagetype=article&assettitle=nasty+php7+remote+code+execution+bug+exploited+in+the+wild&assettype=content_article&topicguid=&viewguid=8e177b97-7b58-46f3-80d2-17777e48d0b5&docid=177458&promo=2150&ftag_cd=LGN22ef1e6&spotname=right-rail&destUrl=https%3A%2F%2Fwww.techrepublic.com%2Fresource-library%2Fwhitepapers%2Fit-security-survival-guide-second-edition-iso%2F%3Fpromo%3D2150%26ftag%3DLGN22ef1e6%26cval%3Dright-rail%26source%3Dzdnet&ctag=medc-right-rail&siteId=2&rsid=cnetzdnetglobalsite&sl=en&sc=&assetguid=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&q=&cval=177458;2150&ttag=&bhid=
Title: IT Security Survival Guide, Second Edition -- ISO

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pages/ZDNet/5953112932
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/zdnet
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ
Title:

Search URL Search Domain Scan URL

URL: http://legalterms.cbsinteractive.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://legalterms.cbsinteractive.com/cookies
Title: Cookies

Search URL Search Domain Scan URL

URL: http://legalterms.cbsinteractive.com/adchoice
Title: Ad Choice

Search URL Search Domain Scan URL

URL: http://legalterms.cbsinteractive.com/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://legalterms.cbsinteractive.com/eula
Title: Mobile User Agreement

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://cbsi.secure.force.com/CBSi/knowledgehome?referer=zdnet.com
Title: Site Assistance

Search URL Search Domain Scan URL

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

URL: https://www.cbsinteractive.com/legal/cbsi/privacy-policy/cookies-and-beacons
Title: cookie policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/Wqf77UJbb0 Page URL
https://zd.net/2KuapCh HTTP 301
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://tags.bluekai.com/site/20486?limit=0&id=3606145196947406860&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=3606145196947406860%26eid=50056 HTTP 302
https://ml314.com/csync.ashx?fp=gTWOJx99999pFBJ5&person_id=3606145196947406860&eid=50056

Request Chain 88

https://idsync.rlcdn.com/395886.gif?partner_uid=3606145196947406860 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYwNjE0NTE5Njk0NzQwNjg2MBAAGg0ItdjL7gUSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=b5945d2064e4b266e632f850f34a81f154018afbc62c4419df0dfa2c58f9dcd0f4cb09cee1a4f8eb&person_id=3606145196947406860&eid=50082

Request Chain 89

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606145196947406860%26eid=50220 HTTP 302
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606145196947406860%26eid=50220&mm_bnc&mm_bct&UUID=c79d5dd2-dd84-4200-9691-3d55828b941c HTTP 302
https://ml314.com/csync.ashx?fp=c79d5dd2-dd84-4200-9691-3d55828b941c&person_id=3606145196947406860&eid=50220

Request Chain 90

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606145196947406860 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606145196947406860 HTTP 302
https://ml314.com/csync.ashx?fp=81762278b7f3cd1bac47ed654c87bcd7&eid=50146&person_id=3606145196947406860

Request Chain 91

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2OOSN5aNNjAPsw-uks0Lb89DJF-iYxKDYeyxzS2ZUOEk&gdpr=1&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil HTTP 302
https://ml314.com/csync.ashx?fp=2OOSN5aNNjAPsw-uks0Lb89DJF-iYxKDYeyxzS2ZUOEk&person_id=3606145196947406860&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil

Request Chain 92

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3606145196947406860&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3606145196947406860&redir=

Request Chain 100

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

Request Chain 120

https://pixel.everesttech.net/4083/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23ecid%3D__EFIMSORGID__%26google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26optout%3D__EFOPTOUT__%26throttleCookie%3D__EFSYNC__%26time%3D__EFTIME__ HTTP 302
https://www.everestjs.net/static/pixel_details.html

Request Chain 141

https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp=https%3A//t.co/Wqf77UJbb0&ts=compact&rnd=1574104118082 HTTP 302
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp=https%3A//t.co/Wqf77UJbb0&ts=compact&rnd=1574104118082&ja=1

Request Chain 143

https://sb.scorecardresearch.com/b?c1=2&c2=3005086&ns__t=1574104118083&ns_c=UTF-8&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&c9=https%3A%2F%2Ft.co%2FWqf77UJbb0 HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1574104118083&ns_c=UTF-8&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&c9=https%3A%2F%2Ft.co%2FWqf77UJbb0

Request Chain 156

https://cm.everesttech.net/cm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WGRMc05nQUFBUDNIYmlzTA HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEP5cD8XCMP-qr357itgYExE&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 164

https://www.googleadservices.com/pagead/conversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=NuzSXZOdCsyK7_UP0K2J2Ac&random=1283520156&sscte=1&crd=&gtd= HTTP 302
https://www.google.com/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=1283520156&crd=&is_vtc=1&random=1513401166 HTTP 302
https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=1283520156&crd=&is_vtc=1&random=1513401166&ipr=y

339 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Wqf77UJbb0 Show response
t.co/ 221 B
466 B 152ms
138ms Document
text/html 104.244.42.197
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

22f71c21eb2309397ddaece26f9c16c1b282969a63ae3dce4aee8f98ff66401e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /Wqf77UJbb0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
cache-control: private,max-age=300
content-encoding: gzip
content-length: 173
content-type: text/html; charset=utf-8
date: Mon, 18 Nov 2019 19:08:34 GMT
expires: Mon, 18 Nov 2019 19:13:34 GMT
server: tsa_o
set-cookie: muc=a4eeb882-e503-450b-bd56-acdf1a40009b; Max-Age=63072000; Expires=Wed, 17 Nov 2021 19:08:34 GMT; Domain=t.co
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: ce6e7beb4fa1c71abc86c57fb033b1a3
x-response-time: 128
x-xss-protection: 0

GET
H2

200

Primary Request / Show response
www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Redirect Chain

https://zd.net/2KuapCh
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

472 KB
108 KB

1110ms
1093ms

Document
text/html

2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

7b7612d5ce5102a59484c4d41bdc0235c9cc3c52141474815da28214770e3504

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.zdnet.com
:scheme: https
:path: /article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://t.co/Wqf77UJbb0
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://t.co/Wqf77UJbb0

Response headers

status: 200
server: nginx
content-type: text/html; charset=UTF-8
cache-control: max-age=5400, private
x-tx-id: 52f5cfb4-8b09-4b04-a55d-4f6de7313b85
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
expires: Mon, 18 Nov 2019 20:38:36 GMT
last-modified: Mon, 18 Nov 2019 19:08:36 GMT
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://www.zdnet.com
content-encoding: gzip
accept-ranges: bytes
date: Mon, 18 Nov 2019 19:08:36 GMT
set-cookie: fly_device=desktop; expires=Mon, 25-Nov-2019 19:08:36 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; expires=Mon, 25-Nov-2019 19:08:36 GMT; path=/; domain=.zdnet.com; secure fly_preferred_edition=eu; path=/; domain=.zdnet.com; secure fly_default_edition=eu; path=/; domain=.zdnet.com; secure
vary: Accept-Encoding, User-Agent
strict-transport-security: max-age=63072000; includeSubDomains; preload

Redirect headers

Cache-Control: private, max-age=90
Content-Length: 176
Content-Security-Policy: referrer always;
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Nov 2019 19:08:35 GMT
Location: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Referrer-Policy: unsafe-url
Server: nginx
Set-Cookie: _bit=jaij8z-5847985f48bffd3465-00G; Domain=zd.net; Expires=Sat, 16 May 2020 19:08:35 GMT
Strict-Transport-Security: max-age=1209600
Connection: close

GET
H2 200 main-7e4e5d35ca-rev.css
zdnet2.cbsistatic.com/fly/1860-fly/css/core/ 344 KB
63 KB 19ms
5ms Stylesheet
text/css 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0dd96e4c2618b847e44b23e56ab9ca48410e53a21d35a5dbed55526d6fdf9cd5

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32545
status: 200
strict-transport-security: max-age=31536000
content-length: 63660
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:21:40 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd262a4-55e0f"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:10 GMT

GET
H2 200 controls-ade16878b9-rev.css
zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/ 17 KB
4 KB 31ms
17ms Stylesheet
text/css 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-ade16878b9-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

76d54e3e54e9e510919a16e465341bfa77820a8e10f52b8ccb2064580b4f58c4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32544
status: 200
strict-transport-security: max-age=31536000
content-length: 3687
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:21:51 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd262af-4408"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:11 GMT

GET
H2 200 evidon-sitenotice-tag.js Show response
zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/ 69 KB
14 KB 11ms
11ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/evidon-sitenotice-tag.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

8998e68f9bb1686ca1e03fcf3f0d6ea669c32d1f3554aeea809f1b1824ff6625

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 400406
status: 200
strict-transport-security: max-age=31536000
content-length: 13960
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Nov 2019 16:36:32 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcc3110-1134e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2019 03:55:10 GMT

GET
H2 200 country.js Show response
c.evidon.com/geo/ 260 B
512 B 45ms
13ms Script
application/x-javascript 2.20.171.216
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/country.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.20.171.216 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-20-171-216.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
last-modified: Wed, 30 May 2018 22:23:16 GMT
server: AkamaiNetStorage
access-control-allow-origin
etag: "c1e367d098d326049811561575dbda4a:1527718996"
access-control-max-age: 86400
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
status: 200
accept-ranges: bytes
access-control-allow-headers: *
content-length: 260

GET
H2 200 snthemes.js Show response
zdnet3.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/ 94 KB
8 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/snthemes.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

39f0e13a96fd029965b5b5fd3504853b6fe6ded07b4dd8862a0e033be626e655

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 409372
status: 200
strict-transport-security: max-age=31536000
content-length: 7763
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Nov 2019 16:36:32 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcc3110-177f3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2019 01:25:43 GMT

GET
H2 200 settings.js Show response
zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/ 33 KB
2 KB 30ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/settings.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ad7ed17bf4c8d9dd2511e7254670822d0f90c8fb89187f860cfbcb91821abc84

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54469
status: 200
strict-transport-security: max-age=31536000
content-length: 1669
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:35:37 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdac89-828e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 04:00:47 GMT

GET
DATA 200
OK truncated
/ 917 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 en.js Show response
zdnet2.cbsistatic.com/fly/js/libs/evidon/translations/ 311 KB
14 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/js/libs/evidon/translations/en.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/evidon-sitenotice-tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

caab9bbec165591d5214448b624dae44a3cbc575721ba71da2f7130bbbcbc6dc

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316643
status: 200
strict-transport-security: max-age=31536000
content-length: 14353
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:39:36 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdad78-4ddff"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Nov 2019 03:11:13 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 catalin-cimpanu.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/ 910 B
1 KB 7ms
6ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/catalin-cimpanu.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ba2fa15976662b87f31dccdd53d415b927f2118760fdafc4ac21dd2c1b234ff3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
x-content-type-options: nosniff
age: 4698788
status: 200
nncoection: close
strict-transport-security: max-age=31536000
content-length: 910
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Sep 2018 02:32:23 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Sep 2020 09:53:51 GMT

GET
H2 200 php.png
zdnet2.cbsistatic.com/hub/i/2018/10/14/8cb090a5-da9d-47c8-b769-e1a9692a5c62/f012e605ffc8c4319a9923f1cddcf320/ 4 KB
3 KB 6ms
6ms Image
image/png 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/2018/10/14/8cb090a5-da9d-47c8-b769-e1a9692a5c62/f012e605ffc8c4319a9923f1cddcf320/php.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

93186c254a44cae276e2c5b92fd902fb3d91a52c34d1e5b9aceab13855884401

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2030863
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 3016
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3bcf6eecb2611212e088d0d91f2ade9c"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-ansible.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/04/11/2f40e47f-ad7c-4cfe-b491-20fc67c13d9d/thumbnail/170x128/671f950f4355142bdd44015ec488f4c4/ 6 KB
6 KB 7ms
7ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2019/04/11/2f40e47f-ad7c-4cfe-b491-20fc67c13d9d/thumbnail/170x128/671f950f4355142bdd44015ec488f4c4/gallery-ansible.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

490e4bfc694eb831ba439b5d5decbe1b488391681ee6424fa439683a4e4dc095

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7799493
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 6399
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "0b7a9d54deeb611edc4540d286e9a042"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-capistrano.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/04/11/53a92ced-1684-4a2c-87d6-18934171588a/thumbnail/170x128/ec27141866f1c646de12308941d6f9ef/ 6 KB
6 KB 21ms
9ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/04/11/53a92ced-1684-4a2c-87d6-18934171588a/thumbnail/170x128/ec27141866f1c646de12308941d6f9ef/gallery-capistrano.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

4dabcf86a321e132330448c63a36d88816c4f633896650bf2231e0a074d9f0d9

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2917880
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 6017
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "eb2e9dffe58d635b7d72e99c8e61b5f2"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-docker.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/04/11/9b12f043-817b-483d-a129-7acb6f7f1f48/thumbnail/170x128/360989bccae6160cdd934d50aca8a96a/ 6 KB
6 KB 7ms
7ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/04/11/9b12f043-817b-483d-a129-7acb6f7f1f48/thumbnail/170x128/360989bccae6160cdd934d50aca8a96a/gallery-docker.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

723a9ea05d1491d99d5defcd6db01a8c9fb50b583e69889abad120b0a74a2c2a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4701620
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 6575
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a85edfa24307bad582dbfb9713d7eb6b"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-ganglia.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/04/11/dd3ce6e3-2e64-473c-a610-92c855e71795/thumbnail/170x128/117e514c57ebf88afc4203eedfda75d1/ 8 KB
8 KB 20ms
8ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/04/11/dd3ce6e3-2e64-473c-a610-92c855e71795/thumbnail/170x128/117e514c57ebf88afc4203eedfda75d1/gallery-ganglia.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

4b6d022516b48072704aeeb407e2d557568647087feefa57f1b216abcd49c171

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2109442
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 7912
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3dcaf04c357c577a857f3ffadc555f9b"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-gradle.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/04/11/91018dfe-2957-44c0-804c-d4867d4191f8/thumbnail/170x128/026e49c23ae588258e7923b3d853fd2b/ 9 KB
9 KB 7ms
7ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/04/11/91018dfe-2957-44c0-804c-d4867d4191f8/thumbnail/170x128/026e49c23ae588258e7923b3d853fd2b/gallery-gradle.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3a18cc29d89287ebb9fa636217661fa8879a33f91abe2ff4e730fd1065d526c7

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4053434
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 8819
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "1d7b813d77ada92b4c5998ec42a3cde9"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 mag-white01.png
zdnet3.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/core/ 1 KB
1 KB 7ms
7ms Image
image/png 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/core/mag-white01.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32542
status: 200
strict-transport-security: max-age=31536000
content-length: 936
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:18:33 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd261e9-4f1"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:13 GMT

GET
H2 200 Raleway-Bold.woff2
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 51 KB
51 KB 29ms
17ms Font
font/woff2 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Bold.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9db8bd3e641dc88d54edf476a148e75e29b4e8ccd040cb340404d557578dcfbd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
Origin: https://www.zdnet.com

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
x-content-type-options: nosniff
age: 10803703
status: 200
nncoection: close
strict-transport-security: max-age=31536000
content-length: 52212
x-xss-protection: 1; mode=block
last-modified: Tue, 16 Jul 2019 08:38:39 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5d2d8d0f-cbf4"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jul 2020 18:06:51 GMT

GET
H2 200 Raleway-Light.woff2
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 50 KB
51 KB 28ms
16ms Font
font/woff2 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Light.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6de73873dd441f953668e77030299f082e0f3e6335bf944d88d44978162e6609

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
Origin: https://www.zdnet.com

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
x-content-type-options: nosniff
age: 10803702
status: 200
strict-transport-security: max-age=31536000
content-length: 51608
x-xss-protection: 1; mode=block
last-modified: Tue, 16 Jul 2019 08:38:39 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5d2d8d0f-c998"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jul 2020 18:06:51 GMT

GET
H2 200 Raleway-Regular.woff2
zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 50 KB
51 KB 17ms
6ms Font
font/woff2 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Regular.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

66ef1b7581d8ef7b82bfe2ca363a612a479d89b808e2241f68d3e8c75f4f06d4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
Origin: https://www.zdnet.com

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
x-content-type-options: nosniff
age: 10257877
status: 200
strict-transport-security: max-age=31536000
content-length: 51572
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jul 2019 16:01:41 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5d35dde5-c974"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jul 2020 01:11:57 GMT

GET
H2 200 require-2.1.2.js Show response
zdnet2.cbsistatic.com/fly/1860-fly/js/libs/ 16 KB
6 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f96f203f5605c9f56e7f6f97caf6ea84f122872ec3c5ac1f9037a1b508c706ee

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32545
status: 200
strict-transport-security: max-age=31536000
content-length: 6305
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:21:37 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd262a1-3f09"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:10 GMT

GET
H2 200 logo.png
zdnet2.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/core/ 4 KB
4 KB 6ms
6ms Image
image/png 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/core/logo.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34617
status: 200
strict-transport-security: max-age=31536000
content-length: 4128
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:35:37 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdac89-1009"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 09:26:44 GMT

GET
H2 200 vendorlist.js Show response
zdnet2.cbsistatic.com/fly/js/libs/evidon/ 113 KB
51 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/js/libs/evidon/vendorlist.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/evidon-sitenotice-tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

eb07b53d262575cef96004e2be725ac235db39262e9bb8466a2a9b85cf532aa8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182001
status: 200
strict-transport-security: max-age=31536000
content-length: 52305
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:39:36 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdad78-1c3b9"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2019 16:35:13 GMT

GET
H2 200 main.default.js Show response
zdnet3.cbsistatic.com/fly/1860-fly/js/ 209 KB
69 KB 7ms
7ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

371678c738b3bbea36b32d7cb5b0b4d14182ee51ac165ae7ae45f6dc78c29a3d

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32544
status: 200
strict-transport-security: max-age=31536000
content-length: 70828
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:21:38 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd262a2-343aa"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:11 GMT

GET
H/1.1 200
OK ls-zdnet.js Show response
js-sec.indexww.com/ht/ 94 KB
29 KB 39ms
12ms Script
text/javascript 72.247.225.98
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.98 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72d17955a9639827785e752152d5641881e5c9781a5ed2069e871af0f0b5a619

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Nov 2019 18:15:31 GMT
Server: Apache
ETag: "7624fa-176c0-597a2eedd6d34"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=596
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 29092
Expires: Mon, 18 Nov 2019 19:18:32 GMT

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame B8AB 187 KB
47 KB 26ms
11ms Script
application/javascript 2a02:26f0:6c00:181::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: br
Last-Modified: Tue, 12 Nov 2019 10:04:32 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 47928

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 51 KB
16 KB 37ms
16ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

e6714e710a44b528d83256bfcf631af84847ae6b456ec21c7aab672e5c32e282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "341 / 149 of 1000 / last-modified: 1574096821"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15662
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:36 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 26ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41AF) /
Resource Hash: f5b5ac5fdb8870504505be0a9522061f905e5c1b25a927f877303785129cb3f9

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Oct 2019 23:03:20 GMT
Server: ECS (fcn/41AF)
Etag: "dbb5834a50c19a7a8e3ad3ae8f1c1329+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28705

GET
H2 200 evidon-banner.js Show response
zdnet2.cbsistatic.com/fly/js/libs/evidon/ 8 KB
2 KB 6ms
5ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/js/libs/evidon/evidon-banner.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/evidon-sitenotice-tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

c649aaa88ce29f86caa50dc08e1745c9783e049656ff2d5a93ef813b7f0c662a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 481527
status: 200
strict-transport-security: max-age=31536000
content-length: 2440
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:33:27 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dc97f47-1faf"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Nov 2019 05:23:04 GMT

GET
H2 204 18863
l.betrad.com/site/v3/425/3445/3/1/2/2/ 0
120 B 264ms
87ms Image
text/plain 52.2.113.48
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/425/3445/3/1/2/2/18863?consent=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.113.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-113-48.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 204
date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 ;ord=1574104116782
ad.doubleclick.net/ddm/ad/mxbxcvw/shg/tbxznbmvh/ 43 B
596 B 37ms
15ms Image
image/gif 172.217.21.230
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/ad/mxbxcvw/shg/tbxznbmvh/;ord=1574104116782?

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f6.1e100.net

Software

cafe /

Resource Hash

9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:36 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 18863
l.betrad.com/site/v3/425/3445/3/4/2/2/ 0
120 B 234ms
87ms Image
text/plain 52.2.113.48
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/425/3445/3/4/2/2/18863?consent=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.113.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-113-48.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 204
date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
536 B 92ms
30ms XHR
application/json 52.215.98.88
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184216
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.98.88 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-98-88.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 9d6844f9a66630f40b7f8db61d06b303297f1cb7dcaa6853dc354b6ba8a866e5

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
x-aspnet-version: 4.0.30319
status: 200
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.zdnet.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Wed, 18 Dec 2019 19:08:36 GMT

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 267ms
115ms Script
application/javascript 35.190.38.167
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://urs.zdnet.com/sdk/urs.js
Requested by: Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.38.167 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 167.38.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ffaeeea8b8a09eda9e1eb2f2dc2c9ae055afb7fdbd4d88f57f324f8cad1d4ac5

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
via: 1.1 google
last-modified: Thu, 07 Feb 2019 14:05:56 GMT
etag: "5c5c3b44-c7f5"
content-type: application/javascript
status: 200
accept-ranges: bytes
alt-svc: clear
content-length: 51189

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
778 B 37ms
15ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
778 B 41ms
19ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2019111401.js Show response
securepubads.g.doubleclick.net/gpt/ 159 KB
58 KB 15ms
15ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

7aee25147e91ea27917ac5cfd8ea30fdcae0e6b1072e51a1d644dafb76ab5c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 59644
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:36 GMT

GET
H/1.1 200
OK widget_iframe.2d991e3dfc9abb2549972ce8b64c5d85.html
platform.twitter.com/widgets/ Frame 37F3 0
0 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d991e3dfc9abb2549972ce8b64c5d85.html?origin=https%3A%2F%2Fwww.zdnet.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4192) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Nov 2019 19:08:36 GMT
Etag: "7d3f6ed140174a20e7c8be261a70a863+gzip"
Last-Modified: Tue, 22 Oct 2019 22:27:25 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4192)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5816

GET
H2 200 scrolling-mpu-22779a851e-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 956 B
626 B 6ms
5ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/scrolling-mpu-22779a851e-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

4d565f67641c732365c3180ec1e37c7a987825faad3e8632de8a07a9101feedd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 442044
status: 200
strict-transport-security: max-age=31536000
content-length: 491
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Nov 2019 15:52:36 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5dcc26c4-3bc"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Nov 2019 16:21:12 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 94 KB
19 KB 27ms
7ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Requested by: Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FC3) /
Resource Hash: b2d552c0df8b25867ece11ae83f61fe132599d8307bac5d5ba743b2378d2cb1d

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Wed, 13 Nov 2019 18:23:50 GMT
server: ECAcc (frc/8FC3)
etag: "2764937052"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 19470
expires: Mon, 18 Nov 2019 19:13:36 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame B8AB 2 KB
1 KB 103ms
90ms XHR
application/json 2a02:26f0:6c00:181::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5247014&v=1.571.0&if=&sl=0&si=7ya25dmdzxl-NaN&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 3fa65e12e469cb726df63956a5dd5513b18213fd1ba59697f7e97f259296ea33

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 698

GET
H/1.1 200
OK moment~timeline~tweet.f41b02dcb58512d8e9f6d4178eb28452.js Show response
platform.twitter.com/js/ 24 KB
8 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.f41b02dcb58512d8e9f6d4178eb28452.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40E1) /
Resource Hash: 7c46604c0440be3fd2d6a5e217846cde699e81422afd52625b633bc28cfe3446

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Oct 2019 22:27:17 GMT
Server: ECS (fcn/40E1)
Etag: "acaa80339e9cea48739803700d80ebfb+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7914

GET
H/1.1 200
OK tweet.25ae5aee3c2602da5d36fbf6c51215cf.js Show response
platform.twitter.com/js/ 19 KB
7 KB 12ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/tweet.25ae5aee3c2602da5d36fbf6c51215cf.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41AD) /
Resource Hash: bd13404866644f19bfd9bb0d8c96f58536885414ba14fcae712da48d22e74631

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Oct 2019 22:27:17 GMT
Server: ECS (fcn/41AD)
Etag: "e76dffef1c1edce4c8dc5febdf76528c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6322

GET
H2 200 syndication
syndication.twitter.com/i/jot/ 43 B
147 B 123ms
123ms Image
image/gif 104.244.42.72
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1574104116915%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Mon, 18 Nov 2019 19:08:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ebf5dfdda2d34d892aca6eec31fc397a
x-transaction: 003cf73e00c10151
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 tweets.json Show response
cdn.syndication.twimg.com/ 6 KB
2 KB 147ms
145ms Script
application/javascript 2606:2800:134:fa2:1627:1fe:edb:1665
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweets.json?callback=__twttr.callbacks.cb0&ids=1187267849238335488&lang=en&suppress_response_codes=true&theme=light&tz=GMT%2B0100

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

tsa_f /

Resource Hash

6d882ff14a4e92b34ee7447c70342e3fb51fcc83c58bef39834cac4d046b1f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
strict-transport-security: max-age=631138519
content-length: 1669
x-xss-protection: 0
x-response-time: 121
last-modified: Mon, 18 Nov 2019 19:08:36 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=60
x-connection-hash: e3bba7a6adbba2ab0637424b1b72594d
timing-allow-origin: *
x-transaction: 004e97df00f660cb
expires: Mon, 18 Nov 2019 19:09:36 GMT

GET
H/1.1 200
OK isInternalUser.js Show response
iicbsi-a.akamaihd.net/common/js/esi/ 22 B
272 B 37ms
8ms Script
application/x-javascript 2a01:4a0:1338:28::c38a:ff18
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://iicbsi-a.akamaihd.net/common/js/esi/isInternalUser.js?cb=cbsiInternal
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff18 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0f91e664ba993207337dbd5b1ab9f156c5f579d99d9b2e1315706815deadd0ae

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Cache-Control: max-age=308798
Server: AkamaiNetStorage
Connection: keep-alive
ETag: "fb25287978f1b619e801f164a2dfd9ea:1473886414"
Content-Length: 22
Content-Type: application/x-javascript

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 78 KB
28 KB 61ms
25ms Script
text/javascript 2606:4700::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2415293
status: 200
content-type: text/javascript
content-length: 27746
x-amz-id-2: XaZZfksc5tY2QYKqWg2l9SF0g4tYYLB4/OoiMCVw8qhEZI1HOeFOpmyjOyB6h9h9/hQcx65+CBU=
last-modified: Mon, 21 Oct 2019 20:13:23 GMT
server: cloudflare
etag: "df893ab92782cedac4da4785df9ec68e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: CED68FA43CA7DB4B
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 537c3beb095a5a18-VIE
expires: Mon, 18 Nov 2019 19:38:36 GMT

GET
H2 200 utag.1779.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 3 KB
2 KB 13ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1779.js?utv=ut4.43.201812051842
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F05) /
Resource Hash: cd5e6512fdbb698425174148dba05f72357a3b1944413f8812c55c4025d3d562

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Mon, 11 Jul 2016 20:43:57 GMT
server: ECAcc (frc/8F05)
etag: "392561602"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1785
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H2 200 utag.1782.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
1 KB 14ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1782.js?utv=ut4.43.201810291720
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F54) /
Resource Hash: 791b7ff5657f9c41e24adaa1f6f5a4dc51046d292b25b01a5a8d152ff4a951ac

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Mon, 29 Oct 2018 17:20:42 GMT
server: ECAcc (frc/8F54)
etag: "3447796852"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1071
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H2 200 utag.1787.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 142 KB
48 KB 9ms
8ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F08) /
Resource Hash: cdd64e5652c18bfd813e4c6adfd0d2c030bcf0c4730ac94cb6371e79cfc6f7c0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Wed, 13 Nov 2019 18:23:50 GMT
server: ECAcc (frc/8F08)
etag: "1483923147+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 48594
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H2 200 utag.1790.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
958 B 9ms
9ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1790.js?utv=ut4.43.201805241512
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F4D) /
Resource Hash: 10113bad06fefd5698a45480ffaedd421c6e06f9dbd0d1c772b7128bbea0842d

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2016 14:31:10 GMT
server: ECAcc (frc/8F4D)
etag: "2267415266"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 872
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H2 200 utag.1791.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
1 KB 14ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1791.js?utv=ut4.43.201805241512
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FD1) /
Resource Hash: 7eae865fd7c820936603897a072b7ddd77b2c74e8022160fd19792291a63fac8

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Mon, 01 Aug 2016 14:31:10 GMT
server: ECAcc (frc/8FD1)
etag: "3334871598"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1196
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H2 200 utag.1792.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 4 KB
2 KB 9ms
9ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1792.js?utv=ut4.43.201805241512
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FD0) /
Resource Hash: dabf73474662398f4f686a1b3103542f53384dd6241e6ac13f8ba535c6372aff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2016 14:28:47 GMT
server: ECAcc (frc/8FD0)
etag: "2022868805"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1664
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H2 200 utag.1797.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
968 B 14ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1797.js?utv=ut4.43.201805241512
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F79) /
Resource Hash: 3ff065de0d90b0510727a72c173d05652c30967c5e6561dbf1d82fa077cabb22

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:36 GMT
content-encoding: gzip
last-modified: Wed, 25 Jan 2017 20:07:58 GMT
server: ECAcc (frc/8F79)
etag: "1907756232"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 883
expires: Tue, 03 Dec 2019 19:08:36 GMT

GET
H/1.1 200
OK ds.js Show response
dw.cbsi.com/js/cbsi/ 18 KB
7 KB 449ms
142ms Script
application/javascript 64.30.230.22
CBS Interactive Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://dw.cbsi.com/js/cbsi/ds.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1790.js?utv=ut4.43.201805241512
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.30.230.22 Fremont, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS: phx2-dw-cbsi-xw-ext-lb.cnet.com
Software: Apache/2.4.25 /
Resource Hash: d696da403b0169c2191d0ec0b0fcdaa85487b21b19fd58f4b1fb5b9edf40b153

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Sep 2017 19:06:40 GMT
Server: Apache/2.4.25
ETag: "1917-55916dc13f000"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=43200, s-maxage=1800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=80, max=488
Content-Length: 6423
Expires: Mon, 18 Nov 2019 19:38:37 GMT

GET
H/1.1 200
OK st.v3.js Show response
www.everestjs.net/static/ 25 KB
8 KB 39ms
12ms Script
application/x-javascript 95.101.203.206
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://www.everestjs.net/static/st.v3.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.203.206 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-101-203-206.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 364efc68e57240e144c1334b7b4e77dcac0dc65d71777b38992f6cd8ffc67b73

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Nov 2019 14:50:09 GMT
Server: Apache
ETag: "1ff0663-64fd-596866ea656d9"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=40044
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7335
Expires: Tue, 19 Nov 2019 06:16:00 GMT

GET
H/1.1 200
OK anonc.js Show response
dw.cbsi.com/ 73 B
620 B 461ms
153ms Script
application/javascript 64.30.230.22
CBS Interactive Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://dw.cbsi.com/anonc.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.30.230.22 Fremont, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS: phx2-dw-cbsi-xw-ext-lb.cnet.com
Software: Apache/2.4.25 /
Resource Hash: f10810172b4a4049d548062290310253859d51dd142858309e2ef3712e8aafbc

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: Apache/2.4.25
Etag: JaUw/V3S7DWQDBEnr4o.1.dw_anonc
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cache-control: private, max-age=43200, s-max-age=0
Connection: Keep-Alive
Content-Type: application/javascript
Keep-Alive: timeout=80, max=476
Content-Length: 73
Expires: Mon, 05 Jan 1970 12:12:12 GMT

GET
H2 200 lightbox.js Show response
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame 9810 326 B
549 B 68ms
24ms Script
application/javascript 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1574104116958&lv=1
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b4a3d1551c7f6d704c039c803f2cb25d93939c4e8082c5d33b3f23caf54ab2b3

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 590093
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cf-ray: 537c3beb5c2859ee-VIE

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ 26 KB
12 KB 125ms
32ms Script
application/javascript 34.248.158.173
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?18102019
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1782.js?utv=ut4.43.201810291720
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.158.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 9c6af299685617864c257472040f437ef951afec994720a24781931cc3527017

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Nov 2019 06:30:00 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=40883
Connection: keep-alive
Content-Length: 11933
Expires: Tue, 19 Nov 2019 06:30:00 GMT

GET
H2 200 cbsinteractive.js Show response
tru.am/scripts/custom/ 3 KB
1 KB 78ms
29ms Script
text/javascript 2606:4700:20::6819:a322
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/custom/cbsinteractive.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1797.js?utv=ut4.43.201805241512
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a322 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 885fb8b9c3d2738bd627def3899f26d4d42641bbb868cc99d1fbc16f0ed9f4c6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: br
cf-cache-status: HIT
age: 1799
status: 200
x-guploader-uploadid: AEnB2UpxbP1q2nnmRHSO1HBTbwwnuLDPPAZTtv1BzwMrxEnDmIF0lVUFaJEKGQxxc7o6W0-Ho5Ici0hsJCeNX89Ljb3W90Vf6Q
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 30 Apr 2019 19:32:26 GMT
server: cloudflare
etag: W/"c486c91d1321adf59073588524182108"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=9gbW7g==, md5=xIbJHRMhrfWQc1iFJBghCA==
content-type: text/javascript
x-goog-generation: 1556652746634603
cache-control: public, max-age=86400
x-goog-stored-content-length: 2725
cf-ray: 537c3beb8b615a12-VIE
expires: Mon, 18 Nov 2019 19:38:38 GMT

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
103 B 37ms
36ms Image
image/gif 2606:4700::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=6.99211138209208
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
cf-cache-status: HIT
age: 7
status: 200
content-type: image/gif
content-length: 43
x-amz-id-2: OcY4cyGEBfGf5CYFy/mSlLaudm1wRF7bVWgegqU3WDAeBaAd2Ik4ApKJNXfUSZTdffCJWTPsdWs=
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 4F01AF13FD1D7BB8
cache-control: max-age=15, must-revalidate
accept-ranges: bytes
cf-ray: 537c3beb499a5a18-VIE

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
287 B 34ms
34ms Image
image/gif 2606:4700::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=6.99211138209208
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
cf-cache-status: HIT
age: 7
status: 200
content-type: image/gif
content-length: 43
x-amz-id-2: OcY4cyGEBfGf5CYFy/mSlLaudm1wRF7bVWgegqU3WDAeBaAd2Ik4ApKJNXfUSZTdffCJWTPsdWs=
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 4F01AF13FD1D7BB8
cache-control: max-age=15, must-revalidate
accept-ranges: bytes
cf-ray: 537c3beb499c5a18-VIE

GET
H2 200 user.js Show response
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame 9810 765 KB
125 KB 19ms
19ms Script
application/javascript 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox.js?cb=1574104116958&lv=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82bbafe6f10665c303950cee83918e548ed3048f21062fd2b79d00d67a89bd01

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: L28yRUQu8FZzxMomJSK6sQ==
age: 590092
cf-polished: origSize=1203760
status: 200
x-ms-lease-status: unlocked
last-modified: Mon, 11 Nov 2019 23:10:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 3f9b2a75-801e-0015-7de5-989758000000
expires: Tue, 17 Nov 2020 19:08:37 GMT
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 537c3beb8c5459ee-VIE
cf-bgj: minify

GET
H2 200 ta-pagesocial-sdk.js Show response
tru.am/scripts/ 35 KB
12 KB 28ms
28ms Script
application/javascript 2606:4700:20::6819:a322
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Requested by: Host: tru.am
URL: https://tru.am/scripts/custom/cbsinteractive.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a322 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: br
cf-cache-status: HIT
age: 1735
status: 200
x-guploader-uploadid: AEnB2UqAeCZx2D7aMsqrYrx-LdTcvBKkI0zDKLuu7oC5Ud707qWm6Tw2_Q4kbdcEPXwUSI1rWZfs4H8MwaSPJ0A3RaLRBH_p5g
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Fri, 19 Apr 2019 06:14:55 GMT
server: cloudflare
etag: W/"942d5ae1e512ccdf18813550428dd002"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=O7AZFg==, md5=lC1a4eUSzN8YgTVQQo3QAg==
content-type: application/javascript
x-goog-generation: 1555654495662585
cache-control: public, max-age=86400
x-goog-stored-content-length: 35540
cf-ray: 537c3bebbb865a12-VIE
expires: Mon, 18 Nov 2019 19:39:41 GMT

GET
H/1.1 200
OK tweet.a4ac5782325ad1b5e51c8b06daf47853.light.ltr.css
platform.twitter.com/css/ 51 KB
12 KB 7ms
7ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/tweet.a4ac5782325ad1b5e51c8b06daf47853.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40FC) /
Resource Hash: 458031c1beb286b351738608cbd8513550fb9f1330a80c9b3a31ef43edde2028

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Oct 2019 22:27:14 GMT
Server: ECS (fcn/40FC)
Etag: "280518989f85e11c9f154ac8f0c806ff+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 11430

GET
H/1.1 200
OK tweet.a4ac5782325ad1b5e51c8b06daf47853.light.ltr.css
platform.twitter.com/css/ 51 KB
51 KB 6ms
6ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/tweet.a4ac5782325ad1b5e51c8b06daf47853.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40FD) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Oct 2019 22:27:14 GMT
Server: ECS (fcn/40FD)
Etag: "280518989f85e11c9f154ac8f0c806ff+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 11430

GET
H2 200 fb_lightbox.2.1.5.css
www.lightboxcdn.com/static/ 4 KB
1 KB 17ms
17ms Stylesheet
text/css 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/static/fb_lightbox.2.1.5.css?cb=637091106076939970
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: q4B4xYJoZwx9ikt94o1nCA==
age: 590090
cf-polished: origSize=6016
x-ms-meta-cbmodifiedtime: Wed, 10 Apr 2019 18:50:43 GMT
status: 200
x-ms-lease-status: unlocked
last-modified: Wed, 10 Apr 2019 19:06:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-ms-request-id: 301ad383-b01e-00b7-41e5-985ac4000000
expires: Tue, 17 Nov 2020 19:08:37 GMT
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 537c3bebfcd359ee-VIE
cf-bgj: minify

GET
H2 200 ls.html
www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame 8B42 0
0 26ms
26ms Document
text/html 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=637091106076939970
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: www.lightboxcdn.com
:scheme: https
:path: /lclst/a1583f50-579b-41d0-8c4e-1cd1790d945c/ls.html?purl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&vid=a1583f50-579b-41d0-8c4e-1cd1790d945c&se=0&prev=0&cb=637091106076939970
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d44a53d2d6bb0cce4e73208ffb4feb4f81574104117
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 200
date: Mon, 18 Nov 2019 19:08:37 GMT
content-type: text/html
content-md5: xa1/rdPe0J6SwxlD7atkzw==
last-modified: Mon, 11 Nov 2019 23:10:07 GMT
x-ms-request-id: 82f0e3ca-001e-0026-72dc-9dce75000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
cf-cache-status: HIT
age: 44185
expires: Tue, 17 Nov 2020 19:08:37 GMT
cache-control: public, max-age=31536000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 537c3bec1cfa59ee-VIE
content-encoding: br

GET
H2 200 t.gif
www.lightboxcdn.com/z9g/ 35 B
256 B 16ms
16ms Image
image/gif 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lightboxcdn.com/z9g/t.gif?c=1574104117106&h=www.zdnet.com&e=p&u=40913
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 18 Nov 2019 19:08:37 GMT
cf-cache-status: HIT
content-md5: KNaBTzCeoon4R8ac+RGUxg==
age: 1512440
cf-polished: status=not_needed
x-ms-meta-cbmodifiedtime: Tue, 26 Feb 2019 00:59:40 GMT
status: 200
content-length: 35
x-ms-lease-status: unlocked
last-modified: Tue, 26 Feb 2019 01:15:02 GMT
server: cloudflare
etag: 0x8D69B87D5A1B25F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
x-ms-request-id: 48b7eafb-401e-010c-457d-f6fd65000000
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 537c3bec1cf859ee-VIE
cf-bgj: imgq:85

GET
H2 200 article-dc173c6bd0-rev.js Show response
zdnet4.cbsistatic.com/fly/js/pages/ 162 KB
45 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet4.cbsistatic.com/fly/js/pages/article-dc173c6bd0-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

86385663e668c7cd9e9eefe2169e64a1e6bc68c6da5bd3932600dc058cbb8135

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 361604
status: 200
strict-transport-security: max-age=31536000
content-length: 46332
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 14:31:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcd653e-287b2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2019 14:41:52 GMT

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 906 B
1 KB 32ms
32ms Script
application/javascript 34.248.158.173
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=50070&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&pv=1574104117137_zqoj7kceo&bl=en-us&cb=5409099&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D%5BPersonID%5D%26redir%3D&ht=&d=&dc=&si=1574104117137_zqoj7kceo&cid=8e177b97-7b58-46f3-80d2-17777e48d0b5&s=1600x1200&rp=https%3A%2F%2Ft.co%2FWqf77UJbb0
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?18102019
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.158.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 45d476cbfef9ea60d8d7defc8bc58124e23b30510fc4cd3e20050524c5f50ecd

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 522
Expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
698 B 439ms
171ms Script
application/javascript 3.93.243.95
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=18102019
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?18102019
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.93.243.95 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-93-243-95.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, no-cache="set-cookie"
Connection: keep-alive
Content-Length: 138
Expires: Tue, 19 Nov 2019 19:08:37 GMT

GET
H2 200 4gU3P-Fa_normal.jpg
pbs.twimg.com/profile_images/1024230522396893184/ 2 KB
3 KB 6ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1024230522396893184/4gU3P-Fa_normal.jpg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/41AC) /

Resource Hash

0bca2eedd443a8b8dfe138e9c9467e6b76de7f60d69495bae8f949e689e9cbf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 2415
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/8 profile_images/1024230522396893184
last-modified: Tue, 31 Jul 2018 09:47:20 GMT
server: ECS (fcn/41AC)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b873398e9a1c1a683dcde9f358a05adb
accept-ranges: bytes

GET
H2 200 EHoFvRgXYAAw8OZ
pbs.twimg.com/media/ 8 KB
9 KB 6ms
6ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EHoFvRgXYAAw8OZ?format=jpg&name=small

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40AE) /

Resource Hash

e5bd32899e67fa7c88b01ccae606bc29b05993bd892756f7c097448e27b47981

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 8576
x-response-time: 141
surrogate-key: media media/bucket/9 media/1187267761476689920
last-modified: Thu, 24 Oct 2019 07:19:07 GMT
server: ECS (fcn/40AE)
strict-transport-security: max-age=631138519
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d1cbf43204106e1dc06cc7d2b0ee83e8
accept-ranges: bytes

POST
H2 200 beacon
beacon.tru.am/ 0
0 188ms
145ms Fetch 2606:4700:20::6819:a222
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.tru.am/beacon
Requested by: Host: tru.am
URL: https://tru.am/scripts/ta-pagesocial-sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a222 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:37 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, private, max-age=0
cf-ray: 537c3bec7b53cba4-VIE
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
DATA 200
OK truncated
/ 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49c2a3cf0f363bf387c06a35a4a4e6c7255799b3776bed55914862136d783028

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 600 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 323 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 CBSI-PLAYER.js Show response
vidtech.cbsinteractive.com/uvpjs/0.42.297/ 1 MB
281 KB 49ms
7ms Script
application/javascript 151.101.14.133
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidtech.cbsinteractive.com/uvpjs/0.42.297/CBSI-PLAYER.js
Requested by: Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: gzip
age: 1940720
x-cache: HIT, HIT
status: 200
content-length: 286838
x-amz-id-2: eFLdg4aPXUFc7W4j8Nhh9UdduMDflMLRIufQ6v/Vh6+pWt+vfGcNnF3gpKRr47exsFfoiPpv1MY=
x-served-by: cache-dca17783-DCA, cache-fra19179-FRA
last-modified: Fri, 01 Feb 2019 18:20:56 GMT
server: AmazonS3
x-timer: S1574104117.211298,VS0,VE0
etag: "eb5dd4ed3dcb7641ebbcb604d7ddb038"
vary: Accept-Encoding
x-amz-request-id: F767A360D0453B01
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 3, 4

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 35 KB
14 KB 24ms
8ms Script
application/x-javascript 2600:9000:20eb:7e00:18:1fcd:349:ca21
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:7e00:18:1fcd:349:ca21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: ffe2ef5ce19169f51b69f0dfdac122f402043b13afd7c65b2dab551ebf3b7629

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 18:24:55 GMT
content-encoding: gzip
last-modified: Tue, 29 Oct 2019 02:24:02 GMT
server: nginx
age: 2621
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: M4K2rxSpWh46vBt0DXaMczYw75PvPm5NidpRuEY3lqepRAcYvdVZAg==
via: 1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront)
expires: Mon, 18 Nov 2019 20:24:55 GMT

GET
H2 200 mpulse-1.0.2.js Show response
zdnet1.cbsistatic.com/fly/js/libs/ 12 KB
5 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

763fa0bd7eff816d0a5f8c3e4075f9173a5cebf51a1e2c0d1174f841de10b9dd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276539
status: 200
strict-transport-security: max-age=31536000
content-length: 4877
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:39:38 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdad7a-2fdf"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Nov 2019 14:19:37 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://tags.bluekai.com/site/20486?limit=0&id=3606145196947406860&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=3606145196947406860%26eid=50056
https://ml314.com/csync.ashx?fp=gTWOJx99999pFBJ5&person_id=3606145196947406860&eid=50056

43 B
312 B

31ms
31ms

Image
image/gif

34.248.158.173
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=gTWOJx99999pFBJ5&person_id=3606145196947406860&eid=50056
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.158.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 19 Nov 2019 14:08:37 GMT

Redirect headers

Location: https://ml314.com/csync.ashx?fp=gTWOJx99999pFBJ5&person_id=3606145196947406860&eid=50056
Date: Mon, 18 Nov 2019 19:08:37 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 2bdf
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3606145196947406860
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYwNjE0NTE5Njk0NzQwNjg2MBAAGg0ItdjL7gUSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=b5945d2064e4b266e632f850f34a81f154018afbc62c4419df0dfa2c58f9dcd0f4cb09cee1a4f8eb&person_id=3606145196947406860&eid=50082

43 B
312 B

31ms
31ms

Image
image/gif

34.248.158.173
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=b5945d2064e4b266e632f850f34a81f154018afbc62c4419df0dfa2c58f9dcd0f4cb09cee1a4f8eb&person_id=3606145196947406860&eid=50082
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.158.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 19 Nov 2019 14:08:37 GMT

Redirect headers

date: Mon, 18 Nov 2019 19:08:37 GMT
via: 1.1 google
location: https://ml314.com/csync.ashx?fp=b5945d2064e4b266e632f850f34a81f154018afbc62c4419df0dfa2c58f9dcd0f4cb09cee1a4f8eb&person_id=3606145196947406860&eid=50082
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 307
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606145196947406860%26eid=50220
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606145196947406860%26eid=50220&mm_bnc&mm_bct&UUID=c79d5dd2-dd84-4200-9691-3d55828b941c
https://ml314.com/csync.ashx?fp=c79d5dd2-dd84-4200-9691-3d55828b941c&person_id=3606145196947406860&eid=50220

43 B
312 B

33ms
31ms

Image
image/gif

34.248.158.173
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=c79d5dd2-dd84-4200-9691-3d55828b941c&person_id=3606145196947406860&eid=50220
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.158.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 19 Nov 2019 14:08:37 GMT

Redirect headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: MT3 1913 979072d master zrh-pixel-x17
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://ml314.com/csync.ashx?fp=c79d5dd2-dd84-4200-9691-3d55828b941c&person_id=3606145196947406860&eid=50220
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Mon, 18 Nov 2019 19:08:36 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606145196947406860
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606145196947406860
https://ml314.com/csync.ashx?fp=81762278b7f3cd1bac47ed654c87bcd7&eid=50146&person_id=3606145196947406860

43 B
312 B

48ms
29ms

Image
image/gif

34.248.158.173
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=81762278b7f3cd1bac47ed654c87bcd7&eid=50146&person_id=3606145196947406860
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.158.173 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-158-173.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 19 Nov 2019 14:08:37 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:37 GMT
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location: https://ml314.com/csync.ashx?fp=81762278b7f3cd1bac47ed654c87bcd7&eid=50146&person_id=3606145196947406860
Cache-Control: no-cache
X-Server: 10.45.15.125
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2OOSN5aNNjAPsw-uks0Lb89DJF-iYxKDYeyxzS2ZUOEk&gdpr=1&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil
https://ml314.com/csync.ashx?fp=2OOSN5aNNjAPsw-uks0Lb89DJF-iYxKDYeyxzS2ZUOEk&person_id=3606145196947406860&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil

70 B
171 B

12ms
12ms

Image
image/gif

3.120.224.89
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.120.224.89 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-120-224-89.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Length: 70
Content-Type: image/gif

Redirect headers

Date: Mon, 18 Nov 2019 19:08:36 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Cache-Control: private
Connection: keep-alive
Content-Length: 168
Expires: Tue, 19 Nov 2019 14:08:37 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3606145196947406860&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3606145196947406860&redir=

42 B
873 B

30ms
30ms

Image
image/gif

54.77.236.71
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3606145196947406860&redir=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.236.71 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-77-236-71.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v054-0955fd90c.edge-irl1.demdex.com 5.63.0.20191112162344 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: TGCJ+EpUTUo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: /GalHy43Tps=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3606145196947406860&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 47ms
47ms XHR
application/json 2a02:26f0:6c00:181::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1574104117183&s=534298da9a49583524b2cd53512e1c8d8aa0b66af83dbe1da3b76127c7105533
Requested by: Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 822c9f6d9ea2ebd32d3b9c2185c1513e56930265c0293b5211f8a1ffe83fb503

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 742

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 263ms
87ms Image
image/gif 52.73.113.243
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=zdnet.com&p=%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&u=D798iIHP179CFuz_-&d=zdnet.com&g=65713&g0=security&g1=catalin%20cimpanu&n=1&f=00001&c=0&x=0&m=0&y=3706&o=1585&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=https%3A%2F%2Ft.co%2FWqf77UJbb0&b=2263&t=CR9Qg9Df34qBDN-RflDoCKF7CzeE6m&V=118&i=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&tz=-60&_acct=anon&sn=1&sv=Batt7pDxN2_JBtrBNsCXKkPpDnARga&sr=https%3A%2F%2Ft.co%2FWqf77UJbb0&sd=1&im=067b2ff3&_
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.73.113.243 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-73-113-243.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Mon, 18 Nov 2019 19:08:37 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK z Show response
lightboxapi2.azurewebsites.net/z9l/40913/www.zdnet.com/jsonp/ 217 B
502 B 616ms
167ms Script
application/javascript 23.99.128.52
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://lightboxapi2.azurewebsites.net/z9l/40913/www.zdnet.com/jsonp/z?cb=1574104117316&callback=jQuery1710483242319146175_1574104117099&_=1574104117317
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.99.128.52 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: waws-prod-dm1-001.cloudapp.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d11ce36e09c1a56a58b2832fa1de8d29ecde3c0b345c8256ec68b0169d2f98dc

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Content-Length: 289
Vary: Accept-Encoding
Content-Type: application/javascript

GET
H2 200 z.gif Show response
api1.lightboxcdn.com/z9u/LIewXglgNlCGD0BWAdABgAQApiwMYQDsAXEAZwAsBudASWIFMp0dd0B5AZXQA10BGVAH0-AFkEA2AJToAggAc5UegHV6AIwDSEIkgDMAdmS7xWDQAkAKsAAyAGnRQIAa3roA4vVxOQ0gMLkAJxAAW3p4fQAONCMATlQRZBj9dA5Y... 182 B
575 B 52ms
22ms XHR
application/javascript 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://api1.lightboxcdn.com/z9u/LIewXglgNlCGD0BWAdABgAQApiwMYQDsAXEAZwAsBudASWIFMp0dd0B5AZXQA10BGVAH0-AFkEA2AJToAggAc5UegHV6AIwDSEIkgDMAdmS7xWDQAkAKsAAyAGnRQIAa3roA4vVxOQ0gMLkAJxAAW3p4fQAONCMATlQRZBj9dA5YADNYAIg9Q2MgA___XZX/z.gif
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 03532814821f169f4c4bc775fc12dc3e79d20d73efcb9a8d278bd8756c6e6ebf

Request headers

Accept: */*
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: br
cf-cache-status: HIT
age: 82199
x-powered-by: ASP.NET
status: 200
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
access-control-allow-credentials: true
cf-ray: 537c3bed7c80cbc0-VIE
expires: Tue, 19 Nov 2019 19:08:37 GMT

GET
H/1.1 200
OK c.gif
dw.cbsi.com/clear/ 42 B
346 B 149ms
149ms Image
image/gif 64.30.230.22
CBS Interactive Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dw.cbsi.com/clear/c.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&assettitle=nasty%20php7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild&assettype=content_article&pubdate=2019-10-26%2007%3A00%3A05&viewguid=8e177b97-7b58-46f3-80d2-17777e48d0b5&devicetype=desktop&sitetype=responsive%20web&author=catalin%20cimpanu&authorid=85fd8691-f525-4ea2-a601-af296f629f7f&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&ts=1574104117396&ld=www.zdnet.com&ldc=9ebad390-2896-436a-8549-9e13c0c80c10&brwinsz=1600x1200&brscrsz=1600x1200&brlang=en-US&tcset=utf8&im=dsjs&clgf=JaUw%2FV3S7DWQDBEnr4o&xref=https%3A%2F%2Ft.co%2FWqf77UJbb0&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&title=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.30.230.22 Fremont, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS: phx2-dw-cbsi-xw-ext-lb.cnet.com
Software: Apache/2.4.25 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: Apache/2.4.25
Vary: *
Content-Type: image/gif
Cache-control: no-cache, must-revalidate, no-transform
Connection: Keep-Alive
Keep-Alive: timeout=80, max=445
Content-Length: 42
Expires: Mon, 05 Jan 1970 12:12:12 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
1 KB 38ms
38ms XHR
application/json 54.77.236.71
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&ts=1574104117426

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.236.71 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-77-236-71.eu-west-1.compute.amazonaws.com

Software

Resource Hash

fd0034d6eb55846fa76df23cfb14b23a4dc07ea641e0607b936c8156b9a21120

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v054-0530cfc30.edge-irl1.demdex.com 5.63.0.20191112162344 8ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: EA2DgJCCQvY=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 689
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
139 B 6ms
6ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=cbsi/zdnetglobalsite/201911131823&cb=1574104117427
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FC2) /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
last-modified: Thu, 14 Apr 2016 16:59:33 GMT
server: ECAcc (frc/8FC2)
etag: "2243872957"
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Mon, 18 Nov 2019 19:18:37 GMT

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame 8B98
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

6ms
6ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40D1) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://www.zdnet.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Nov 2019 19:08:37 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Tue, 22 Oct 2019 23:03:20 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40D1)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Mon, 18 Nov 2019 19:08:37 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Mon, 18 Nov 2019 19:08:37 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: ebf5dfdda2d34d892aca6eec31fc397a
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 118
x-transaction: 00a4526700077448
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
H/1.1 200
OK Cookie set dest5.html
cbsi.demdex.net/ Frame C51C 0
0 123ms
30ms Document
text/html 52.212.90.74
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cbsi.demdex.net/dest5.html?d_nsid=undefined

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.212.90.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-212-90-74.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: cbsi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=23811679339070275860307210080549980602
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 14 Nov 2019 14:06:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=23811679339070275860307210080549980602;Path=/;Domain=.demdex.net;Expires=Sat, 16-May-2020 19:08:37 GMT;Max-Age=15552000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: qO2StLMLSzw=
Content-Length: 2764
Connection: keep-alive

GET
H2 200 id Show response
saa.cbsi.com/ 90 B
623 B 59ms
15ms XHR
application/x-javascript 15.188.31.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.cbsi.com/id?d_visid_ver=2.3.0&d_fieldgroup=A&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&mid=24038154735284070340294113869661605058&ts=1574104117469

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

3e9f80d09e0f6fa80aae5bc48d6cd6afdac6724ebbd86eef600b710004fc58f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Mon, 18 Nov 2019 19:08:37 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5fc496b8d4-rrz87
vary: Origin
x-c: master-1061.Iecc33a.M0-311
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript
content-length: 90
x-xss-protection: 1; mode=block

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 261 B
941 B 144ms
39ms XHR
text/javascript 52.214.93.23
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.93.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-93-23.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 53ff0df84dda8d7b657d34f0b8858744625467aa64243985823abc53f9eb9955

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 261
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 2 KB
1 KB 55ms
55ms XHR
application/json 54.77.236.71
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=2.3.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=10D31225525FF5790A490D4D%40AdobeOrg&d_nsid=0&d_mid=24038154735284070340294113869661605058&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012EE9761A8515BA0D-6000072744427F14&ts=1574104117530

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.77.236.71 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-77-236-71.eu-west-1.compute.amazonaws.com

Software

Resource Hash

f73cd554f9a839d872ac99762067d0171d2d09830af910c470cb5cc746f9c666

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v054-0e647a536.edge-irl1.demdex.com 5.63.0.20191112162344 24ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: hx3/7nqIS78=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 688
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 s07337291771 Show response
saa.cbsi.com/b/ss/cnetzdnetglobalsite/10/JS-2.3.0/ 2 KB
2 KB 47ms
47ms Script
application/x-javascript 15.188.31.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.cbsi.com/b/ss/cnetzdnetglobalsite/10/JS-2.3.0/s07337291771?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=18%2F10%2F2019%2020%3A8%3A37%201%20-60&d.&nsid=0&jsonv=1&.d&mid=24038154735284070340294113869661605058&aid=2EE9761A8515BA0D-6000072744427F14&aamlh=6&ce=UTF-8&ns=cbsinteractive&pageName=zdnet%3A%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&g=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&r=https%3A%2F%2Ft.co%2FWqf77UJbb0&cc=USD&ch=editorial&server=www.zdnet.com&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=zdnet&v1=zdnet&h1=editorial%7Carticle&l1=github&c2=D%3Dv2&v2=eu&l2=113c25b6-ec91-11e3-95d2-02911863765e%7C113e8d49-ec91-11e3-95d2-02911863765e%7C5d68ddc2-d682-11e4-9a74-d4ae52e95e57&c3=D%3Dv3&v3=responsive%20web%7Cdesktop&l3=85fd8691-f525-4ea2-a601-af296f629f7f&c4=D%3Dv4&c5=D%3Dv5&v5=cnetzdnetglobalsite&c6=D%3Dv6&v6=editorial%7Carticle&c7=D%3Dv7&v7=D%3Dg&c8=D%3Dv8&v8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c9=D%3DUser-Agent&c10=D%3Dv10&v10=article&c11=D%3Dv11&v15=not%20authenticated%7Canon&c20=D%3Dv20&v20=nasty%20php7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild&c22=D%3Dv22&v22=content_article&c23=D%3Dv23&v23=113c25b6-ec91-11e3-95d2-02911863765e&c24=D%3Dv24&v24=8e177b97-7b58-46f3-80d2-17777e48d0b5&c25=D%3Dv25&c26=D%3Dv26&c28=D%3Dv28&c30=D%3Dv30&v30=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&c31=D%3Dv31&c33=D%3Dv33&c34=D%3Dv34&c35=D%3Dv35&v35=JaUw%2FV3S7DWQDBEnr4o&c44=D%3Dv44&v44=zdnet&c50=D%3Dv50&c51=D%3Dv51&c52=D%3Dv52&c53=D%3Dv53&c54=D%3Dv54&c65=D%3Dv65&v65=discover&c69=D%3Dv69&v85=false&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=10D31225525FF5790A490D4D%40AdobeOrg&AQE=1

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

de9ae3ebbd1aa5ea0fa2e03e632507f20dab1b25fac9dc568f6c14263247056c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-aam-tid: fY7UZtyfQcs=
date: Mon, 18 Nov 2019 19:08:37 GMT
x-content-type-options: nosniff
x-c: master-1061.Iecc33a.M0-311
p3p: CP="This is not a P3P policy"
status: 200
content-length: 1736
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-v054-0e647a536.edge-irl1.demdex.com 5.63.0.20191112162344 12ms (+1ms)
pragma: no-cache
last-modified: Tue, 19 Nov 2019 19:08:37 GMT
server: jag
xserver: anedge-5fc496b8d4-87jps
etag: 3380362851592273920-4615601451882973690
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 17 Nov 2019 19:08:37 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 76 B
521 B 36ms
35ms XHR
text/javascript 52.214.93.23
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.93.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-93-23.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 926667274b85bf7f1b0c71672b8a67b10b4c661878d2c163a1ecd3c080b5ffc5

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 76
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content / Show response
0211c83c.akstat.io/ 0
354 B 142ms
27ms XHR
image/gif 2a02:26f0:6c00:184::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://0211c83c.akstat.io/?h.pg=article&when=1574104117666&t_other=custom4%7C1445&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=72706a703700309fcbab5e1cf7c9fed8f4d82555&h.t=1574104117212&http.initiator=api&rt.start=api&rt.si=66907355-73c1-4f0f-b636-55cdd41a2407&rt.ss=1574104119411&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1

Requested by

Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:184::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:37 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Mon, 18 Nov 2019 19:08:37 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 99 B
1 KB 57ms
21ms XHR
application/javascript 185.33.223.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=11834629&size=728x90&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=z2ZBztza&psa=0&promo_sizes=970x250&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

a5a60f946ae371d211b6b008e616512c1b2419d57c0c0316c3dd164f712ad1de

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.24:80
AN-X-Request-Uuid: f2db0baa-1ffa-4e8f-94ac-2355cfd4eee2
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 99
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 99 B
1 KB 62ms
26ms XHR
application/javascript 185.33.223.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=11834625&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=S2MeNeEI&psa=0&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

2c5b007faad4d45c5a1432ff314826dc530741524c15e5b6b0df5197ef43eb92

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.40:80
AN-X-Request-Uuid: 9885252c-383c-442c-80ff-47f1f5f7268c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 99
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 99 B
1 KB 96ms
61ms XHR
application/javascript 185.33.223.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=11834627&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=UTELx5Ix&psa=0&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e6b1766ed4880584708c3cafa6c5955d593d9c07511ca199d84ad211577160d6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.134:80
AN-X-Request-Uuid: 824c0db0-4e7f-43ba-bbc5-1b1e2ee592b9
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 99
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 99 B
1 KB 71ms
36ms XHR
application/javascript 185.33.223.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=11834631&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=l8SnNGxn&psa=0&promo_sizes=300x600&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

98e7b2a59ae1e87cfcb103e140d62403cd47f09581e7a0338661943dce62900f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.240:80
AN-X-Request-Uuid: e670b273-e387-4e61-965b-df8a445586f5
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 99
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 99 B
1 KB 69ms
34ms XHR
application/javascript 185.33.223.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=11834632&size=728x90&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=1zG32xts&psa=0&promo_sizes=970x250&referrer=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.80 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

251.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

56bf23712a69fd442b3f61b0d7060b84e09a35627d52e72d443f078a60dae972

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 251.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.144:80
AN-X-Request-Uuid: de31ac05-02db-4b0f-a7f7-d809cae48e92
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 99
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 66 B
943 B 199ms
173ms XHR
text/javascript 72.247.225.98
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=182823&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A11765543%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F%22%2C%22ref%22%3A%22https%3A%2F%2Ft.co%2FWqf77UJbb0%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22202%22%2C%22siteID%22%3A%22182829%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22220%22%2C%22siteID%22%3A%22183316%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22209%22%2C%22siteID%22%3A%22182828%22%7D%2C%22id%22%3A%223%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22210%22%2C%22siteID%22%3A%22182826%22%7D%2C%22id%22%3A%224%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22208%22%2C%22siteID%22%3A%22182824%22%7D%2C%22id%22%3A%225%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22222%22%2C%22siteID%22%3A%22182825%22%7D%2C%22id%22%3A%226%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22219%22%2C%22siteID%22%3A%22183315%22%7D%2C%22id%22%3A%227%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%22201%22%2C%22siteID%22%3A%22182823%22%7D%2C%22id%22%3A%228%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22bda0eef5-5f8e-42f9-a31b-6bfafcc61096%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222019-11-18T19%3A08%3A36%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.98 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0f2f503559bf91ee627a5b0d76c76a2db2a45f08671d557e75fc6aa5abda1977

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 86
Expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 78 KB
27 KB 37ms
37ms Script
text/javascript 2606:4700::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2415295
status: 200
content-type: text/javascript
content-length: 27746
x-amz-id-2: XaZZfksc5tY2QYKqWg2l9SF0g4tYYLB4/OoiMCVw8qhEZI1HOeFOpmyjOyB6h9h9/hQcx65+CBU=
last-modified: Mon, 21 Oct 2019 20:13:23 GMT
server: cloudflare
etag: "df893ab92782cedac4da4785df9ec68e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: CED68FA43CA7DB4B
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 537c3bf178cb5a18-VIE
expires: Mon, 18 Nov 2019 19:38:38 GMT

GET
H2 200 utag.1775.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 26 KB
9 KB 13ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1775.js?utv=ut4.43.201911131823
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F7C) /
Resource Hash: 0f4176807e149be9c6cc0e583699fffe630cccb37e57242ce5a7b1f7d63d859d

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
last-modified: Thu, 10 Nov 2016 20:41:55 GMT
server: ECAcc (frc/8F7C)
etag: "1112944691+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 8960
expires: Tue, 03 Dec 2019 19:08:38 GMT

GET
H2 200 utag.277.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
929 B 14ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.277.js?utv=ut4.43.201911131823
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F5A) /
Resource Hash: 0e13cd6845611f0c419398a75b85ba014a7fffb1b9e9575c2e1b4cfefebd0017

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
last-modified: Mon, 11 Jul 2016 20:43:58 GMT
server: ECAcc (frc/8F5A)
etag: "461771432+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 863
expires: Tue, 03 Dec 2019 19:08:38 GMT

GET
H2 200 utag.1772.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
1 KB 8ms
8ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1772.js?utv=ut4.43.201911131823
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FB9) /
Resource Hash: e482ba089d973ca257acfd70b2d7541447d5d333449b106d5c3dffebe322566a

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:37 GMT
content-encoding: gzip
last-modified: Mon, 11 Jul 2016 20:43:58 GMT
server: ECAcc (frc/8FB9)
etag: "4198895974"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 959
expires: Tue, 03 Dec 2019 19:08:37 GMT

GET
H2 200 utag.1796.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 8 KB
3 KB 13ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1796.js?utv=ut4.43.201911131823
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8FE7) /
Resource Hash: 9337d4f2ef8a00759da573e178e302712fec944ac54cfd808f48c526b9816d3b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
last-modified: Mon, 28 Nov 2016 15:09:53 GMT
server: ECAcc (frc/8FE7)
etag: "931235332+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2762
expires: Tue, 03 Dec 2019 19:08:38 GMT

GET
H2 200 utag.1810.js Show response
tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/ 2 KB
1 KB 13ms
13ms Script
text/javascript 152.199.23.241
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1810.js?utv=ut4.43.201911131823
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8EA0) /
Resource Hash: 07178558c596bc2fe33d99750a349d5413fa4571fc778cefbe4f4f367404f6d6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
last-modified: Mon, 08 Jul 2019 17:22:10 GMT
server: ECAcc (frc/8EA0)
etag: "4274102907+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 988
expires: Tue, 03 Dec 2019 19:08:38 GMT

GET
H/1.1

200
OK

pixel_details.html
www.everestjs.net/static/ Frame 5E0C
Redirect Chain

https://pixel.everesttech.net/4083/gr?ev_gb=0&url=https%3A%2F%2Fwww.everestjs.net%2Fstatic%2Fpixel_details.html%23ecid%3D__EFIMSORGID__%26google%3D__EFGCK__%26gsurfer%3D__EFGSURFER__%26optout%3D__E...
https://www.everestjs.net/static/pixel_details.html

0
0

15ms
13ms

Document
text/html

95.101.203.206
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://www.everestjs.net/static/pixel_details.html
Requested by: Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.203.206 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-101-203-206.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: www.everestjs.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Server: Apache
Last-Modified: Tue, 04 Oct 2011 16:14:21 GMT
ETag: "8623-a6-4ae7b62583140"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=43940
Expires: Tue, 19 Nov 2019 07:20:58 GMT
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Length: 146
Connection: keep-alive

Redirect headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Server: Apache
Set-Cookie: everest_session_v2=XdLsNgAAAP3HbisL; path=/; domain=.everesttech.net everest_g_v2=g_surferid~XdLsNgAAAP3HbisL; path=/; domain=.everesttech.net; expires=Wed, 13-Oct-2021 05:48:38 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://www.everestjs.net/static/pixel_details.html#ecid=__EFIMSORGID__&google=XdLsNgAAAP3HbisL&gsurfer=XdLsNgAAAP3HbisL&optout=0&throttleCookie=&time=20191118190838
Content-Length: 369
Keep-Alive: timeout=15, max=968489
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK Cookie set dest5.html
cbsi.demdex.net/ Frame CDCA 0
0 32ms
31ms Document
text/html 52.212.90.74
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cbsi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.212.90.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-212-90-74.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: cbsi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=49554751265194806380948109555458046013; dextp=477-1-1574104117702|771-1-1574104117803|22052-1-1574104117904|30646-1-1574104118005
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 14 Nov 2019 14:04:33 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=49554751265194806380948109555458046013;Path=/;Domain=.demdex.net;Expires=Sat, 16-May-2020 19:08:38 GMT;Max-Age=15552000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: kCUih08UQIs=
Content-Length: 2764
Connection: keep-alive

GET
H2 200 / Show response
www.zdnet.com/components/breaking-news/xhr/ 1 KB
2 KB 349ms
348ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4ee617e49145819a29be70032bbada0b361d54c4c63178509e99791723c068c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
last-modified: Mon, 18 Nov 2019 18:26:57 GMT
vary: Accept-Encoding, User-Agent
content-length: 503
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQCVVZaCAcTVVJaAQIAUVAAFB9AMQYAZBBZDEtZV0ZaClc9HiBQFg1ZWT1JAFdeQAsPB1lFaAQWVFdYCwgEPV4HTxEaFAQcA1UJUQFNA0xUAQVYVE8VAhxGAFEBAQMFBlJUUVBSWltVVhpOXllYQVY4
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:38 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 067e4da3-a637-4012-b585-3fdb9d2cbb48
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:56:57 GMT

GET
H2 200 image-gallery-modal-e49526b449-rev.js Show response
zdnet1.cbsistatic.com/fly/js/components/ 5 KB
2 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/js/components/image-gallery-modal-e49526b449-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f5b52ad70c5d645388b52d2fadaf8a5311aee9a01436866ab9b3e2c5f02e1c22

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39290
status: 200
strict-transport-security: max-age=31536000
content-length: 1909
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:39:32 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdad74-13d0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 08:13:48 GMT

GET
H2 200 gallery-icinga.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/04/11/df3b1884-1d91-4548-8cd1-49afb3766b48/thumbnail/170x128/ae6284c1b099b0cdd5f5eb2f84e3eb50/ 7 KB
7 KB 9ms
8ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/04/11/df3b1884-1d91-4548-8cd1-49afb3766b48/thumbnail/170x128/ae6284c1b099b0cdd5f5eb2f84e3eb50/gallery-icinga.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

b074efbdeefe1ec32345d926433e18394170f4dfd990880ea56190ed9fcbf2f3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2121256
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 6738
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "12e1b435e5e53888e787d22c1e8d262d"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-java.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/04/11/edeb5b99-76d2-4155-b1a1-1f1a90738b3e/thumbnail/170x128/88b0c2fbbdb9e4bc5a3669cd6720eb03/ 6 KB
6 KB 9ms
8ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/04/11/edeb5b99-76d2-4155-b1a1-1f1a90738b3e/thumbnail/170x128/88b0c2fbbdb9e4bc5a3669cd6720eb03/gallery-java.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d125c6beac955881ed6f2cfd94f776735f863b615dfc681dda0acc4468164741

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2109439
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 6065
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a4df48d0b71376788fee0b92746fd7d5"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-jenkins.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/04/11/8eaafbe2-a8aa-4a5d-8d06-7e73b1919b43/thumbnail/170x128/fbd27988479982e5e98c90aff2660947/ 6 KB
6 KB 9ms
8ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/04/11/8eaafbe2-a8aa-4a5d-8d06-7e73b1919b43/thumbnail/170x128/fbd27988479982e5e98c90aff2660947/gallery-jenkins.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

54ab61c95d518c1e6df231234e3986b878840f4d567199ebe4ab710aa31f01a4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 916700
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 5992
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"569ff987c643b4bedf504efda8f786c2"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-jira.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/04/11/b1938d9f-8b16-42c4-a7df-3c2346c5d053/thumbnail/170x128/ae476017d5e3350ebda6e88151235330/ 9 KB
9 KB 10ms
9ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/r/2019/04/11/b1938d9f-8b16-42c4-a7df-3c2346c5d053/thumbnail/170x128/ae476017d5e3350ebda6e88151235330/gallery-jira.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

73590f0f9306daec633d1ed6b71f0c7f0c75c44d0a32c647c5b1fa4ef65e3393

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7799478
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 9343
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "4e668929edb3bf915e1a3a9d96c3c97e"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gallery-juju.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/04/11/728a5d49-3f4f-4d6c-ac63-f9bbb1635f46/thumbnail/170x128/2dc13856f41b272612f18461d8a7a700/ 6 KB
6 KB 10ms
9ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/hub/i/r/2019/04/11/728a5d49-3f4f-4d6c-ac63-f9bbb1635f46/thumbnail/170x128/2dc13856f41b272612f18461d8a7a700/gallery-juju.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

967a9ab99d9cda43032e6c15718645e1e2670c5c4dd81e00590aede230ef91bf

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7881250
status: 200
content-transfer-encoding: binary
strict-transport-security: max-age=31536000
content-length: 5858
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "4c26774d852f62440fc746ea4cdd57f6"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 disqus-loader-67d4cb8d1a-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 1 KB
956 B 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/disqus-loader-67d4cb8d1a-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d376263f7912434deb05ab9613cf6ea2a9f15f4b82dad68422eb0d5de195669e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 461154
status: 200
strict-transport-security: max-age=31536000
content-length: 643
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:33:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dc97f45-583"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Nov 2019 11:02:43 GMT

GET
H2 200 intel-logo.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/11/12/05139b80-b1fe-419b-8e11-ed72f8d25842/thumbnail/70x53/dadb9fb3f9332bd07e6b9bfad5fe3fb1/ 2 KB
2 KB 9ms
6ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/r/2019/11/12/05139b80-b1fe-419b-8e11-ed72f8d25842/thumbnail/70x53/dadb9fb3f9332bd07e6b9bfad5fe3fb1/intel-logo.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

e652e50a9c06026fc683995cb7f6cbada0817527cdd14db66bf48a37d22e1405

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16581
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 1881
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"af3303f852abeccd793068486a391626"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 istock-robot-hands-typing-on-keyboard.jpg
zdnet4.cbsistatic.com/hub/i/r/2016/07/11/4c25a20b-9b25-4cae-aa3e-a116150d3626/thumbnail/70x53/3c148d2234c1415179b8f05f04c73dae/ 2 KB
2 KB 9ms
6ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2016/07/11/4c25a20b-9b25-4cae-aa3e-a116150d3626/thumbnail/70x53/3c148d2234c1415179b8f05f04c73dae/istock-robot-hands-typing-on-keyboard.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0d5e4dc934211218b91cad4d788c526810f7e9c827f32db1aeeb323143e071f1

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
age: 48181
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 2357
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "d095a94d20dcaf7aa07301948549bede"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 tianfu-cup-results.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/11/17/86782577-1fe4-4786-b71f-81a54ec7b1b5/thumbnail/70x53/ff5007cab5787b86c15ba97b811a3a96/ 1 KB
1 KB 9ms
6ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/r/2019/11/17/86782577-1fe4-4786-b71f-81a54ec7b1b5/thumbnail/70x53/ff5007cab5787b86c15ba97b811a3a96/tianfu-cup-results.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

5eb494aff9ae1727dee6bb67db8ba152f4032d6c7a8ace02aa339bc63f2ff1b3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99093
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 1352
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"81ca0262c82e712e50c580c032d99b60"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 disney-plus.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/11/16/1d36de65-8a6a-49f5-a855-1a1775e5e350/thumbnail/70x53/2454f6261d0bede3e24ae4eb0765500b/ 672 B
673 B 7ms
7ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/11/16/1d36de65-8a6a-49f5-a855-1a1775e5e350/thumbnail/70x53/2454f6261d0bede3e24ae4eb0765500b/disney-plus.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9ea97a974cee9a92985a4736308ca072b489e1315ab66f69b5e84e2b56167fda

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212762
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 598
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"2dea61eed4bceec564a00115c4d21334"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
2 KB 512ms
512ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

857625f2c776ba1d4fa2a3c4d41f8967db5c7d14ac556ce29935d2189d278a15

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding, User-Agent
content-length: 759
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:38 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 43aa7eb9-1afc-4158-b030-945ca4cffb01
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:08:38 GMT

POST
H2 200 / Show response
www.zdnet.com/m3d0s1/xhr/right-rail/ 11 KB
3 KB 486ms
486ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/m3d0s1/xhr/right-rail/

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

757f864235e41462b7404cbe4591f051fc7f138e89008cb6b935ca920db0e997

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding, User-Agent
content-length: 1587
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:38 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 88c72486-3e5d-4a42-a7c3-52c6b71876e6
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 front-door-carousel-56427878d9-rev.js Show response
zdnet1.cbsistatic.com/fly/js/components/ 5 KB
2 KB 6ms
5ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet1.cbsistatic.com/fly/js/components/front-door-carousel-56427878d9-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

5ecc6a93ec2939faa8dbf80084346c7d940f5a2181ee69343810da52902eb92d

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276536
status: 200
strict-transport-security: max-age=31536000
content-length: 1564
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:39:32 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdad74-124a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Nov 2019 14:19:41 GMT

GET
H2 200 regulating-industry.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/11/18/c42877c0-a08f-4093-8543-611443c44088/thumbnail/170x128/9685852679e2d97fcf2b67ceb7a6cf5b/ 11 KB
11 KB 6ms
6ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/11/18/c42877c0-a08f-4093-8543-611443c44088/thumbnail/170x128/9685852679e2d97fcf2b67ceb7a6cf5b/regulating-industry.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

58dd97fee53545eb5931d3a5d4a12e9c193cf3029148e6fabafc083a63c64711

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10348
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 10832
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"6534a8436e907efb0ced99edd8d02435"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 a-man-is-sad-about-a-ransomware-attack.jpg
zdnet3.cbsistatic.com/hub/i/r/2019/10/08/99985586-1732-45b6-9006-2011b5d4faf4/thumbnail/170x128/e14ca14a59ff72e1500884da137eb179/ 10 KB
10 KB 6ms
6ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2019/10/08/99985586-1732-45b6-9006-2011b5d4faf4/thumbnail/170x128/e14ca14a59ff72e1500884da137eb179/a-man-is-sad-about-a-ransomware-attack.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

bed2de9d275aac529be30839c326144d1aabf22049eab4c8fe9d2a65ab07ef44

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14462
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 9661
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"183f50a7700982a3ed18ff6d7a5777bf"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 urban-airship-29ae327ed0-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 1 KB
1 KB 7ms
7ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/urban-airship-29ae327ed0-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

fa33d1db535d783b0baf4e74bdc7ce9e54633f87a03669b2803e567088d64ccb

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514531
status: 200
strict-transport-security: max-age=31536000
content-length: 827
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:33:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dc97f46-514"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Nov 2019 20:13:07 GMT

GET
H2 200 advertisement-d41d8cd98f-rev.js Show response
zdnet2.cbsistatic.com/fly/js/utils/ 0
126 B 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/js/utils/advertisement-d41d8cd98f-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
age: 467167
status: 200
strict-transport-security: max-age=31536000
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:33:40 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5dc97f54-0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Nov 2019 09:22:29 GMT

GET
H2

200

m
secure-us.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp=https%3A//t.co/Wqf77UJbb0&ts=c...
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp=https%3A//t.co/Wqf77UJbb0&ts=c...

44 B
332 B

32ms
32ms

Image
image/gif

52.211.50.74
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp=https%3A//t.co/Wqf77UJbb0&ts=compact&rnd=1574104118082&ja=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.50.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-211-50-74.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:38 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:38 GMT
server: nginx
access-control-allow-origin: *
location: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-304254h&cg=0&cc=1&si=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp=https%3A//t.co/Wqf77UJbb0&ts=compact&rnd=1574104118082&ja=1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status: 302
cache-control: no-cache
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK cs.js Show response
sb.scorecardresearch.com/c2/3005086/ 0
400 B 25ms
7ms Script
application/x-javascript 23.5.97.37
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/c2/3005086/cs.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1775.js?utv=ut4.43.201911131823
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.5.97.37 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-5-97-37.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Apr 2011 23:11:26 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e:1349196464"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=259200
Connection: keep-alive
Content-Length: 20
Expires: Thu, 21 Nov 2019 19:08:38 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005086&ns__t=1574104118083&ns_c=UTF-8&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww....
https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1574104118083&ns_c=UTF-8&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww...

0
248 B

11ms
10ms

Image
text/plain

23.5.97.37
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1574104118083&ns_c=UTF-8&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&c9=https%3A%2F%2Ft.co%2FWqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.5.97.37 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-5-97-37.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=3005086&ns__t=1574104118083&ns_c=UTF-8&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&c9=https%3A%2F%2Ft.co%2FWqf77UJbb0
Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 61 KB
15 KB 47ms
40ms Script
application/javascript 104.17.208.240
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_3xeBFJDuSs0SRW5&Q_LOC=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.277.js?utv=ut4.43.201911131823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b59b2a1b8b73edc1c35d71f24bee56ad3008e4783182eac39be08da425b22d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 580616
cf-polished: origSize=63370
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"f78a-SobotlqMqFr4Xguui1fK4Vc00y8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
cf-ray: 537c3bf21d4ed6d1-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 121 KB
27 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

4e7e803000d58fced9aa75702851ff352110b0ee6590ae62c6020d0bfb02f644

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
content-length: 26792
x-xss-protection: 0
pragma: public
x-fb-debug: +fORn++dlykq1FN9hJUCjTrASHhFmU27bRbo+Fr5mxzZPbf5BlIQkto+e79YkRqT6Op16+pnW7PBQmxYvdVmaw==
x-fb-trip-id: 420120009
date: Mon, 18 Nov 2019 19:08:38 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 cbs_zQTp2H_zdnet.js Show response
cdn-magiclinks.trackonomics.net/client/static/v2/ 95 KB
18 KB 24ms
6ms Script
text/javascript 2600:9000:2156:800:1d:8c8c:47c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/cbs_zQTp2H_zdnet.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1810.js?utv=ut4.43.201911131823
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:800:1d:8c8c:47c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Apache/2.4.34 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.8 /
Resource Hash: 6b58782f772eaeb73d36b47159ed802f146182cf5d8fe4cfd838e6e629e6bd1a

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 01:31:38 GMT
content-encoding: gzip
last-modified: Thu, 10 Oct 2019 06:53:39 GMT
server: Apache/2.4.34 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.8
age: 63372
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
x-amz-cf-pop: FRA50-C1
access-control-allow-origin: *
x-amz-cf-id: NwHam7LY2fufnwZNOIwVx9x11_TtubXNLdRzTP9Qg3IdkOeed8Qs4g==
via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/cbsinteractive-zdnet/ 85 KB
19 KB 24ms
7ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Requested by: Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: obaker.251.1.1-10.28.6 /
Resource Hash: c819bdc0c00ad4c17bb70d283483621c86ebb70aff8e8fd2d28f02b898e4158d

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: LbRTzC14raZoybmSz7jHVgwxywnCO5On
content-encoding: gzip
age: 1338
via: 1.1 varnish
x-cache: HIT
status: 200
date: Mon, 18 Nov 2019 19:08:38 GMT
content-length: 19386
x-amz-id-2: wZVrJl2Fswu1eB25skXbpnvUqhQ+OvsDZU0RFM7kmfopU7MVYsZLNx+/73xRroXQJ1FLexqU+14=
x-served-by: cache-fra19121-FRA
x-from-cache: 1
last-modified: Mon, 18 Nov 2019 12:56:26 UTC
server: obaker.251.1.1-10.28.6
x-timer: S1574104118.108423,VS0,VE1
etag: "f415540a4cdad3f56d8e599ae3b4e3ec533cdbba"
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: C5EAEDDBE96F8114
access-control-allow-origin: *
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 16
x-cache-hits: 1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/r/2019/11/17/86782577-1fe4-4786-b71f-81a54ec7b1b5/thumbnail/70x53/ff5007cab5787b86c15ba97b811a3a96/tianfu-cup-results.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

5eb494aff9ae1727dee6bb67db8ba152f4032d6c7a8ace02aa339bc63f2ff1b3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99093
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 1352
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"81ca0262c82e712e50c580c032d99b60"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet2.cbsistatic.com/hub/i/r/2019/11/12/05139b80-b1fe-419b-8e11-ed72f8d25842/thumbnail/70x53/dadb9fb3f9332bd07e6b9bfad5fe3fb1/intel-logo.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

e652e50a9c06026fc683995cb7f6cbada0817527cdd14db66bf48a37d22e1405

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16581
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 1881
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"af3303f852abeccd793068486a391626"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2016/07/11/4c25a20b-9b25-4cae-aa3e-a116150d3626/thumbnail/70x53/3c148d2234c1415179b8f05f04c73dae/istock-robot-hands-typing-on-keyboard.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0d5e4dc934211218b91cad4d788c526810f7e9c827f32db1aeeb323143e071f1

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
age: 48181
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 2357
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "d095a94d20dcaf7aa07301948549bede"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/11/16/1d36de65-8a6a-49f5-a855-1a1775e5e350/thumbnail/70x53/2454f6261d0bede3e24ae4eb0765500b/disney-plus.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9ea97a974cee9a92985a4736308ca072b489e1315ab66f69b5e84e2b56167fda

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212762
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 598
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"2dea61eed4bceec564a00115c4d21334"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/hub/i/r/2019/11/18/c42877c0-a08f-4093-8543-611443c44088/thumbnail/170x128/9685852679e2d97fcf2b67ceb7a6cf5b/regulating-industry.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

58dd97fee53545eb5931d3a5d4a12e9c193cf3029148e6fabafc083a63c64711

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10348
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 10832
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"6534a8436e907efb0ced99edd8d02435"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/hub/i/r/2019/10/08/99985586-1732-45b6-9006-2011b5d4faf4/thumbnail/170x128/e14ca14a59ff72e1500884da137eb179/a-man-is-sad-about-a-ransomware-attack.jpg

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

bed2de9d275aac529be30839c326144d1aabf22049eab4c8fe9d2a65ab07ef44

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14462
status: 200
content-transfer-encoding: binary
x-image-exists: 1
strict-transport-security: max-age=31536000
content-length: 9661
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"183f50a7700982a3ed18ff6d7a5777bf"
vary: Accept-Image-Webp,Accept-Image-Webv
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK 4083-12969.js Show response
www.everestjs.net/dl/4083/ 484 B
664 B 15ms
14ms Script
application/x-javascript 95.101.203.206
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://www.everestjs.net/dl/4083/4083-12969.js
Requested by: Host: www.everestjs.net
URL: https://www.everestjs.net/static/st.v3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.203.206 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-101-203-206.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1d4d518e1da495fb6d6d8b3d86bba79d7597b61b466e71c45cdb09ed79659c53

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Nov 2013 14:23:10 GMT
Server: Apache
ETag: "4a5a49-1e4-4ec011a776f80"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=25038
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 288
Expires: Tue, 19 Nov 2019 02:05:56 GMT

GET
H/1.1 200
OK v
pixel.everesttech.net/4083/ 128 B
737 B 22ms
21ms Image
image/png 66.117.28.68
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/4083/v?ev___loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ev___ref=https%3A%2F%2Ft.co%2FWqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 66.117.28.68 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Last-Modified: Thu, 28 Mar 2019 09:07:56 GMT
Server: Apache
ETag: "9c3880-80-58523e3d09300"
Vary: X-EF-Forwarded-Proto,Cookie
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=15, max=995323
Content-Length: 128

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/
Redirect Chain

https://cm.everesttech.net/cm
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&url=/1x1&google_hm=WGRMc05nQUFBUDNIYmlzTA
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1x1&google_gid=CAESEP5cD8XCMP-qr357itgYExE&google_cver=1
https://pixel.everesttech.net/1x1

128 B
435 B

15ms
14ms

Image
image/png

66.117.28.68
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 66.117.28.68 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Last-Modified: Thu, 28 Mar 2019 09:07:56 GMT
Server: Apache
ETag: "9c3880-80-58523e3d09300"
Vary: X-EF-Forwarded-Proto
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=995301
Content-Length: 128

Redirect headers

Date: Mon, 18 Nov 2019 19:08:37 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://pixel.everesttech.net/1x1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 ua-sdk.min.js Show response
web-sdk.urbanairship.com/notify/v1/ 78 KB
17 KB 37ms
6ms Script
application/javascript 35.227.208.151
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://web-sdk.urbanairship.com/notify/v1/ua-sdk.min.js
Requested by: Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/js/components/urban-airship-29ae327ed0-rev.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 35.227.208.151 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 151.208.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e59c8c655db8c097ed0067789aeb44ed58f25f8c68a5772bbb3f1fdc18e5e336

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:01 GMT
content-encoding: gzip
x-goog-meta-goog-reserved-file-mtime: 1556302399
age: 37
status: 200
x-guploader-uploadid: AEnB2UraHeK602VblNyapkmM1hK_fyS52gLN6FrXmTxtcaORwn44EQWRkqgD5-cjGMTtLu6wPDNSyKKBaAiejk9EtGIAxDSjhQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 16960
last-modified: Fri, 26 Apr 2019 18:13:21 GMT
server: UploadServer
etag: "251defdc0ecc8a3bad8ae4cf9aab1923"
vary: Accept-Encoding
x-goog-hash: crc32c=A7yEjg==, md5=JR3v3A7MijutiuTPmqsZIw==
x-goog-generation: 1556302401249893
cache-control: public, max-age=300
x-goog-stored-content-length: 16960
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 18 Nov 2019 19:13:01 GMT

GET
H2 200 show-hide-1.0-7dc26ff326-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 2 KB
997 B 7ms
7ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/show-hide-1.0-7dc26ff326-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f92514f4e39c16da9037f964148a09a79419744b77d611860ffc81c86aeace0a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378042
status: 200
strict-transport-security: max-age=31536000
content-length: 710
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Nov 2019 16:40:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcc31f1-7a5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2019 10:07:56 GMT

GET
H2 200 309391486091569 Show response
connect.facebook.net/signals/config/ 349 KB
86 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/309391486091569?v=2.9.13&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

1bd7a7078987d4a536bdb4a5b56faf5099813c2e4ecc8d91cee8c6526ec2f66e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-23=":443"; ma=3600
content-length: 87094
x-xss-protection: 0
pragma: public
x-fb-debug: r9ZxOE/PKNGhf0jwlZ+Sxp1upD64a2i3SREmlK1FYWZ6WXRNt8vjqQ06oWECBISP8jV9OydJaBhiNYLR/eeaQg==
x-fb-trip-id: 420120009
date: Mon, 18 Nov 2019 19:08:38 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 9ms
9ms Script
application/x-javascript 23.5.97.37
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.5.97.37 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-5-97-37.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 901
Expires: Tue, 19 Nov 2019 19:08:38 GMT

GET
H2 200 tr5
cdn.taboola.com/libtrc/ 3 B
78 B 6ms
5ms Image
text/html 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=eof_var
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1574104118.138033,VS0,VE0
x-cache: HIT
content-type: text/html
status: 200
cache-control: private,max-age=14400
x-cache-hits: 0
accept-ranges: bytes
content-length: 3
retry-after: 0
x-served-by: cache-fra19121-FRA

GET
H2 200 load.js Show response
widget.perfectmarket.com/cbsinteractive-zdnet/ 13 KB
5 KB 34ms
6ms Script
application/javascript 151.101.13.181
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/load.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d1eab2e9d5b36e1297db68599d3e9c3df71869a0863fb261972b93e919d7af1

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: rwr9L97XovW8QPypI62jHvd7E2HiNZm2
content-encoding: gzip
age: 101
x-cache: HIT, HIT
status: 200
date: Mon, 18 Nov 2019 19:08:38 GMT
content-length: 4742
x-amz-id-2: LU0pn5scq/NAYKjtycZJrDEZKxrlzRNtWLyyJLyyCf2j68UCPaKuDROovPsbZIOYsQo4J4wtaCc=
x-served-by: cache-lax8626-LAX, cache-fra19140-FRA
last-modified: Thu, 20 Oct 2016 17:48:07 GMT
server: AmazonS3
x-timer: S1574104118.167575,VS0,VE1
etag: "fc0de48a0976cde02ddee0bd49a81832"
vary: Accept-Encoding,,
x-amz-request-id: 4D944FD4C4E6CE12
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 1

GET
H2 200 impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ 417 KB
118 KB 6ms
6ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b282f20434ff6df47d353a7bf41a7465b30c7c5a18ee48a16cc90ee1f097dae7

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: dn6Pf4qZy1FUk4cV7uRTQxrnaqYoNy7J
content-encoding: gzip
age: 114
x-cache: HIT
status: 200
date: Mon, 18 Nov 2019 19:08:38 GMT
x-amz-replication-status: FAILED
content-length: 120246
x-amz-id-2: m+miuwfsDgKXnOzs8WydKbfsSUEEOO6AIVf5TRtC0mTaWrelpb4mwXjIZT/auK/8HmXtKDz3gic=
x-served-by: cache-fra19121-FRA
x-amz-expiration: expiry-date="Thu, 19 Dec 2019 00:00:00 GMT", rule-id="expire-versioned-static"
last-modified: Mon, 18 Nov 2019 09:14:49 GMT
server: AmazonS3
x-timer: S1574104118.139070,VS0,VE0
etag: "a69f4d94ce08eea74b461856f09abf72"
vary: Accept-Encoding
x-amz-request-id: E4CAAA7FE43D73D1
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 99
x-cache-hits: 68

GET
H2

200

/
www.google.de/pagead/1p-user-list/1036174608/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&guid=ON&script=0&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=NuzSXZOdCsyK7_...
https://www.google.com/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=1283520156&crd=&is_vtc=1&random=1513401166
https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=1283520156&crd=&is_vtc=1&random=1513401166&ipr=y

42 B
525 B

57ms
36ms

Image
image/gif

2a00:1450:4001:800::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=1283520156&crd=&is_vtc=1&random=1513401166&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/1036174608/?label=pXjaCJ6m6gcQkIqL7gM&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&random=1283520156&crd=&is_vtc=1&random=1513401166&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pixel
ad.yieldmanager.com/ 0
341 B 122ms
40ms Image
text/plain 2a00:1288:110:c305::a000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldmanager.com/pixel?id=2447099&t=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::a000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK s
pixel.everesttech.net/4083/ 128 B
716 B 26ms
26ms Image
image/png 66.117.28.68
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/4083/s?s=12969
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 66.117.28.68 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Last-Modified: Thu, 28 Mar 2019 09:07:56 GMT
Server: Apache
ETag: "44373b-80-58523e3d09300"
Vary: Cookie
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=15, max=968479
Content-Length: 128

GET
H2 200 /
www.facebook.com/tr/ 44 B
358 B 20ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=309391486091569&ev=PageView&dl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&rl=https%3A%2F%2Ft.co%2FWqf77UJbb0&if=false&ts=1574104118164&sw=1600&sh=1200&v=2.9.13&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1574104118163.304367197&it=1574104118126&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-23=":443"; ma=3600
content-length: 44
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 204
No Content b
sb.scorecardresearch.com/ 0
248 B 7ms
6ms Image
text/plain 23.5.97.37
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1574104118165&ns_c=UTF-8&cv=3.1&c8=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&c7=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&c9=https%3A%2F%2Ft.co%2FWqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.5.97.37 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-5-97-37.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 162 KB
28 KB 661ms
661ms XHR
text/plain 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4324177571648962&correlator=3343486140316610&output=ldjh&impl=fifs&adsid=NT&eid=21062452&vrg=2019111401&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-36&ecs=20191118&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=7x7%7C5x5%2C1x1%2C728x90%7C970x66%7C970x250%2C300x250%7C300x600%7C300x1050%2C320x50%7C11x11%2C300x250%2C300x250%2C641x321%2C728x90%7C970x66%7C970x250%2C371x771&fluid=0%2C0%2C0%2C0%2Cheight%2C0%2C0%2C0%2C0%2C0&ists=256&prev_scp=pos%3Dnav%7C%7Cpos%3Dtop%7Cpos%3Dtop%7Cpos%3Dtop%26strnativekey%3D8ec3a4f3%7Cpos%3Dmiddle%7Cpos%3Dbottom%7Cpos%3Dtop%7Cpos%3Dbottom%7Cpos%3Dtop&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cservers%252Cdeveloper%26tag%3Dweb-hosting%26mfr%3Dgithub%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dnasty-php7-remote-code-execution-bug-exploited-in-the-wild%26env%3Dprod%26firstpg%3D1%26vguid%3D8e177b97-7b58-46f3-80d2-17777e48d0b5%26session%3Db%26subses%3D2&cookie_enabled=1&bc=31&abxe=1&lmt=1574104116&dt=1574104118205&dlt=1574104116394&idt=492&frm=20&biw=1585&bih=1200&oid=3&adxs=-12245933%2C0%2C-12245933%2C-12245933%2C208%2C-12245933%2C-12245933%2C-12245933%2C-12245933%2C-12245933&adys=-12245933%2C87%2C-12245933%2C-12245933%2C1884%2C-12245933%2C-12245933%2C-12245933%2C-12245933%2C-12245933&adks=3913236639%2C4044125036%2C1631367702%2C16222189%2C19405065%2C2393807150%2C291882580%2C109812022%2C4259134807%2C4064396033&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&dssz=90&icsg=0&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x3617%7C1585x0%7C1585x0%7C370x0%7C770x11%7C370x0%7C370x250%7C770x2572%7C1210x0%7C370x0&msz=7x7%7C1585x0%7C688x105%7C300x280%7C770x11%7C300x280%7C300x280%7C641x361%7C728x130%7C371x771&ga_vid=309010395.1574104118&ga_sid=1574104118&ga_hid=1167686901&fws=132%2C4%2C132%2C132%2C4%2C132%2C132%2C132%2C132%2C132&ohw=1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

dbb7b18cd750f4e02338239742a3251bd609ab552e84d415b85e101ec652e72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27989
x-xss-protection: 0
google-lineitem-id: 4745699004,-2,-1,5224845262,4745189935,253246569,241984809,4745327422,-1,4825966980
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239468890,-2,-1,138294594429,138239344157,138271463546,75375443409,138239368367,-1,138247024569
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019111401.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
25 KB 15ms
15ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

19293620368e303e572701f2f16c940806c142dd00dcccb877b16dfcd6f59c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25152
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ 0
0 27ms
6ms Other
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 bcn
www.summerhamster.com/ 43 B
181 B 21ms
6ms Image
image/gif 35.157.160.140
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.summerhamster.com/bcn?fe=1574104118326&y=2.0.1105&elg=801403807&flg=68&x=zzz.cgqhw.frp%2Fduwlfoh%2Fqdvwb-sks7-uhprwh-frgh-hahfxwlrq-exj-hasorlwhg-lq-wkh-zlog%2F&vqwo=1&deo=0&g0=vg%3A%3Aer%2Cxd%3A%3Aqexd%3A%3Aqsu%7Cvg%3A%3Ask%3A%3Aqsk%3A%3Aqsu%7Cgisl%3A%3Alp%2Clqi%2Cqh%3A%3Aqoe%3A%3Aqsu%3A%3Axuo%3D%2F%2Fdg.grxeohfolfn.qhw%2Fggp%2Fdg%2Fpaeafyz%2Fvkj%2Fweacqepyk%2F%3Brug%3D1574104116782%3F%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cddg%2Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.des_re_halvw%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Csu%3A%3Aid%3A%3Aquiv%3A%3Aqsu&hu=0&g2=0%3A%3A0%3A%3A0%3A%3A0%3A%3A0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.160.140 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-160-140.eu-central-1.compute.amazonaws.com
Software: Jetty(9.2.10.v20150310) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status: 200
date: Mon, 18 Nov 2019 19:08:38 GMT
server: Jetty(9.2.10.v20150310)
access-control-allow-origin: *
content-length: 43
access-control-allow-methods: *
content-type: image/gif

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
337 B 61ms
35ms XHR
text/plain 72.247.225.98
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=182823&u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/ls-zdnet.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.98 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 pmk-201618008.1.js Show response
widget.perfectmarket.com/cbsinteractive-zdnet/ 323 KB
89 KB 6ms
6ms Script
application/javascript 151.101.13.181
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f72e8df44e82a8066b16ca8ab2d59f8f9ef21fa52c07d8554972f48b5105f13

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: bVoOWfmxkMrYwv2s6Uu9D96fE._5IBqu
content-encoding: gzip
age: 9467686
x-cache: HIT, HIT
status: 200
date: Mon, 18 Nov 2019 19:08:38 GMT
content-length: 91236
x-amz-id-2: wkFmxY+lOES9rYglfPROKACcfb0gAMeGScvzy6d4PJZomIvyF10zpjVaiULjMUddSJsR0/QeaBo=
x-served-by: cache-lax8648-LAX, cache-fra19140-FRA
last-modified: Thu, 20 Oct 2016 17:47:53 GMT
server: AmazonS3
x-timer: S1574104118.375985,VS0,VE1
etag: "da73fb2066df9f51d08b6688cfb35441"
vary: Accept-Encoding,,
x-amz-request-id: 06F7A8AE5B8106C6
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 1

POST
H/1.1 204
No Content /
364bf6cc.akstat.io/ 0
354 B 174ms
60ms Other
image/gif 2a02:26f0:6c00:181::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://364bf6cc.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 2101
date: Mon, 18 Nov 2019 18:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 18 Nov 2019 20:33:37 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 11ms
11ms Script
application/x-javascript 23.5.97.37
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.5.97.37 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-5-97-37.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 901
Expires: Tue, 19 Nov 2019 19:08:38 GMT

GET
H2 404 tboptevent.html
widget.perfectmarket.com/opt/ Frame E419 0
0 6ms
6ms Document
text/plain 151.101.13.181
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22a%22%3A1%7D%7D
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash

Request headers

:method: GET
:authority: widget.perfectmarket.com
:scheme: https
:path: /opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22a%22%3A1%7D%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 404
server: Varnish
retry-after: 0
accept-ranges: bytes
date: Mon, 18 Nov 2019 19:08:38 GMT
via: 1.1 varnish
x-served-by: cache-fra19140-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1574104118.458588,VS0,VE0
content-length: 0

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
112 B 13ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1167686901&t=pageview&_s=1&dl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&dr=https%3A%2F%2Ft.co%2FWqf77UJbb0&ul=en-us&de=UTF-8&dt=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YAhAAEAB~&jid=404308793&gjid=529610272&cid=309010395.1574104118&tid=UA-33613588-22&_gid=492011402.1574104118&_r=1&cd2=other&z=710217748

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 78 KB
27 KB 21ms
21ms Script
text/javascript 2606:4700::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2415295
status: 200
content-type: text/javascript
content-length: 27746
x-amz-id-2: XaZZfksc5tY2QYKqWg2l9SF0g4tYYLB4/OoiMCVw8qhEZI1HOeFOpmyjOyB6h9h9/hQcx65+CBU=
last-modified: Mon, 21 Oct 2019 20:13:23 GMT
server: cloudflare
etag: "df893ab92782cedac4da4785df9ec68e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: CED68FA43CA7DB4B
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 537c3bf50c455a18-VIE
expires: Mon, 18 Nov 2019 19:38:38 GMT

GET
H2 200 0.5281610744250707
saa.cbsi.com/b/ss/cbsib2bleadgen/1/G.4--NS/ 43 B
228 B 15ms
15ms Image
image/gif 15.188.31.119
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://saa.cbsi.com/b/ss/cbsib2bleadgen/1/G.4--NS/0.5281610744250707?AQB=1&ce=UTF%2D8&events=event66&v0=ftag_cd:LGN22ef1e6&v2=en&v3=desktop&v4=right-rail&v5=zdnet&v10=article&v20=nasty+php7+remote+code+execution+bug+exploited+in+the+wild&v22=content_article&v23=&v24=8e177b97-7b58-46f3-80d2-17777e48d0b5&v30=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&v60=33161585,173725,177458&v64=2150&v69=&c0=D%3Dv0&c2=D%3Dv2&c3=D%3Dv3&c4=D%3Dv4&c5=D%3Dv5&c10=D%3Dv10&c20=D%3Dv20&c22=D%3Dv22&c23=D%3Dv23&c24=D%3Dv24&c30=D%3Dv30&c60=D%3Dv60&c64=D%3Dv64&c69=D%3Dv69&pe=lnk_o&pev2=medusa_impression&vid=201911183-leadgen-zdnet&mid=90240133173074011141898988208131324462&aid=2D535D450507F28B-40000106A0001145&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
x-c: master-1061.Iecc33a.M0-311
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 19 Nov 2019 19:08:38 GMT
server: jag
xserver: anedge-5fc496b8d4-c7pqw
etag: 3380362853739757568-4620141160374110416
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 17 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK e.gif
dw.cbsi.com/levt/ria/ 43 B
369 B 149ms
148ms Image
image/gif 64.30.230.22
CBS Interactive Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dw.cbsi.com/levt/ria/e.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&assettitle=nasty%20php7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild&assettype=content_article&pubdate=2019-10-26%2007%3A00%3A05&viewguid=8e177b97-7b58-46f3-80d2-17777e48d0b5&devicetype=desktop&sitetype=responsive%20web&author=catalin%20cimpanu&authorid=85fd8691-f525-4ea2-a601-af296f629f7f&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&s8=cnetzdnetglobalsite&v23=cnetzdnetglobalsite&v19=article&v17=113c25b6-ec91-11e3-95d2-02911863765e&v20=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&v16=8e177b97-7b58-46f3-80d2-17777e48d0b5&riaevent=impression&comptyp=spot&mapp=medusa_app&objtyp=medusa&eventt=log&v18=security&comp=ucwc&ts=1574104118561&tcset=utf8&im=dsjs&title=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.30.230.22 Fremont, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS: phx2-dw-cbsi-xw-ext-lb.cnet.com
Software: Apache/2.4.25 /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Server: Apache/2.4.25
Vary: *
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=80, max=426
Content-Length: 43
Expires: Fri, 23 Jan 1970 12:12:12 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 42 B
721 B 36ms
36ms XHR
text/javascript 52.214.93.23
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.93.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-93-23.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: a3034942d8067228a20852e62c70926dff828a9ea26cc695026286650322bc29

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
82 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycobSExR1gATNfuIm

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
access-control-allow-origin: https://www.zdnet.com
date: Mon, 18 Nov 2019 19:08:38 GMT
content-type: text/plain
status: 200
access-control-allow-credentials: true
alt-svc: h3-23=":443"; ma=3600
content-length: 0

GET
H2 404 tboptevent.html
widget.perfectmarket.com/opt/ Frame 76C8 0
0 6ms
5ms Document
text/plain 151.101.13.181
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22v%22%3A1%7D%7D
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/cbsinteractive-zdnet/pmk-201618008.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash

Request headers

:method: GET
:authority: widget.perfectmarket.com
:scheme: https
:path: /opt/tboptevent.html?v=2&a=u&d=%7B%22stp%22%3A%7B%22v%22%3A1%7D%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 404
server: Varnish
retry-after: 0
accept-ranges: bytes
date: Mon, 18 Nov 2019 19:08:38 GMT
via: 1.1 varnish
x-served-by: cache-fra19140-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1574104119.709981,VS0,VE0
content-length: 0

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2541 0
0 16ms
16ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRfWgeg_RfhH0EOOdqG8vu2wR3G-jbEqGP4woMQqlyZqWC-mhjU1-IcRexGrYkZFoWM1L7qTokK20JbMOGnqYmzbyFze8uPRZ2VU6HXk16qJnkT0dMAFWadkQX42IXXUdSrIcgJKSWpiToxpp9pjJYhUZU4SwNSUYIRDI2xTxZiSAM8Reab2xHIQy3yLd8sy7B0qwnC6m2CsoNzDwM1jKyOdNo7o00QyvkE61D0ksgYs-KEX-l0l6vOy_ninw14sLd806gHizs&sig=Cg0ArKJSzDVJ59AHhurIEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2541 76 KB
29 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 2541 305 KB
101 KB 43ms
12ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63532
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 78 KB
29 KB 38ms
19ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29338
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ Frame 297D 0
0 6ms
6ms Document
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-36/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3516
date: Mon, 18 Nov 2019 19:03:51 GMT
expires: Tue, 17 Nov 2020 19:03:51 GMT
last-modified: Wed, 16 Oct 2019 15:42:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 287
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame FCA0 0
0 17ms
15ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZYlFsKjYZwxx5bGUWaARjDrATdFA8_GTBSkFTmV5KGdYHACkeJzEF23rQJSdlXfQ69Gk7OzqQI7bm3psXQn_2H02UhCap3xo-BVoHAzC84BfwzdPbYUCo_MnEhOyzTpoH7hUGfOeG5XraMhPkCCxE48DRUB_i0GmC1KkDgG6uuKpanOCXewkB42npMenyvMDpQYGO2CtP-62uE858ci-Y93e6F37IUNiMSEZEy61pc5MCDw-Bt4aYDc63L6bXrcIcJtzVxuqWQA&sig=Cg0ArKJSzKwrafvh7OPfEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame FCA0 2 KB
2 KB 45ms
12ms Script
application/javascript 72.247.226.173
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=589953&cmp=22988868&plc=260020166&sid=5428035&dvregion=0&unit=300x250
Requested by: Host: t.co
URL: https://t.co/Wqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.173 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-173.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 59bd2b951ddd469df9405293fc085fe6ee3321081421ad01c49d0593940cf9cf

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Jul 2019 13:54:30 GMT
Server: Microsoft-IIS/10.0
ETag: "145b3daa9435d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame FCA0 76 KB
29 KB 27ms
21ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame FCA0 305 KB
101 KB 37ms
12ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63532
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7FEC 0
0 17ms
16ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss3-_dSFyeafGUKwn7mwJMtZRUf1UiNAegDQDZN4oyklTZk8eOLT69Ftj-YXyshXWDH_GqLq2CLi67JjQMGDf0-Qdq7suPiI5knhwOK4njWUvcdT9-xYnVtxxhqs7v12yiHCFnVYoCcJ0GfOQryKlziRegEXNDjBO1rLay6wDecX-VU9ZFqtiLbpeGpuEG7eqwjwAkrfySqoeVJLTlKTIHImX4I4J2VMHwhYG0_KEBtaVks8o68iVM8XMsSZCI8CrkIgUUmxh4-&sig=Cg0ArKJSzKPKbw50ZWBNEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FEC 76 KB
29 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 7FEC 305 KB
101 KB 32ms
12ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63532
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9452 0
0 19ms
18ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuyDu3ZhFXHgpjgDNISfVG-v0iWYc9GVFO5dSDxAVPX_BE8mrOCmfOVJds5s0AMNb5uhQFSuqYjdgwSsVFnRvlFJrYCxZgh07tl2hTgoLbFotbSWNHdeKjxTbdewIw_FD1VJNFuXhyfYWpIHHrE0itAKsIdEKkTOr0JGXOtHx_g3K2yvpQFZ_pRJgxijUvFKicH5vjJS9AXA0sqdh5mmNdqkAwYceEt4DtZOYoO2wRcfruYK81BXM7s6iocU6ojWkyr43I&sig=Cg0ArKJSzI4AXByr7I8kEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK 9818.js Show response
ads.rubiconproject.com/ad/ Frame 9452 26 KB
8 KB 23ms
6ms Script
text/javascript 2.19.38.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/9818.js
Requested by: Host: t.co
URL: https://t.co/Wqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.38.84 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-38-84.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: d02197080b9680999381b5f5337fedd92674e5a1550ddfcc0c70612d3170a5e3

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=9616
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7558
Expires: Mon, 18 Nov 2019 21:48:54 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9452 76 KB
29 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 9452 305 KB
101 KB 29ms
13ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63532
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 58C1 0
0 21ms
18ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGRJkukIP_k9p_KRJuv5bpqrYqyWN7JZu7UJZG5tu4YCDlewA8lPqjGs-ypt3ImRpZ_SJjOoPR8V8SOYUQpy8dZ7RAafNdpmE0tUQ_o9S9-dbrlsZxyVjrTGdEMoKGdzBMmEjJvcim3CUBRnkVx_Dx034UqtxeaRfIdvdb0BEv4wZXXSYK35tsaOgtMPvOKDy-5rJZSINPO8D80ElmFFc9yTAa_BUltvtDO33Gl0O0AJne7jkdSSD09rcdqRcWzJuhOqM&sig=Cg0ArKJSzIaxsWAhCgXnEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK 9818.js Show response
ads.rubiconproject.com/ad/ Frame 58C1 26 KB
8 KB 20ms
6ms Script
text/javascript 2.19.38.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/9818.js
Requested by: Host: t.co
URL: https://t.co/Wqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.38.84 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-38-84.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: d02197080b9680999381b5f5337fedd92674e5a1550ddfcc0c70612d3170a5e3

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=9616
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7558
Expires: Mon, 18 Nov 2019 21:48:54 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 58C1 76 KB
29 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 58C1 305 KB
101 KB 25ms
12ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63532
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame CB19 0
0 18ms
16ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssJ4vK7gC3nMWWzwfBaQPHVxL_3CNy4SEbdhXC_CdKNhS7qILkTJN9LeqVG192z8NDFtPDKVFJsCMMKTm3S_2JVnXuQ9AiL9fXtilMI-Mp85vmeLdZsoSbYEPAGVGL5dbeW6YNb-p0LtRwTmupmK-Qwzeh7DQ5x-zIm5l3_SVkxBclWWGFLKzVIMbv2mghMo5vAHs2eHowq1c5xr2haOSyLZFBehNhCYFSt9fjcjmbaSodQPKRyJAb_pxp2nzmPxn7j0FZxqcZr&sig=Cg0ArKJSzDSpxnfpg8r9EAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:38 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB19 76 KB
29 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame CB19 305 KB
101 KB 23ms
12ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63531
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ Frame D384 0
0 8ms
6ms Document
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-36/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3516
date: Mon, 18 Nov 2019 19:03:51 GMT
expires: Tue, 17 Nov 2020 19:03:51 GMT
last-modified: Wed, 16 Oct 2019 15:42:04 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 287
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0FB6 0
0 60ms
59ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsupCO_aVnZdUgVhxF9h6JceapvKCQNtekYISlG-7F9NET2jRvYuc9fDluYSOowc8oIfzt2aV9Itqz0Ru_YLMBf5CWpYdXMox03AyKbf-J9xT2n5wQFgeHFyxkdw6v43yBKXwXhb6OBw6HHq6KdVpGD-b9YYuPxNCmlgydWCSO8tUFg0pk6y4CE_H9aYRoTLsuY8l9GOae7fK0bH-ZCeH9dXi-X4CL32AJ3CMW_iAw4GNUC4B1Q96X_yo75NMN0qudwn0mEOBEXN&sig=Cg0ArKJSzJFiVIICul-YEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:39 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK adKit.min.js Show response
rev.cbsi.com/common/js/ Frame 0FB6 6 KB
2 KB 176ms
13ms Script
application/x-javascript 72.247.224.248
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://rev.cbsi.com/common/js/adKit.min.js?590432876
Requested by: Host: t.co
URL: https://t.co/Wqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.224.248 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-224-248.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 May 2019 18:29:20 GMT
Server: Apache
ETag: "e524dc608d5c7c30eef57b6ed95dc6a8:1557772160"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2149

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0FB6 76 KB
29 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:38 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 0FB6 305 KB
101 KB 60ms
52ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63531
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H/1.1 200
OK dvbs_src_internal67.js Show response
cdn.doubleverify.com/ Frame FCA0 64 KB
21 KB 12ms
12ms Script
application/javascript 72.247.226.173
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal67.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=589953&cmp=22988868&plc=260020166&sid=5428035&dvregion=0&unit=300x250
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.173 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-173.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 44f035e19ba8a7274d35fd51138771dc809cf46ab8ca3e5507b3750a22131f60

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Jul 2019 13:54:41 GMT
Server: Microsoft-IIS/10.0
ETag: "806681b09435d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 20705

GET
H/1.1 200
OK 283812-15.js Show response
optimized-by.rubiconproject.com/a/9818/59604/ Frame 9452 2 KB
1 KB 143ms
115ms Script
text/javascript 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/9818/59604/283812-15.js?&cb=0.6304977629134461&tk_st=1&rf=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=59604_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/9818.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: add749acfa50866947a808d826a5abade18555345abd1be39f92c22bd4f1107b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=126
Content-Length: 917
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK 283812-15.js Show response
optimized-by.rubiconproject.com/a/9818/59604/ Frame 58C1 2 KB
1 KB 132ms
102ms Script
text/javascript 69.173.144.142
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/9818/59604/283812-15.js?&cb=0.7089397465005776&tk_st=1&rf=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=59604_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/9818.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c5504b653227f75724ffa0c683f89b223b92b675b03b73e888cc1837d5884ffc

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=426
Content-Length: 917
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 n.js Show response
geo.moatads.com/ Frame 2541 93 B
266 B 73ms
30ms Script
text/html 3.9.36.140
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119120&de=525937216521&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=2&cb=0&ym=0&cu=1574104119120&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745699004%3A138239468890&zMoatPS=nav&zMoatPT=article&zMoatW=5&zMoatH=5&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=2134519930&cs=0&callback=MoatSuperV26.gna286580
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.36.140 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-9-36-140.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 83b53332e794515ac85327a8f08c046ee02d7004dd2c30f122ae8c4cdd36cc4e

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
server: TornadoServer/4.5.3
etag: "15020423c06b83daa7e5fab38f08e71b99b4c9bc"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 93

GET
H2 200 n.js Show response
geo.moatads.com/ 91 B
264 B 71ms
29ms Script
text/html 3.9.36.140
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119120&de=525937216521&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=3&cb=0&ym=0&cu=1574104119120&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745699004%3A138239468890&zMoatPS=nav&zMoatPT=article&zMoatW=5&zMoatH=5&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=244349209&cs=0&callback=MoatDataJsonpRequest
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.36.140 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-9-36-140.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 6470e92657d639fa907300d3c1ffcf43dff26ba7d7cebcbad74cf07d43dcf62a

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
server: TornadoServer/4.5.3
etag: "dde0a4d84181536c3328234afeea8d89197e5e17"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 91

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 41ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119120&de=525937216521&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=4&cb=0&ym=0&cu=1574104119120&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745699004%3A138239468890&zMoatPS=nav&zMoatPT=article&zMoatW=5&zMoatH=5&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1131559548&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 n.js Show response
geo.moatads.com/ Frame 7FEC 93 B
266 B 57ms
29ms Script
text/html 3.9.36.140
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119201&de=242643919471&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=7&cb=0&ym=0&cu=1574104119201&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745189935%3A138239344157&zMoatPS=top&zMoatPT=article&zMoatW=11&zMoatH=11&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=11x11&zMoatSZPS=11x11%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1598200907&cs=0&callback=MoatSuperV26.gna479679
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.36.140 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-9-36-140.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 8d6f28aca57aaa289b1cb68f08c6e59e171976304173f40e32ec592a695bfc6f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
server: TornadoServer/4.5.3
etag: "f4f446c1d0d382a01a49b7cc45c9aa212458ad50"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 93

GET
H2 200 n.js Show response
geo.moatads.com/ Frame CB19 92 B
265 B 24ms
24ms Script
text/html 3.9.36.140
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119237&de=753994976260&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=12&cb=0&ym=0&cu=1574104119237&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745327422%3A138239368367&zMoatPS=top&zMoatPT=article&zMoatW=641&zMoatH=321&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=641x321&zMoatSZPS=641x321%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1147264879&cs=0&callback=MoatSuperV26.gna30340
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.36.140 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-9-36-140.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: c3aadbac6b63029767bf6c5bbf744ca6ea2bd55fb8e2c44abae8dcc6954e7027

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
server: TornadoServer/4.5.3
etag: "461a18646a0dcc23d149d56bd1f35bde1786aeb1"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 92

GET
H2 200 json Show response
trc.taboola.com/cbsinteractive-zdnet/trc/3/ 12 KB
5 KB 153ms
150ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/trc/3/json?tim=20%3A08%3A39.275&lti=eof_var&data=%7B%22id%22%3A855%2C%22ii%22%3A%22%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1574104119272%2C%22cv%22%3A%2220191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22pev%22%3A1324%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22e%22%3A%22https%3A%2F%2Ft.co%2FWqf77UJbb0%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1585%2C%22dh%22%3A4826%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22ZDNETarticleDesktop%2FTablet-Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22ZDNETarticleDesktop%2FTablet-Below%20Article%20Thumbnails%22%2C%22cd%22%3A3504.0625%2C%22mw%22%3A770%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22eof_var%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: 28cb972c1f5debce9af4258ea2ea2fcb1233b42328b11a104395b0f219a1faab

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-vcl-time-ms: 140
date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
via: 1.1 varnish
x-served-by: cache-fra19121-FRA
server: nginx
x-timer: S1574104119.286083,VS0,VE140
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1 200
OK bst2tv3.html
cdn3.doubleverify.com/ Frame 412E 0
0 46ms
12ms Document
text/html 72.247.226.173
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal67.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.173 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-173.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=49126
Date: Mon, 18 Nov 2019 19:08:39 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame FCA0 12 KB
5 KB 32ms
12ms Script
text/javascript 213.254.244.13
DoubleVerify

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_817776687439&jsTagObjCallback=__tagObject_callback_817776687439&num=6&ctx=589953&cmp=22988868&plc=260020166&sid=5428035&advid=&adsrv=&unit=300x250&isdvvid=&uid=817776687439&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dup=null&brid=0&brver=&bridua=3&chro=0&hist=2&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=1&htmlmsging=1&aadid=dc8284887766de036d53c81083a36706778d6633&aUrlD=&m1=13&noc=16&fcifrms=20&brh=2&fwc=10&fcl=727&flt=2&fec=1491&vavbkt=4,8,1,23&lvvn=26&ver=117&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5DK5%3F6E%5D4%40%3ETau2CE%3A4%3D6Tau%3F2DEJ%5CA9Af%5CC6%3E%40E6%5C4%4056%5C6I64FE%3A%40%3F%5C3F8%5C6IA%3D%40%3AE65%5C%3A%3F%5CE96%5CH%3A%3D5TauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5DK5%3F6E%5D4%40%3ETar9EEADTbpTauTauHHH%5DK5%3F6E%5D4%40%3EU2%26C%3Dl
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal67.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.254.244.13 , Ireland, ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: de443310c929238cd7d5218a6f52ccd10d33f8406ea52cb40c13d6a93f25e8a0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/17/2019 7:08:39 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame E320 4 KB
2 KB 12ms
12ms Script
application/javascript 72.247.226.173
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: t.co
URL: https://t.co/Wqf77UJbb0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.173 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-173.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=30702
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 0FB6 51 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: rev.cbsi.com
URL: https://rev.cbsi.com/common/js/adKit.min.js?590432876

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e6714e710a44b528d83256bfcf631af84847ae6b456ec21c7aab672e5c32e282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "341 / 101 of 1000 / last-modified: 1574096821"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15662
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 n.js Show response
geo.moatads.com/ Frame 0FB6 93 B
267 B 70ms
70ms Script
text/html 3.9.36.140
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119356&de=645612938396&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=17&cb=0&ym=0&cu=1574104119356&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4825966980%3A138247024569&zMoatPS=top&zMoatPT=article&zMoatW=371&zMoatH=771&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=371x771&zMoatSZPS=371x771%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1410476627&cs=0&callback=MoatSuperV26.gna790741
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.36.140 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-9-36-140.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 87ac409f438261db195c53acc08374c2e5de948f51ba7abc624c9550f561314d

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
server: TornadoServer/4.5.3
etag: "78ba8decba4b15d4f40e41a4fff6f47d3e6b86d2"
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=900
timing-allow-origin: *
content-length: 93

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119201&de=242643919471&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=9&cb=0&ym=0&cu=1574104119201&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745189935%3A138239344157&zMoatPS=top&zMoatPT=article&zMoatW=11&zMoatH=11&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=11x11&zMoatSZPS=11x11%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=2120770355&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 58C1 78 KB
29 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/9818/59604/283812-15.js?&cb=0.7089397465005776&tk_st=1&rf=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=59604_15&rp_secure=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

01d8dc9b1537cab815f3e216f469223d432ffd3681ec538fd1f8abb1d423893f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29225
x-xss-protection: 0
server: cafe
etag: 15513925425945155669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK 3e324959-f1d2-4aeb-83af-903fc4c4b82c
beacon-eu2.rubiconproject.com/beacon/d/ Frame 58C1 43 B
268 B 94ms
17ms Image
image/webp 69.173.144.154
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/3e324959-f1d2-4aeb-83af-903fc4c4b82c?oo=51&accountId=9818&siteId=59604&zoneId=283812&sizeId=15&e=6A1E40E384DA563BE1F26EEC41CF8D1B6147901C7BE73FB2D85932FAF835E645E20C30020C60260CD698A81705AEAADCE4A9AFA6E089EF84F9DCC0804115DF7E66E0A9E61E5858A73570ECD3831C9446AC237D6FA0EBFC9A6240B348FC26EBCF349C7F93FE7A61D883009FDB9DE7981633F8630F2FDB6069
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.154 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Cache-Control: private, max-age=0, no-cache
Expires: 01 Jan 1970 10:00:00 GMT
Server: Rubicon Project
Content-Length: 43
Content-Type: image/webp

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 9452 78 KB
29 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/9818/59604/283812-15.js?&cb=0.6304977629134461&tk_st=1&rf=https%3A//www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=59604_15&rp_secure=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

01d8dc9b1537cab815f3e216f469223d432ffd3681ec538fd1f8abb1d423893f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29225
x-xss-protection: 0
server: cafe
etag: 15513925425945155669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK ee1349f0-c628-427e-b2a9-2b669a9778fe
beacon-eu2.rubiconproject.com/beacon/d/ Frame 9452 43 B
268 B 89ms
17ms Image
image/webp 69.173.144.154
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/ee1349f0-c628-427e-b2a9-2b669a9778fe?oo=51&accountId=9818&siteId=59604&zoneId=283812&sizeId=15&e=6A1E40E384DA563B5E67B0BA273EC69F6CA730608EEDFDFD00FF74C2217A1E9547F68C77F19268F1266D9C6C9DB99C08E4A9AFA6E089EF8454575FAF3AA403BE33BF468719279BA63A7D0F4B29A162671C45189F33B502F0956270D897C40F9B25A6B82D54B2825490E385F9572B9DD5BB4F33CDE214CF90
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.154 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Cache-Control: private, max-age=0, no-cache
Expires: 01 Jan 1970 10:00:00 GMT
Server: Rubicon Project
Content-Length: 43
Content-Type: image/webp

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame FCA0 807 B
1 KB 30ms
7ms Image
image/gif 213.254.244.19
DoubleVerify

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=d217ac2c03584d25911959588cefa013&vfdur=33&cbust=1574104119391852
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.254.244.19 , Ireland, ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/17/2019 7:08:39 PM

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame FCA0 807 B
1 KB 32ms
8ms Image
image/gif 213.254.244.19
DoubleVerify

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=d217ac2c03584d25911959588cefa013&pltfrm=Linux%20x86_64&dvp_acibv=&dvp_ndp_sow=1600&dvp_ndp_soh=1200&dvp_ndp1=24&dvp_ndp3=9.7&dvp_ndp4=NA&dvp_ndp5=0&dvp_ndp6=false&dvp_acifd=1&dvp_lngs=en-US&dvp_utzh=-60&dvp_utzn=Europe%252FBerlin&dvp_mref=t.co&dvp_acc=153&dvp_acl=559578&dvp_acwe=0&dvp_vpos=1585-1200-1&dvp_acpdr=3049&dvp_acpdt=1&dvp_acprc=0&bsigr=1&cbust=1574104119399339
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.254.244.19 , Ireland, ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/17/2019 7:08:39 PM

GET
DATA 200
OK truncated
/ Frame FCA0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9a9adae6e4bee3537cf76364da27add5324575b9b9f87a21e4c675e2c852137

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 50ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=5&fi=1&apd=9&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29274369&L2id=2595170800&L3id=5224845262&L4id=138294594429&S1id=23605329&S2id=23619609&ord=1574104119410&r=634825987428&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=top&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 50ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=5&fi=1&apd=9&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29274369&L2id=2595170800&L3id=5224845262&L4id=138294594429&S1id=23605329&S2id=23619609&ord=1574104119410&r=634825987428&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=top&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 50ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=5&fi=1&apd=9&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29274369&L2id=2595170800&L3id=5224845262&L4id=138294594429&S1id=23605329&S2id=23619609&ord=1574104119410&r=634825987428&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=top&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame FCA0 807 B
1 KB 24ms
8ms Image
image/gif 213.254.244.19
DoubleVerify

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=d217ac2c03584d25911959588cefa013&dvp_or1=1&cbust=1574104119444874
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.254.244.19 , Ireland, ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/17/2019 7:08:39 PM

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame FCA0 807 B
1 KB 22ms
7ms Image
image/gif 213.254.244.19
DoubleVerify

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=d217ac2c03584d25911959588cefa013&dvp_or2=1&cbust=1574104119445292
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.254.244.19 , Ireland, ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/17/2019 7:08:39 PM

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame FCA0 807 B
1 KB 25ms
11ms Image
image/gif 213.254.244.19
DoubleVerify

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=d217ac2c03584d25911959588cefa013&dvp_dvcs=&cbust=1574104119448759
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.254.244.19 , Ireland, ASN36062 (DOUBLE-VERIFY - DoubleVerify, Inc., US),
Reverse DNS
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:38 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 11/17/2019 7:08:39 PM

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0FB6 109 B
171 B 18ms
18ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0FB6 109 B
171 B 21ms
21ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2019111401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 0FB6 159 KB
58 KB 18ms
17ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

7aee25147e91ea27917ac5cfd8ea30fdcae0e6b1072e51a1d644dafb76ab5c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 59644
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 15ms
14ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119237&de=753994976260&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=14&cb=0&ym=0&cu=1574104119237&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745327422%3A138239368367&zMoatPS=top&zMoatPT=article&zMoatW=641&zMoatH=321&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=641x321&zMoatSZPS=641x321%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1809946263&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 58C1 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 58C1 109 B
171 B 16ms
16ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/ Frame 58C1 242 KB
89 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

d7c3238b2195fb180a902a65cbe1fbb8f174f042f9df4a0f31dc60ebadef26f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 90810
x-xss-protection: 0
server: cafe
etag: 587599329212413762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20191112/r20190131/ Frame CFBC 0
0 6ms
5ms Document
text/html 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20191112/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20191112/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUkk_Aoi8TTk_J7MXJHAOAgXpPc4FJE9rnY_kD2nLwuEQveR08B5mgQHHkqt; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Tue, 12 Nov 2019 15:12:21 GMT
expires: Tue, 26 Nov 2019 15:12:21 GMT
content-type: text/html; charset=UTF-8
etag: 17893446177683960593
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 7725
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 532578
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame E17E 0
0 25ms
9ms Document
text/html 23.37.55.184
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 14 Nov 2019 18:59:50 GMT
Content-Encoding: gzip
Content-Length: 7456
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=80448
Expires: Tue, 19 Nov 2019 17:29:27 GMT
Date: Mon, 18 Nov 2019 19:08:39 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 58C1 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c72da1449dd9a75292e00ddd2a8f3e4f3021914e442d80536e850ceefb40b643

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 23ms
22ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=4&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=241984809&L4id=75375443409&S1id=23605329&S2id=23619609&ord=1574104119485&r=755892717634&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=bottom&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=4&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=241984809&L4id=75375443409&S1id=23605329&S2id=23619609&ord=1574104119485&r=755892717634&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=bottom&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9452 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9452 109 B
171 B 16ms
16ms Script
application/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/ Frame 9452 242 KB
89 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

d7c3238b2195fb180a902a65cbe1fbb8f174f042f9df4a0f31dc60ebadef26f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 90810
x-xss-protection: 0
server: cafe
etag: 587599329212413762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 6A0B 0
0 11ms
10ms Document
text/html 23.37.55.184
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 14 Nov 2019 18:59:50 GMT
Content-Encoding: gzip
Content-Length: 7456
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=80448
Expires: Tue, 19 Nov 2019 17:29:27 GMT
Date: Mon, 18 Nov 2019 19:08:39 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 9452 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a1876194ae901a5aada71334addb72d0b1ed2b10f4971c33bc62484640ac656

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=253246569&L4id=138271463546&S1id=23605329&S2id=23619609&ord=1574104119510&r=228238791066&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=middle&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=253246569&L4id=138271463546&S1id=23605329&S2id=23619609&ord=1574104119510&r=228238791066&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=middle&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 userx.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.es6.js Show response
cdn.taboola.com/libtrc/ 22 KB
8 KB 6ms
6ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/cbsinteractive-zdnet/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e92203fac7e350300a972fe8b3366526e36209aabaf469341fafeae8d704e78c

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: 9vxtmWhhUCINoa.nCp9n0gO8iD7AaVV3
content-encoding: gzip
age: 107
x-cache: HIT
status: 200
date: Mon, 18 Nov 2019 19:08:39 GMT
x-amz-replication-status: FAILED
content-length: 7766
x-amz-id-2: LLr8RjNO2bmlhpBEf8JIdqrRgkvMGgcAlNeYHvILjr5wYB3uGNlwMcGEHXyGtfeB9q+gEa6k8JM=
x-served-by: cache-fra19121-FRA
x-amz-expiration: expiry-date="Thu, 19 Dec 2019 00:00:00 GMT", rule-id="expire-versioned-static"
last-modified: Mon, 18 Nov 2019 09:14:55 GMT
server: AmazonS3
x-timer: S1574104120.541381,VS0,VE0
etag: "c235830c9e7bb6ec37d673c5bb17f46a"
vary: Accept-Encoding
x-amz-request-id: 657C36AFA0AF26A9
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 99
x-cache-hits: 11

GET
H2 204 social
trc.taboola.com/cbsinteractive-zdnet/log/3/ 0
180 B 19ms
18ms Image
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/log/3/social?route=AM:AM:V&lti=eof_var&ri=8ae00cc7d206c8d7be042738ded07c14&sd=v2_3f245f2a4266d349747375c699dfae78_530e577e-ddf3-43ee-8c87-019a4cc9ec05-tuct4cc71b7_1574104119_1574104119_CGoQzro_GOjvqv_nLSABKAEwODib4wlAgooQSJjEF1Cl7BBYAWAA&pi=/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild&wi=5528821542642291652&pt=text&vi=1574104119272&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A2%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A2%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22widget%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%22%2C%22rref%22%3A%22https%3A%2F%2Ft.co%2FWqf77UJbb0%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22%22%2C%22sec%22%3A%22%22%2C%22aut%22%3A%22%22%2C%22img%22%3A%22%22%2C%22v%22%3A13%7D%5D%7D&tim=20%3A08%3A39.575&id=4609&llvl=1&cv=20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-vcl-time-ms: 12
date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19121-FRA
pragma: no-cache
server: nginx
x-timer: S1574104120.579519,VS0,VE12
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 social
trc.taboola.com/cbsinteractive-zdnet/log/3/ 0
184 B 22ms
22ms Image
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/log/3/social?route=AM:AM:V&lti=eof_var&ri=8ae00cc7d206c8d7be042738ded07c14&sd=v2_3f245f2a4266d349747375c699dfae78_530e577e-ddf3-43ee-8c87-019a4cc9ec05-tuct4cc71b7_1574104119_1574104119_CGoQzro_GOjvqv_nLSABKAEwODib4wlAgooQSJjEF1Cl7BBYAWAA&pi=/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild&wi=5528821542642291652&pt=text&vi=1574104119272&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22ln%22%3A%22above-fold%22%2C%22lx%22%3A259%2C%22ly%22%3A368%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=20%3A08%3A39.575&id=8482&llvl=1&cv=20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-vcl-time-ms: 16
date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19121-FRA
pragma: no-cache
server: nginx
x-timer: S1574104120.579601,VS0,VE16
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 social
trc.taboola.com/cbsinteractive-zdnet/log/3/ 0
211 B 16ms
15ms Image
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/log/3/social?route=AM:AM:V&lti=eof_var&ri=8ae00cc7d206c8d7be042738ded07c14&sd=v2_3f245f2a4266d349747375c699dfae78_530e577e-ddf3-43ee-8c87-019a4cc9ec05-tuct4cc71b7_1574104119_1574104119_CGoQzro_GOjvqv_nLSABKAEwODib4wlAgooQSJjEF1Cl7BBYAWAA&pi=/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild&wi=5528821542642291652&pt=text&vi=1574104119272&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22ln%22%3A%22above-fold%22%2C%22lx%22%3A361%2C%22ly%22%3A368%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=20%3A08%3A39.575&id=8101&llvl=1&cv=20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-vcl-time-ms: 10
date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19121-FRA
pragma: no-cache
server: nginx
x-timer: S1574104120.579549,VS0,VE10
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H2 204 available Show response
trc.taboola.com/cbsinteractive-zdnet/log/3/ 0
364 B 15ms
15ms XHR
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/log/3/available?route=AM%3AAM%3AV&lti=eof_var
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19121-FRA
pragma: no-cache
server: nginx
x-timer: S1574104120.588170,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 15ms
15ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119356&de=645612938396&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=19&cb=0&ym=0&cu=1574104119356&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4825966980%3A138247024569&zMoatPS=top&zMoatPT=article&zMoatW=371&zMoatH=771&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=371x771&zMoatSZPS=371x771%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=72720473&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 20ba17c8fa82a16667cf543434f726f9.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 12ms
9ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/20ba17c8fa82a16667cf543434f726f9.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 84463a261d88c66954bc078203d2314ab350730b75248848f1ee067e5551c117

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 846457
edge-cache-tag: 580557564626187610525417908558390111434,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Sat, 07 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/20ba17c8fa82a16667cf543434f726f9.jpg
content-length: 12698
x-served-by: cache-fra19142-FRA, cache-fra19121-FRA
last-modified: Wed, 06 Nov 2019 15:36:05 GMT
server: cloudinary
x-timer: S1574104120.601012,VS0,VE1
etag: "548cc65877e40b139bc1e48d05ac1b48"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 3e11117ba7e57a6174abc7e3d89bc70c.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 11 KB
12 KB 10ms
8ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e11117ba7e57a6174abc7e3d89bc70c.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 1a7ab29e9d26f12a409d74a66514606997702d15a676d3503112a52cf635109f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 843435
edge-cache-tag: 346018804539320881254148241124608989757,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Wed, 13 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e11117ba7e57a6174abc7e3d89bc70c.jpg
content-length: 11552
x-served-by: cache-fra19162-FRA, cache-fra19121-FRA
last-modified: Sun, 13 Oct 2019 18:20:43 GMT
server: cloudinary
x-timer: S1574104120.600655,VS0,VE0
etag: "1edd243f553433b08b5f528bec15cc52"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 42

GET
H2 200 564e7c487104d7c83afe8958aa54edb9.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 13 KB
13 KB 12ms
11ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/564e7c487104d7c83afe8958aa54edb9.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 9704097b65c1337c519b52bfcb6a0131d46d7a40450df292877ff99ddf085711

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 22259
edge-cache-tag: 323409953819685471258433082241168166157,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200, 200 OK
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/564e7c487104d7c83afe8958aa54edb9.jpg
content-length: 13011
x-request-id: cbe53b4f7c5b9c8864844ed87d02ee3c
x-served-by: cache-fra19182-FRA, cache-fra19121-FRA
last-modified: Sun, 17 Nov 2019 05:51:12 GMT
server: cloudinary
x-timer: S1574104120.600718,VS0,VE1
etag: "271756ea811e6b22501bd2e697e1a6f5"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 cb086933cc2da1ad77ec5e9ed2e71a56.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 9ms
8ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb086933cc2da1ad77ec5e9ed2e71a56.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: ed5e5703cc5519f66145305677499b6ea6a65a6d629981341e9fca4d2b94aef3

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 1072437
edge-cache-tag: 597466860424052205094521325713342200539,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Wed, 13 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb086933cc2da1ad77ec5e9ed2e71a56.jpg
content-length: 9659
x-served-by: cache-fra19156-FRA, cache-fra19121-FRA
last-modified: Sun, 13 Oct 2019 13:02:50 GMT
server: cloudinary
x-timer: S1574104120.600696,VS0,VE0
etag: "07b3c91234fbebb1a1dd9bff231b1414"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

GET
H2 200 0984fd71fff8405cf55ccea3c3c57ef7.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 10 KB
10 KB 11ms
10ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0984fd71fff8405cf55ccea3c3c57ef7.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: dd056ca6c38f0b52129c6e53275e0c6da333d89d71431156a73551343c2c7c02

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 2180509
edge-cache-tag: 536983513003764719782520834474810490020,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Fri, 08 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0984fd71fff8405cf55ccea3c3c57ef7.jpg
content-length: 9897
x-served-by: cache-fra19133-FRA, cache-fra19121-FRA
last-modified: Tue, 08 Oct 2019 18:20:58 GMT
server: cloudinary
x-timer: S1574104120.601047,VS0,VE1
etag: "4b33f772d91ef38d55b2c163a0a5c375"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 9b2ae9db6f4970454befa94c5d913379.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 8 KB
8 KB 9ms
8ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9b2ae9db6f4970454befa94c5d913379.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 2295889eebe5f34a71ea2c320882592fd2a945453668e4cd3a83c84922c85237

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 631704
edge-cache-tag: 420890493211522144902225681315765296671,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9b2ae9db6f4970454befa94c5d913379.jpg
content-length: 8067
x-served-by: cache-fra19146-FRA, cache-fra19121-FRA
last-modified: Fri, 18 Oct 2019 08:29:11 GMT
server: cloudinary
x-timer: S1574104120.600736,VS0,VE0
etag: "70d85b4d10ed89cc0fa521c332382296"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

GET
H2 200 007.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//blogs.dailylifetech.com/b/xwatch/292/ 6 KB
6 KB 10ms
8ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//blogs.dailylifetech.com/b/xwatch/292/007.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 849262292181fb7d63f6dfeb00ab67d2b81c103ac98454b4602d9632a97ca9c6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 306083
edge-cache-tag: 480330242861460947727549990613302560667,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 16 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//blogs.dailylifetech.com/b/xwatch/292/007.jpg
content-length: 6019
x-served-by: cache-fra19126-FRA, cache-fra19121-FRA
last-modified: Fri, 15 Nov 2019 00:27:18 GMT
server: cloudinary
x-timer: S1574104120.612376,VS0,VE1
etag: "b57ea07d6e6eb2403010e61b36991b2b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 7bf3e316542cb458e8db467fead37cc8.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
9 KB 9ms
7ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7bf3e316542cb458e8db467fead37cc8.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 406df391ba3322a11308f76639a968ffc5d7bd61d5b914cdeab960941ba5f9cf

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 2224664
edge-cache-tag: 581954259131875049737344871753094973831,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7bf3e316542cb458e8db467fead37cc8.jpg
content-length: 8963
x-served-by: cache-fra19149-FRA, cache-fra19121-FRA
last-modified: Fri, 18 Oct 2019 08:13:41 GMT
server: cloudinary
x-timer: S1574104120.612412,VS0,VE0
etag: "6dac3fa438a8ac87a88df7e2820fecb7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 3

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0FB6 29 KB
7 KB 96ms
96ms XHR
text/plain 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1349112896701753&correlator=567252583770377&output=ldjh&impl=fifs&adsid=NT&eid=21063202%2C21064550&vrg=2019111401&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-36&ecs=20191118&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=372x142%2C372x142&prev_scp=env%3Dprod%26session%3Db%26subses%3D2%26ptype%3Darticle%26vguid%3D8e177b97-7b58-46f3-80d2-17777e48d0b5%7Cenv%3Dprod%26session%3Db%26subses%3D2%26ptype%3Darticle%26vguid%3D8e177b97-7b58-46f3-80d2-17777e48d0b5&cookie=ID%3D4657e75213493be6%3AT%3D1574104118%3AS%3DALNI_Mb-JH-tPcGdoaZzKEwLW-tHHxkcPg&cdm=www.zdnet.com&bc=31&lmt=1574104119&dt=1574104119620&dlt=1574104118989&idt=624&frm=23&biw=1585&bih=1200&isw=371&ish=771&oid=3&adxs=-12245933%2C-12245933&adys=-12245933%2C-12245933&adks=3261246841%2C3261246840&ucis=74uso7oashs7%7C5alflx23h0w2&ifi=1&ifk=181396988&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&dssz=17&icsg=43552&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0%7C0x0&msz=0x0%7C0x0&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=58621062&fws=384%2C384&ohw=0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

becd936a4fa06677bf84c090e5b658e881c3f1f03bf52befdf58611e2b2e515c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7104
x-xss-protection: 0
google-lineitem-id: 4746066197,4746066197
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239375180,138239479696
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019111401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 0FB6 64 KB
25 KB 15ms
14ms Script
text/javascript 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

sffe /

Resource Hash

19293620368e303e572701f2f16c940806c142dd00dcccb877b16dfcd6f59c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 14:12:07 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25152
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ Frame 0FB6 0
0 6ms
6ms Other
text/html 2a00:1450:4001:820::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 0633 0
0 315ms
315ms Document
text/html 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1991679624331369&output=html&h=250&slotname=8385808081&adk=418362401&adf=1742708721&w=300&guci=1.2.0.0.2.2.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1574104119461&bpp=18&bdt=489&fdt=174&idt=174&shv=r20191112&cbv=r20190131&saldr=sa&correlator=1891936790509&frm=23&ife=5&pv=2&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=1245090354&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1043&ady=3150&biw=1585&bih=1200&isw=300&ish=250&ifk=881345343&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=4136482211391883&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.87w6ys5k7n14&btvi=1&fsb=1&dtd=187

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1991679624331369&output=html&h=250&slotname=8385808081&adk=418362401&adf=1742708721&w=300&guci=1.2.0.0.2.2.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1574104119461&bpp=18&bdt=489&fdt=174&idt=174&shv=r20191112&cbv=r20190131&saldr=sa&correlator=1891936790509&frm=23&ife=5&pv=2&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=1245090354&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1043&ady=3150&biw=1585&bih=1200&isw=300&ish=250&ifk=881345343&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=4136482211391883&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.87w6ys5k7n14&btvi=1&fsb=1&dtd=187
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUkk_Aoi8TTk_J7MXJHAOAgXpPc4FJE9rnY_kD2nLwuEQveR08B5mgQHHkqt; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 18 Nov 2019 19:08:39 GMT
server: cafe
content-length: 6093
x-xss-protection: 0
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 58C1 78 KB
29 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29338
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
756 B 7ms
7ms Image
image/png 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
age: 26173
x-cache: HIT
status: 200
date: Mon, 18 Nov 2019 19:08:39 GMT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: Vjnfq2okxpLEG/cBVxSfv3DOOCGN7KTpixt29L7DwUhoZL6eRlgDSODZqhfatrYL58q01gaLKf4=
x-served-by: cache-fra19121-FRA
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1574104120.682500,VS0,VE0
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-request-id: F6D91014AAA6CDC4
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 74
x-cache-hits: 39743

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=270&fi=1&apd=274&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29274369&L2id=2595170800&L3id=5224845262&L4id=138294594429&S1id=23605329&S2id=23619609&ord=1574104119410&r=634825987428&t=hdn&os=1&fi2=0&div1=0&ait=133&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=top&zMoatPT=article&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame CEE9 0
0 230ms
230ms Document
text/html 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1991679624331369&output=html&h=250&slotname=8385808081&adk=418362401&adf=1742708726&w=300&guci=1.2.0.0.2.2.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1574104119498&bpp=6&bdt=532&fdt=196&idt=196&shv=r20191112&cbv=r20190131&saldr=sa&correlator=1891936790509&frm=23&ife=5&pv=1&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=792623160&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1043&ady=1573&biw=1585&bih=1200&isw=300&ish=250&ifk=631702996&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=846308062925913&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.aw3hggq3wvcf&btvi=1&fsb=1&dtd=200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1991679624331369&output=html&h=250&slotname=8385808081&adk=418362401&adf=1742708726&w=300&guci=1.2.0.0.2.2.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1574104119498&bpp=6&bdt=532&fdt=196&idt=196&shv=r20191112&cbv=r20190131&saldr=sa&correlator=1891936790509&frm=23&ife=5&pv=1&ga_vid=309010395.1574104118&ga_sid=1574104120&ga_hid=792623160&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1043&ady=1573&biw=1585&bih=1200&isw=300&ish=250&ifk=631702996&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=846308062925913&ref=https%3A%2F%2Ft.co%2FWqf77UJbb0&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.aw3hggq3wvcf&btvi=1&fsb=1&dtd=200
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUkk_Aoi8TTk_J7MXJHAOAgXpPc4FJE9rnY_kD2nLwuEQveR08B5mgQHHkqt; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 18 Nov 2019 19:08:39 GMT
server: cafe
content-length: 23615
x-xss-protection: 0
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9452 78 KB
29 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191112/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29338
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 13ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=23&cb=0&ym=0&cu=1574104119410&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&zMoatPS=top&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=206513501&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/20ba17c8fa82a16667cf543434f726f9.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 84463a261d88c66954bc078203d2314ab350730b75248848f1ee067e5551c117

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 846457
edge-cache-tag: 580557564626187610525417908558390111434,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Sat, 07 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/20ba17c8fa82a16667cf543434f726f9.jpg
content-length: 12698
x-served-by: cache-fra19142-FRA, cache-fra19121-FRA
last-modified: Wed, 06 Nov 2019 15:36:05 GMT
server: cloudinary
x-timer: S1574104120.720020,VS0,VE0
etag: "548cc65877e40b139bc1e48d05ac1b48"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e11117ba7e57a6174abc7e3d89bc70c.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 1a7ab29e9d26f12a409d74a66514606997702d15a676d3503112a52cf635109f

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 843435
edge-cache-tag: 346018804539320881254148241124608989757,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Wed, 13 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e11117ba7e57a6174abc7e3d89bc70c.jpg
content-length: 11552
x-served-by: cache-fra19162-FRA, cache-fra19121-FRA
last-modified: Sun, 13 Oct 2019 18:20:43 GMT
server: cloudinary
x-timer: S1574104120.720853,VS0,VE0
etag: "1edd243f553433b08b5f528bec15cc52"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 43

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/564e7c487104d7c83afe8958aa54edb9.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 9704097b65c1337c519b52bfcb6a0131d46d7a40450df292877ff99ddf085711

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 22259
edge-cache-tag: 323409953819685471258433082241168166157,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200, 200 OK
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/564e7c487104d7c83afe8958aa54edb9.jpg
content-length: 13011
x-request-id: cbe53b4f7c5b9c8864844ed87d02ee3c
x-served-by: cache-fra19182-FRA, cache-fra19121-FRA
last-modified: Sun, 17 Nov 2019 05:51:12 GMT
server: cloudinary
x-timer: S1574104120.720827,VS0,VE0
etag: "271756ea811e6b22501bd2e697e1a6f5"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb086933cc2da1ad77ec5e9ed2e71a56.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: ed5e5703cc5519f66145305677499b6ea6a65a6d629981341e9fca4d2b94aef3

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 1072437
edge-cache-tag: 597466860424052205094521325713342200539,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Wed, 13 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb086933cc2da1ad77ec5e9ed2e71a56.jpg
content-length: 9659
x-served-by: cache-fra19156-FRA, cache-fra19121-FRA
last-modified: Sun, 13 Oct 2019 13:02:50 GMT
server: cloudinary
x-timer: S1574104120.721076,VS0,VE0
etag: "07b3c91234fbebb1a1dd9bff231b1414"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0984fd71fff8405cf55ccea3c3c57ef7.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: dd056ca6c38f0b52129c6e53275e0c6da333d89d71431156a73551343c2c7c02

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 2180509
edge-cache-tag: 536983513003764719782520834474810490020,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Fri, 08 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0984fd71fff8405cf55ccea3c3c57ef7.jpg
content-length: 9897
x-served-by: cache-fra19133-FRA, cache-fra19121-FRA
last-modified: Tue, 08 Oct 2019 18:20:58 GMT
server: cloudinary
x-timer: S1574104120.721060,VS0,VE0
etag: "4b33f772d91ef38d55b2c163a0a5c375"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9b2ae9db6f4970454befa94c5d913379.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 2295889eebe5f34a71ea2c320882592fd2a945453668e4cd3a83c84922c85237

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 631704
edge-cache-tag: 420890493211522144902225681315765296671,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9b2ae9db6f4970454befa94c5d913379.jpg
content-length: 8067
x-served-by: cache-fra19146-FRA, cache-fra19121-FRA
last-modified: Fri, 18 Oct 2019 08:29:11 GMT
server: cloudinary
x-timer: S1574104120.721022,VS0,VE0
etag: "70d85b4d10ed89cc0fa521c332382296"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 3

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 16ms
13ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=230&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=241984809&L4id=75375443409&S1id=23605329&S2id=23619609&ord=1574104119485&r=755892717634&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=bottom&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//blogs.dailylifetech.com/b/xwatch/292/007.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 849262292181fb7d63f6dfeb00ab67d2b81c103ac98454b4602d9632a97ca9c6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 306083
edge-cache-tag: 480330242861460947727549990613302560667,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 16 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//blogs.dailylifetech.com/b/xwatch/292/007.jpg
content-length: 6019
x-served-by: cache-fra19126-FRA, cache-fra19121-FRA
last-modified: Fri, 15 Nov 2019 00:27:18 GMT
server: cloudinary
x-timer: S1574104120.732266,VS0,VE0
etag: "b57ea07d6e6eb2403010e61b36991b2b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7bf3e316542cb458e8db467fead37cc8.jpg
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 406df391ba3322a11308f76639a968ffc5d7bd61d5b914cdeab960941ba5f9cf

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
via: 1.1 varnish, 1.1 varnish
age: 2224664
edge-cache-tag: 581954259131875049737344871753094973831,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7bf3e316542cb458e8db467fead37cc8.jpg
content-length: 8963
x-served-by: cache-fra19149-FRA, cache-fra19121-FRA
last-modified: Fri, 18 Oct 2019 08:13:41 GMT
server: cloudinary
x-timer: S1574104120.732258,VS0,VE0
etag: "6dac3fa438a8ac87a88df7e2820fecb7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 4

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=220&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=253246569&L4id=138271463546&S1id=23605329&S2id=23619609&ord=1574104119510&r=228238791066&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=middle&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0226 0
0 18ms
18ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJIeuAigVtf7zkQWdBC-M-_UiiNroNlMtRi5mjHBFQWr35lwEdlChie6Q6EQz9GWtNWnnreCOjXoEAfiMy8wIOiu9Ih3Uym9FjwXjYU4WO1aZbFQSHN9SHWbW86oGK3UrsnJ4TRTfDTckBwA6wsbgjl2MjmuCfJlpGAWWcRgWTnyw-pOwMfAbuDAEYxXKD0Ok6EqHe_7Nz54UcbKhPzI7f_bTkAEJIU2yiFZGZ1AGByyHpQmCmhrvTq5N1-_5bcWHDZox8cDMw&sig=Cg0ArKJSzH9PDf4vWBzjEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:39 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0226 76 KB
29 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 0226 305 KB
101 KB 12ms
12ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63531
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0FB6 78 KB
29 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29338
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0ED0 0
0 17ms
17ms Fetch
image/gif 172.217.22.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvIjjD3-C3U1YxEESnLb8AYJ4wp9aZIV47KtbzmVR0Py_vcHGnHJrgU6CAO72U2bS8N0Dj3uSNXK24BHYPMVVyWwYn6JwUQ8i8Ck53z3jxfMP55dYrnZvfDVY41JDnrz1B3bDeo51qVGGQDZy9_ZITtTjAMjgCb_sT520UK-cRMm2Pv15BpRAZPM6DTw4xc7-bRKo2DoFkG6m4uMIxbguSde_e8090uy6CkC9nqASLFJizV2DFLOH8hvlKovzr3AofFsKSD4m2E&sig=Cg0ArKJSzDelbIobbLIfEAE&urlfix=1&adurl=

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Nov 2019 19:08:39 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0ED0 76 KB
29 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Wqf77UJbb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1573858490126243"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29138
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/cbsdfp5832910442/ Frame 0ED0 305 KB
101 KB 13ms
13ms Script
application/x-javascript 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111401.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date: Mon, 18 Nov 2019 19:08:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 19:12:57 GMT
Server: AmazonS3
x-amz-request-id: 30DC03B54F322021
ETag: "90057ee6dd9ded5b49509cb6336f58d4"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63531
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103402
x-amz-id-2: BABcjtTWiZb8ZXZZzhdFaRSoVc1XfdvTDc2/ONos6VyNI9TQbFaA+lWWH5F3Pb11kMYw3K3fOcg=

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=https%3A%2F%2Ftps20513.doubleverify.com%2Fbsevent.gif&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=252&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&cu=1574104119410&m=26&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4224&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=99&vx=99%3A-%3A-&as=0&ag=5&an=0&gf=5&gg=0&ix=5&ic=5&ez=1&aj=1&pg=99&pf=0&ib=0&cc=0&bw=5&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=9&cd=0&ah=9&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5dd2ec3361186&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=1624632725&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 102 B
548 B 34ms
34ms XHR
text/javascript 52.214.93.23
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.93.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-93-23.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 7d48a92366a12d0f8185341086861f4ee23aa3383d31408bf227dde2ff41cda6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 102
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 13ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119485&de=755892717634&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=27&cb=0&ym=0&cu=1574104119485&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25299489%3A251370729%3A241984809%3A75375443409&zMoatPS=bottom&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1173630168&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 13ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=https%3A%2F%2Fbeacon-eu2.rubiconproject.com%2Fbeacon%2Fd%2F3e324959-f1d2-4aeb-83af-903fc4c4b82c&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119485&de=755892717634&cu=1574104119485&m=11&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4224&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=0&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4&cd=0&ah=4&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25299489%3A251370729%3A241984809%3A75375443409&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-bottom&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-bottom-5dd2ec3361186&ab=3&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=1481811918&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119510&de=228238791066&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=31&cb=0&ym=0&cu=1574104119510&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25299489%3A251370729%3A253246569%3A138271463546&zMoatPS=middle&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=middle&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20middle&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=322154585&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:39 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:39 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 13ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=https%3A%2F%2Fbeacon-eu2.rubiconproject.com%2Fbeacon%2Fd%2Fee1349f0-c628-427e-b2a9-2b669a9778fe&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119510&de=228238791066&cu=1574104119510&m=9&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4224&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=0&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3&cd=0&ah=3&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25299489%3A251370729%3A253246569%3A138271463546&bo=23605329&bp=23619609&bd=middle&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=middle&zMoatSZPS=300x250%20%7C%20middle&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-middle&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-middle-5dd2ec3361186&ab=3&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-middle&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=28024925&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119794&de=301793393349&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=35&cb=0&ym=0&cu=1574104119794&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4746066197%3A138239375180&zMoatPT=article&zMoatW=372&zMoatH=142&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=372x142&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1519429814&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Ft.co&t=1574104119915&de=752778141432&m=0&ar=45a16fc5efb-clean&iw=c5a7985&q=39&cb=0&ym=0&cu=1574104119915&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4746066197%3A138239479696&zMoatPT=article&zMoatW=372&zMoatH=142&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=372x142&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=171894&na=1621089884&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=252&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&cu=1574104119410&m=1140&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=35&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=99&vx=99%3A99%3A-&as=1&ag=1130&an=5&gi=1&gf=1130&gg=5&ix=1130&ic=1130&ez=1&ck=1130&kw=933&aj=1&pg=99&pf=99&ib=0&cc=1&bw=1130&bx=5&ci=1130&jz=933&dj=1&aa=0&ad=993&cn=0&gk=993&gl=0&ik=993&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=933&cd=9&ah=933&am=9&rf=0&re=1&ft=993&fv=0&fw=993&wb=1&cl=0&at=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=1924124713&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H/1.1 200
OK pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=933&tet=1130&fi=1&apd=1134&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29274369&L2id=2595170800&L3id=5224845262&L4id=138294594429&S1id=23605329&S2id=23619609&ord=1574104119410&r=634825987428&t=iv&os=1&fi2=0&div1=1&ait=993&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatPS=top&zMoatPT=article&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=252&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&cu=1574104119410&m=1142&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=35&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=99&vx=99%3A99%3A-&as=1&ag=1130&an=1130&gi=1&gf=1130&gg=1130&ix=1130&ic=1130&ez=1&ck=1130&kw=933&aj=1&pg=99&pf=99&ib=0&cc=1&bw=1130&bx=1130&ci=1130&jz=933&dj=1&aa=0&ad=993&cn=993&gk=993&gl=993&ik=993&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=933&cd=933&ah=933&am=933&rf=0&re=1&ft=993&fv=993&fw=993&wb=1&cl=0&at=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=143557734&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=252&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&cu=1574104119410&m=1144&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=35&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=99&vx=99%3A99%3A-&as=1&ag=1130&an=1130&gi=1&gf=1130&gg=1130&ix=1130&ic=1130&ez=1&ck=1130&kw=933&aj=1&pg=99&pf=99&ib=0&cc=1&bw=1130&bx=1130&ci=1130&jz=933&dj=1&aa=0&ad=993&cn=993&gk=993&gl=993&ik=993&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=933&cd=933&ah=933&am=933&rf=0&re=1&ft=993&fv=993&fw=993&wb=1&cl=0&at=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=1837604617&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FCA0 42 B
110 B 14ms
14ms Image
image/gif 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstngLgxKGrNHd2KL2O26lPzwyUsKbH0ktTeniPD2Ppi_7njNKpe0PSphg4GMbV1ksUVNnU_e2OalgZn1jblDDnE9Djrm7-MC7RwM29QEvM&sig=Cg0ArKJSzF9bGjXfFUrREAE&adk=16222189&tt=-1&bs=1585%2C1200&mtos=0,1094,1094,1094,1094&tos=0,1094,0,0,0&p=613,1043,865,1343&mcvt=1094&rs=3&ht=0&tfs=181&tls=1275&mc=0.99&lte=1&bas=0&bac=0&met=mue&avms=nio&exg=1&md=2&lm=2&rst=1574104118928&dlt&rpt=518&isd=0&msd=0&ext&imams=1&xdi=0&ps=1585%2C4751&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-3-10-6-9-9-0-0-0&tvt=1270&is=300%2C250&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&r=v&id=osdim&vs=4&uc=10&upc=1&tgt=DIV&cl=1&cec=1&clc=1&cac=1&cd=0x0&itpl=19&v=20191115

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Nov 2019 19:08:40 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=252&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&cu=1574104119410&m=1346&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=35&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=99&vx=99%3A99%3A-&as=1&ag=1337&an=1130&gi=1&gf=1337&gg=1130&ix=1337&ic=1337&ez=1&ck=1130&kw=933&aj=1&pg=99&pf=99&ib=0&cc=1&bw=1337&bx=1130&ci=1130&jz=933&dj=1&aa=1&ad=1200&cn=993&gn=1&gk=1200&gl=993&ik=1200&co=1200&cp=1134&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1134&cd=933&ah=1134&am=933&rf=0&re=1&ft=1200&fv=993&fw=993&wb=1&cl=0&at=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=723254745&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:40 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:40 GMT

GET
H2 200 settings.js Show response
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/variation/var-8bfb225b-f103-49ab-955c-32d3183cf24c/ 7 KB
6 KB 17ms
16ms Script
application/javascript 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/variation/var-8bfb225b-f103-49ab-955c-32d3183cf24c/settings.js?cb=637091106076939970
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 442a7a1c4b2feb2317d01d12c96a3d11b31c1fb417d70473d9edccb6b64a7466

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 18 Nov 2019 19:08:40 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 555KdORum3pe902iaOVsYw==
age: 589857
cf-polished: origSize=7150
status: 200
x-ms-lease-status: unlocked
last-modified: Mon, 11 Nov 2019 23:09:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 698f5d41-001e-0062-62e6-981219000000
expires: Tue, 17 Nov 2020 19:08:40 GMT
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 537c3c03fdc359ee-VIE
cf-bgj: minify

GET
H2 200 lightbox_builder.js Show response
www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/ Frame 8267 202 KB
28 KB 20ms
20ms Script
application/javascript 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox_builder.js?cb=637091106076939970
Requested by: Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99baf84f76d3a9cc29bed4906739b0bcc7f65756e9085de1c7bbc046738fea59

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 18 Nov 2019 19:08:40 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 3A0FVb5o/F+XoEOgjWZYJQ==
age: 590090
cf-polished: origSize=331202
status: 200
x-ms-lease-status: unlocked
last-modified: Mon, 11 Nov 2019 23:10:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-ms-request-id: 5c76892f-401e-0080-30e5-98f66b000000
expires: Tue, 17 Nov 2020 19:08:40 GMT
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
cf-ray: 537c3c040dd059ee-VIE
cf-bgj: minify

GET
H2 200 css
fonts.googleapis.com/ Frame 8267 783 B
440 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/lightbox_builder.js?cb=637091106076939970

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 18 Nov 2019 19:08:41 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 18 Nov 2019 19:08:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 18 Nov 2019 19:08:41 GMT

GET
H2 200 fancybox_sprite.png
cdn.jsdelivr.net/fancybox/2.1.5/ 1 KB
2 KB 7ms
6ms Image
image/png 151.101.114.109
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/fancybox/2.1.5/fancybox_sprite.png

Requested by

Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.109 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

b9d6fddb0988440902fcfc72f371ecfa80ee2eb36073f9eebc17449ee41c886f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
etag: W/"552-F98Z+XYo53vgnDUr8nQl+uokglE"
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
date: Mon, 18 Nov 2019 19:08:41 GMT
accept-ranges: bytes
timing-allow-origin: *
content-length: 1362
x-served-by: cache-ams21020-AMS, cache-hhn4024-HHN

GET
H2 200 1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ Frame 8267 13 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:809::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v14/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2

Requested by

Host: www.lightboxcdn.com
URL: https://www.lightboxcdn.com/vendor/a1583f50-579b-41d0-8c4e-1cd1790d945c/user.js?cb=637091106088383370

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Raleway
Origin: https://www.zdnet.com

Response headers

date: Tue, 12 Nov 2019 11:08:53 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:04 GMT
server: sffe
age: 547188
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13428
x-xss-protection: 0
expires: Wed, 11 Nov 2020 11:08:53 GMT

GET
H2 200 t.gif
www.lightboxcdn.com/z9g/ 35 B
320 B 19ms
19ms Image
image/gif 2606:4700::6810:4ea5
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lightboxcdn.com/z9g/t.gif?c=1574104121592&h=www.zdnet.com&e=i&u=40913&b=193988&v=2544&s=empty
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:4ea5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 18 Nov 2019 19:08:41 GMT
cf-cache-status: HIT
content-md5: KNaBTzCeoon4R8ac+RGUxg==
age: 1512444
cf-polished: status=not_needed
x-ms-meta-cbmodifiedtime: Tue, 26 Feb 2019 00:59:40 GMT
status: 200
content-length: 35
x-ms-lease-status: unlocked
last-modified: Tue, 26 Feb 2019 01:15:02 GMT
server: cloudflare
etag: 0x8D69B87D5A1B25F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
x-ms-request-id: 48b7eafb-401e-010c-457d-f6fd65000000
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 537c3c0809ef59ee-VIE
cf-bgj: imgq:85

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=252&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119410&de=634825987428&cu=1574104119410&m=5172&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=35&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=99&vx=99%3A99%3A-&as=1&ag=5163&an=1337&gi=1&gf=5163&gg=1337&ix=5163&ic=5163&ez=1&ck=1130&kw=933&aj=1&pg=99&pf=99&ib=0&cc=1&bw=5163&bx=1337&ci=1130&jz=933&dj=1&aa=1&ad=5026&cn=1200&gn=1&gk=5026&gl=1200&ik=5026&co=1200&cp=1134&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4966&cd=1134&ah=4966&am=1134&rf=0&re=1&ft=4926&fv=1200&fw=993&wb=2&cl=0&at=0&d=29274369%3A2595170800%3A5224845262%3A138294594429&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=232067563&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:44 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:44 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119485&de=755892717634&cu=1574104119485&m=5309&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=66&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A0%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&cq=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5103&cd=4&ah=5103&am=4&rf=0&re=1&wb=1&cl=0&at=0&d=25299489%3A251370729%3A241984809%3A75375443409&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-bottom&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-bottom-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=1640568907&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:44 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:44 GMT

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
419 B 12ms
12ms Image
image/gif 72.247.226.64
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&qs=1&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRax%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGM%3Dh%2CqkG%24%7Duny3iPSI.%24ki)sV~1HmDkx2KD5pf5%5BG%5BZFZ8R6tbK0pH%23bU%24(9N%2CNJJ)%2CW%2FKo7FY&qp=00000&is=hBBnjB7GsBpBBBPY2CEBsCybBqw776Kqi7gBooCvBOCiCOB6sCqGBgiBBs0fW0glMfcxnBBBkB0BYBny6BsNBmB0ziw7pCr6yC6rO24xXmYyBdfEC2BBBBBjzmBktCP97GBBBGwRmmEBBBBBBBBBBBnaBW35CeFaBBBpx0OFiBBBT5392tavKc5KCdzzFs7nBBBBBBBBRcQyRBBBCpjOBBBBBBBBBTLF6GfC6Jn7O0EYkCBB0IofRfBBPCxB7UBbjtBbBBC0dL9TRhq8K55G96Lo0eIRTzBiqeuSBBBBBB&iv=7&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F&id=1&f=0&j=https%3A%2F%2Ft.co&t=1574104119510&de=228238791066&cu=1574104119510&m=5289&ar=45a16fc5efb-clean&iw=c5a7985&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4751&le=1&lf=0&lg=1&lh=53&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A0%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&cq=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5084&cd=3&ah=5084&am=3&rf=0&re=1&wb=1&cl=0&at=0&d=25299489%3A251370729%3A253246569%3A138271463546&bo=23605329&bp=23619609&bd=middle&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=middle&zMoatSZPS=300x250%20%7C%20middle&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=8e177b97-7b58-46f3-80d2-17777e48d0b5&zMoatSN=b&zMoatCURL=zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild&zMoatDev=Desktop&zMoatSlotId=mpu-middle&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-middle-5dd2ec3361186&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-middle&iq=na&tt=na&tu=&tp=&tc=0&fs=171894&na=132858750&cs=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a72-247-226-64.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:44 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: AkamaiNetStorage
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 18 Nov 2019 19:08:44 GMT

GET
H2 200 / Show response
www.zdnet.com/homepage/xhr/ 250 KB
27 KB 155ms
155ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/homepage/xhr/

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5d2fd858935588f03aab5ff6c0064741fd6e251202eb3a4dcb066c53fd67d3ed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding, User-Agent
content-length: 26875
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 18 Nov 2019 17:52:21 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:48 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 5e2a4790-8bc5-409a-b818-026ecf3b1a28
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:22:21 GMT

GET
H2 200 ring.gif
zdnet3.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/logos/ 16 KB
9 KB 6ms
6ms Image
image/gif 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/logos/ring.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

309e20d540054848c2bee4268a2ec8e37656da9e7d5f8084c6f66f4fd711aed6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32539
status: 200
strict-transport-security: max-age=31536000
content-length: 9039
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:18:33 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd261e9-3f75"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:26 GMT

GET
H2 200 ZDLogoMicroRed-x2.png
zdnet3.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/logos/ 2 KB
2 KB 7ms
7ms Image
image/png 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet3.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/logos/ZDLogoMicroRed-x2.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d6f28c2ecc7e7b603cead026b3febaa53ef60ef1ee17095ccaa5bfd465565e5e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32539
status: 200
strict-transport-security: max-age=31536000
content-length: 1513
x-xss-protection: 1; mode=block
last-modified: Mon, 18 Nov 2019 09:18:33 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dd261e9-6fa"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 10:06:26 GMT

POST
H2 204 perf Show response
trc.taboola.com/cbsinteractive-zdnet/log/3/ 0
403 B 17ms
17ms XHR
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/log/3/perf?route=AM%3AAM%3AV&lti=eof_var
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 11
date: Mon, 18 Nov 2019 19:08:48 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19121-FRA
pragma: no-cache
server: nginx
x-timer: S1574104128.160675,VS0,VE11
content-type: image/gif
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 ZDLogoMicroWhite-x2.png
zdnet4.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/logos/ 2 KB
1 KB 8ms
7ms Image
image/png 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet4.cbsistatic.com/fly/1574068713-fly/bundles/zdnetcss/images/logos/ZDLogoMicroWhite-x2.png

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

d4bf85df37940345c4a0795bcc6556e480751e36f503425c25b1993071e90c9c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zdnet2.cbsistatic.com/fly/1860-fly/css/core/main-7e4e5d35ca-rev.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34628
status: 200
strict-transport-security: max-age=31536000
content-length: 1398
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Nov 2019 19:35:37 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dcdac89-691"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Nov 2019 09:26:44 GMT

GET
H2 200 river-time-ago-f2210a157b-rev.js Show response
zdnet4.cbsistatic.com/fly/js/components/ 753 B
511 B 7ms
7ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet4.cbsistatic.com/fly/js/components/river-time-ago-f2210a157b-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

2d3e9015bb665cc4e62a0aada26a74311bf87ba40e12b896724f447a98e68a89

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386531
status: 200
strict-transport-security: max-age=31536000
content-length: 426
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Nov 2019 16:40:17 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5dcc31f1-2f1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Nov 2019 07:46:36 GMT

GET
H2 200 tr-premium-promo-49ebdaab89-rev.js Show response
zdnet2.cbsistatic.com/fly/js/components/ 461 B
573 B 6ms
5ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet2.cbsistatic.com/fly/js/components/tr-premium-promo-49ebdaab89-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f0c8ad030a90f1ee3cdcd5910587eab25da7bb0ec6f942d979bba4d506b38380

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 545209
status: 200
strict-transport-security: max-age=31536000
content-length: 287
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:33:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5dc97f46-1cd"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Nov 2019 11:41:58 GMT

GET
H2 200 load-more-34f6119ea4-rev.js Show response
zdnet3.cbsistatic.com/fly/js/components/ 5 KB
2 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet3.cbsistatic.com/fly/js/components/load-more-34f6119ea4-rev.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f1f493f2418d851d9c9d5a6522417b0faa8e54fc93255abe5939b309a6e1465e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570337
status: 200
strict-transport-security: max-age=31536000
content-length: 1803
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:33:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dc97f46-12a2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Nov 2019 04:43:10 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
2 KB 348ms
348ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b2357ab2fed3658278dabf0fcf83036768d80d266ea8f6b277fa48a81810a4ec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding, User-Agent
content-length: 760
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:48 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 26a7426d-9f4a-40fe-bfc4-a878c9277a41
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:08:48 GMT

POST
H2 200 / Show response
www.zdnet.com/m3d0s1/xhr/horizontal/ 14 KB
3 KB 851ms
851ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/m3d0s1/xhr/horizontal/

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4244cfa1afe780495286ee026578cb2426c6289a692694c436fa10a473e77397

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding, User-Agent
content-length: 1699
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:49 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 4c7d109d-399d-42ae-9b02-68ddb34f282f
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:08:49 GMT

GET
H2 200 / Show response
www.zdnet.com/components/tr-promo-asset/xhr/ 2 KB
2 KB 149ms
149ms XHR
application/json 2.18.233.143
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/tr-promo-asset/xhr/?topic=0

Requested by

Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1860-fly/js/main.default.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a2-18-233-143.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4624d38bdfda0ef172f6726dbea9802d2e5d427847c24b4364fc701349cda06a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding, User-Agent
content-length: 618
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 18 Nov 2019 18:04:21 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Mon, 18 Nov 2019 19:08:48 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 11c97614-4f4e-4fca-bd7b-b6d0c691bb49
content-type: application/json
access-control-allow-origin: https://www.zdnet.com
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Mon, 18 Nov 2019 19:34:21 GMT

GET
H2 200 load-more-1.0.js Show response
zdnet4.cbsistatic.com/fly/bundles/flyjs/js/components/ 8 KB
3 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://zdnet4.cbsistatic.com/fly/bundles/flyjs/js/components/load-more-1.0.js

Requested by

Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1860-fly/js/libs/require-2.1.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

da52af54b0a90f89c3b6c3482a53119a588e68f99f3cb4d7af0e4460ff8e5016

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 522079
status: 200
strict-transport-security: max-age=31536000
content-length: 2472
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Nov 2019 15:32:15 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5dc97eff-1f51"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Nov 2019 18:07:28 GMT

GET
H2 200 trp-promo-thumb.jpg
zdnet1.cbsistatic.com/fly/bundles/zdnetcss/images/core/ 4 KB
4 KB 28ms
28ms Image
image/jpeg 2a04:4e42:1b::444
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zdnet1.cbsistatic.com/fly/bundles/zdnetcss/images/core/trp-promo-thumb.jpg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

ContentServer /

Resource Hash

41e1b82b530a565f139da63948d96402471dadea6e3e912578cc2de4426bbe41

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5228569
status: 200
strict-transport-security: max-age=31536000
content-length: 3552
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Sep 2019 19:25:47 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: W/"5d8284bb-f53"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Sep 2019 06:45:23 GMT

GET
H2 200 json Show response
trc.taboola.com/cbsinteractive-zdnet/trc/3/ 6 KB
3 KB 247ms
247ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/trc/3/json?tim=20%3A08%3A48.841&lti=eof_var&data=%7B%22id%22%3A386%2C%22ii%22%3A%22%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1574104119272%2C%22cv%22%3A%2220191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F%22%2C%22bv%22%3A%221%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22pev%22%3A1324%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22e%22%3A%22https%3A%2F%2Ft.co%2FWqf77UJbb0%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1585%2C%22dh%22%3A8903%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22ZDNETfront_doorDesktop%2FTablet-Bottom%20Page%20Thumbnails%22%2C%22orig_uip%22%3A%22ZDNETfront_doorDesktop%2FTablet-Bottom%20Page%20Thumbnails%22%2C%22cd%22%3A8348.46875%2C%22mw%22%3A770%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22eof_var%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: 03e1da8a82c9504cda70bfe4731b5d3b1590f938b7a679ff7e285fcaabe5b077

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-vcl-time-ms: 241
date: Mon, 18 Nov 2019 19:08:49 GMT
content-encoding: gzip
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
via: 1.1 varnish
x-served-by: cache-fra19121-FRA
server: nginx
x-timer: S1574104129.845066,VS0,VE241
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H2 204 available Show response
trc.taboola.com/cbsinteractive-zdnet/log/3/ 0
378 B 16ms
16ms XHR
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/cbsinteractive-zdnet/log/3/available?tvi2=-2&route=AM%3AAM%3AV&lti=eof_var
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191118-2_b2-DEV-51317-dynamic-right-rail-hook-for-a-b-test-88e00c0f9cf-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19121-FRA
pragma: no-cache
server: nginx
x-timer: S1574104129.112130,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 aa256e21ddadb5aebca5372c9b890811.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 11 KB
11 KB 6ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/aa256e21ddadb5aebca5372c9b890811.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 7b788dc1c4600de725ef824dceb98a653553aa2f7aaff0c7d95ae5ffa11ff518

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1070213
edge-cache-tag: 615380447888860100939254229799906759220,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Thu, 07 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/aa256e21ddadb5aebca5372c9b890811.jpg
content-length: 10916
x-served-by: cache-fra19158-FRA, cache-fra19121-FRA
last-modified: Mon, 07 Oct 2019 07:07:41 GMT
server: cloudinary
x-timer: S1574104129.112823,VS0,VE0
etag: "e8e8c284904062ebc1f71ad02f89df54"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 3

GET
H2 200 eef7bd86792f7e7a8302e22e6a503e72.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 8 KB
8 KB 6ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eef7bd86792f7e7a8302e22e6a503e72.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: b488a912e3df5e1a0573ea4e2a11de42778648288f729e0f0cb353c28e65cabe

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1140160
edge-cache-tag: 542976626532481735916284987745627223080,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Sun, 10 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eef7bd86792f7e7a8302e22e6a503e72.jpg
content-length: 7963
x-served-by: cache-fra19151-FRA, cache-fra19121-FRA
last-modified: Thu, 10 Oct 2019 10:09:00 GMT
server: cloudinary
x-timer: S1574104129.112781,VS0,VE0
etag: "6ec8af3f40d5311964529fca4e45550b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 3

GET
H2 200 34-1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//trendscatchers.co.uk/wp-content/uploads/2019/06/ 7 KB
8 KB 12ms
12ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//trendscatchers.co.uk/wp-content/uploads/2019/06/34-1.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 6c97b7a62795b30ab8b882ebc5ac5bb06cf0fefbd9f48db5124b48e6b5debcf6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 847763
edge-cache-tag: 607966616053281506167255765641689388569,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Tue, 03 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//trendscatchers.co.uk/wp-content/uploads/2019/06/34-1.jpg
content-length: 7536
x-served-by: cache-fra19120-FRA, cache-fra19121-FRA
last-modified: Sat, 02 Nov 2019 12:23:06 GMT
server: cloudinary
x-timer: S1574104129.113169,VS0,VE5
etag: "2858d58abea12466a55185b9398d9fa1"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 1a1ac15271660f3d945b4904ef437371.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 5 KB
6 KB 7ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1a1ac15271660f3d945b4904ef437371.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 2f179c0918ddb8af28b17040e1822625ffa2635a08e4fa98521d0a95dc9a554b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1192615
edge-cache-tag: 616089906201828448420340560109273106143,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1a1ac15271660f3d945b4904ef437371.jpg
content-length: 5431
x-served-by: cache-fra19142-FRA, cache-fra19121-FRA
last-modified: Fri, 18 Oct 2019 09:09:21 GMT
server: cloudinary
x-timer: S1574104129.113385,VS0,VE1
etag: "033e210ecc99607a94af83829efcf625"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/aa256e21ddadb5aebca5372c9b890811.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 7b788dc1c4600de725ef824dceb98a653553aa2f7aaff0c7d95ae5ffa11ff518

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1070213
edge-cache-tag: 615380447888860100939254229799906759220,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Thu, 07 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/aa256e21ddadb5aebca5372c9b890811.jpg
content-length: 10916
x-served-by: cache-fra19158-FRA, cache-fra19121-FRA
last-modified: Mon, 07 Oct 2019 07:07:41 GMT
server: cloudinary
x-timer: S1574104129.130751,VS0,VE0
etag: "e8e8c284904062ebc1f71ad02f89df54"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eef7bd86792f7e7a8302e22e6a503e72.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: b488a912e3df5e1a0573ea4e2a11de42778648288f729e0f0cb353c28e65cabe

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1140160
edge-cache-tag: 542976626532481735916284987745627223080,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Sun, 10 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/eef7bd86792f7e7a8302e22e6a503e72.jpg
content-length: 7963
x-served-by: cache-fra19151-FRA, cache-fra19121-FRA
last-modified: Thu, 10 Oct 2019 10:09:00 GMT
server: cloudinary
x-timer: S1574104129.131404,VS0,VE0
etag: "6ec8af3f40d5311964529fca4e45550b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//trendscatchers.co.uk/wp-content/uploads/2019/06/34-1.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 6c97b7a62795b30ab8b882ebc5ac5bb06cf0fefbd9f48db5124b48e6b5debcf6

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 847763
edge-cache-tag: 607966616053281506167255765641689388569,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Tue, 03 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//trendscatchers.co.uk/wp-content/uploads/2019/06/34-1.jpg
content-length: 7536
x-served-by: cache-fra19120-FRA, cache-fra19121-FRA
last-modified: Sat, 02 Nov 2019 12:23:06 GMT
server: cloudinary
x-timer: S1574104129.131395,VS0,VE0
etag: "2858d58abea12466a55185b9398d9fa1"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1a1ac15271660f3d945b4904ef437371.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 2f179c0918ddb8af28b17040e1822625ffa2635a08e4fa98521d0a95dc9a554b

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
via: 1.1 varnish, 1.1 varnish
age: 1192615
edge-cache-tag: 616089906201828448420340560109273106143,553231981581714319628150088830979202071,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_184%2Cw_220%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/1a1ac15271660f3d945b4904ef437371.jpg
content-length: 5431
x-served-by: cache-fra19142-FRA, cache-fra19121-FRA
last-modified: Fri, 18 Oct 2019 09:09:21 GMT
server: cloudinary
x-timer: S1574104129.131379,VS0,VE0
etag: "033e210ecc99607a94af83829efcf625"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 78 KB
27 KB 21ms
20ms Script
text/javascript 2606:4700::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:49 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2415306
status: 200
content-type: text/javascript
content-length: 27746
x-amz-id-2: XaZZfksc5tY2QYKqWg2l9SF0g4tYYLB4/OoiMCVw8qhEZI1HOeFOpmyjOyB6h9h9/hQcx65+CBU=
last-modified: Mon, 21 Oct 2019 20:13:23 GMT
server: cloudflare
etag: "df893ab92782cedac4da4785df9ec68e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: CED68FA43CA7DB4B
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 537c3c376d675a18-VIE
expires: Mon, 18 Nov 2019 19:38:49 GMT

GET
H2 200 0.6075241311195465
saa.cbsi.com/b/ss/cbsib2bleadgen/1/G.4--NS/ 43 B
210 B 15ms
14ms Image
image/gif 15.188.31.119
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://saa.cbsi.com/b/ss/cbsib2bleadgen/1/G.4--NS/0.6075241311195465?AQB=1&ce=UTF%2D8&events=event66&v0=ftag_cd:LGN22ef1e6&v2=en&v3=desktop&v4=horizontal&v5=zdnet&v10=article&v20=nasty+php7+remote+code+execution+bug+exploited+in+the+wild&v22=content_article&v23=&v24=8e177b97-7b58-46f3-80d2-17777e48d0b5&v30=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&v60=32877769,33124525,33166899,33161536&v64=2150&v69=&c0=D%3Dv0&c2=D%3Dv2&c3=D%3Dv3&c4=D%3Dv4&c5=D%3Dv5&c10=D%3Dv10&c20=D%3Dv20&c22=D%3Dv22&c23=D%3Dv23&c24=D%3Dv24&c30=D%3Dv30&c60=D%3Dv60&c64=D%3Dv64&c69=D%3Dv69&pe=lnk_o&pev2=medusa_impression&vid=201911183-leadgen-zdnet&mid=90240133173074011141898988208131324462&aid=2D535D450507F28B-40000106A0001145&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date: Mon, 18 Nov 2019 19:08:48 GMT
x-content-type-options: nosniff
x-c: master-1061.Iecc33a.M0-311
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 19 Nov 2019 19:08:49 GMT
server: jag
xserver: anedge-5fc496b8d4-wsnhc
etag: 3380362877362077696-4618278092144842039
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 17 Nov 2019 19:08:49 GMT

GET
H/1.1 200
OK e.gif
dw.cbsi.com/levt/ria/ 43 B
369 B 149ms
149ms Image
image/gif 64.30.230.22
CBS Interactive Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dw.cbsi.com/levt/ria/e.gif?rsid=cnetzdnetglobalsite&sid=2&siteid=2&pagetype=article&assetguid=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&assettitle=nasty%20php7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild&assettype=content_article&pubdate=2019-10-26%2007%3A00%3A05&viewguid=8e177b97-7b58-46f3-80d2-17777e48d0b5&devicetype=desktop&sitetype=responsive%20web&author=catalin%20cimpanu&authorid=85fd8691-f525-4ea2-a601-af296f629f7f&topicguid=113c25b6-ec91-11e3-95d2-02911863765e&topic=security&topicbrcrm=security&s8=cnetzdnetglobalsite&v23=cnetzdnetglobalsite&v19=article&v17=113c25b6-ec91-11e3-95d2-02911863765e&v20=ebcaf87a-f3e7-4ef8-9c99-0818624b7067&v16=8e177b97-7b58-46f3-80d2-17777e48d0b5&riaevent=impression&comptyp=spot&mapp=medusa_app&objtyp=medusa&eventt=log&v18=security&comp=ucwc&ts=1574104129178&tcset=utf8&im=dsjs&title=Nasty%20PHP7%20remote%20code%20execution%20bug%20exploited%20in%20the%20wild%20%7C%20ZDNet&srcurl=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fnasty-php7-remote-code-execution-bug-exploited-in-the-wild%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.30.230.22 Fremont, United States, ASN6623 (CBSI-1 - CBS Interactive Inc., US),
Reverse DNS: phx2-dw-cbsi-xw-ext-lb.cnet.com
Software: Apache/2.4.25 /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Nov 2019 19:08:49 GMT
Server: Apache/2.4.25
Vary: *
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate, no-transform
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=80, max=875
Content-Length: 43
Expires: Fri, 23 Jan 1970 12:12:12 GMT

Verdicts & Comments Add Verdict or Comment

301 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 09:34:16	Name: demdex Value: 49554751265194806380948109555458046013
.zdnet.com/	1970-01-19 05:16:30	Name: upid_661232865 Value: 1
.lightboxcdn.com/	1970-01-22 20:51:04	Name: a1583f50-579b-41d0-8c4e-1cd1790d945c Value: N4Ig-mBGAeDGCuAnRIBcoAOGAuBnNAjAKwDsALAQAwUEkCcAzAGwA0IGAbrAHbaFu58qYuSo16zNp1w8-wtoiQAbNCAAW2bBlyoA9LuwA6WAHtdAdQCOAMxIkAqgClIkSiDZLlq3QENE2AEtYJQBTXW4fXGwATwBaDDUMEljEEIBbE2wQ2NMAE2yQ6BCEQJNuWMh4AHNYwowlEwCs3NiA8uw1bIB3AKVc3XcQJTxCUgpqAlpGVnYvVABtAF0AXzYIGAxUjjRQXJ9ooXmRcfE6MgAOFbWoIo4Q3iFgVfAb2ADc1QYCEIAmXKIQtkCD5YNkyHQfC1IGQfj5Yj4QmdrNQQpRrAQfrFjmJJiQGJRziBlkA__
.zdnet.com/	1970-01-19 05:25:08	Name: RT Value: "sl=1&ss=1574104114955&tt=3049&obo=0&bcn=%2F%2F364bf6cc.akstat.io%2F&sh=1574104118008%3D1%3A0%3A3049&dm=zdnet.com&si=c6f0545c-dadc-4f80-82a1-d125db0255c7&ld=1574104118008"
www.zdnet.com/	1969-12-31 23:59:59	Name: viewGuid Value: 8e177b97-7b58-46f3-80d2-17777e48d0b5
.demdex.net/	1970-01-19 09:34:16	Name: dextp Value: 477-1-1574104117702\|771-1-1574104117803\|22052-1-1574104117904\|30646-1-1574104118005\|121998-1-1574104118107
.zdnet.com/	1970-01-19 14:00:40	Name: utag_main Value: _sn:1$_ss:0$_st:1574105917990$ses_id:1574104116924%3Bexp-session$_pn:1%3Bexp-session$linktag:undefined%3Bexp-session
.zdnet.com/	1970-01-19 05:58:16	Name: aam_uuid Value: 23811679339070275860307210080549980602
.zdnet.com/	1970-01-19 07:24:40	Name: b2b-aam-segments Value: t%3DDeveloper

57 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service pending (GDPR consent not granted): script_indexexchange
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service pending (GDPR consent not granted): script_mpulse
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service pending (GDPR consent not granted): script_sourcepoint
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service pending (GDPR consent not granted): script_gpt
console-api	log	URL: https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/evidon-sitenotice-tag.js(Line 522) Message: dom not ready, setting event
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 767) Message: ADS: queuing nav-ad-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1239) Message: ADS: queuing intromercial-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1281) Message: ADS: queuing leader-plus-top-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service pending (GDPR consent not granted): script_twitterwidgets
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1425) Message: ADS: queuing inpage-video-top-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1435) Message: ADS: queuing sharethrough-top-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1752) Message: ADS: queuing mpu-plus-top-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1856) Message: ADS: queuing dynamic-showcase-top-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 1863) Message: ADS: queuing mpu-middle-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 2101) Message: ADS: queuing mpu-bottom-5dd2ec3361186 for display
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 2118) Message: ADS: queuing leader-plus-bottom-5dd2ec3361186 for display
console-api	log	URL: https://zdnet2.cbsistatic.com/fly/bundles/zdnetjs/js/libs/evidon/evidon-sitenotice-tag.js(Line 524) Message: dom ready, triggering load
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: GDPR consent granted
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent finally granted): script_indexexchange
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent finally granted): script_mpulse
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent finally granted): script_sourcepoint
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent finally granted): script_gpt
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent finally granted): script_twitterwidgets
console-api	log	URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 9) Message: Missing adCookieData!
console-api	log	URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92) Message: zdnet
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_mpulse
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): _injectQueryStringGCP
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_chartbeat
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_ad
console-api	log	URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.1787.js?utv=ut4.43.201911131823(Line 177) Message: Service: sitecatalyst
console-api	log	URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92) Message: zdnet
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_sharebar
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_sharebar
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_taboola
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_async_load
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_urban_airship
console-api	log	URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92) Message: zdnet
console-api	log	(Line 61) Message: blank creative loaded: 138239468890 (5 x 5, pos=nav)
console-api	log	(Line 61) Message: blank creative loaded: 138239344157 (11 x 11, pos=top)
console-api	log	(Line 61) Message: blank creative loaded: 138239368367 (641 x 321, pos=top)
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 164) Message: Dynamic Showcase Center container ::: creative id = 138247024569
console-api	log	(Line 61) Message: blank creative loaded: 138239375180 (372 x 142, pos=)
console-api	log	(Line 61) Message: blank creative loaded: 138239479696 (372 x 142, pos=)
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_taboola
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_async_load
console-api	log	URL: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/(Line 92) Message: Service loading (GDPR consent already granted): script_medusa_recommendation
console-api	log	URL: https://tags.tiqcdn.com/utag/cbsi/zdnetglobalsite/prod/utag.js(Line 92) Message: zdnet

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0211c83c.akstat.io
364bf6cc.akstat.io
ad.doubleclick.net
ad.yieldmanager.com
ads.rubiconproject.com
adservice.google.com
adservice.google.de
api.viglink.com
api1.lightboxcdn.com
as-sec.casalemedia.com
beacon-eu2.rubiconproject.com
beacon.tru.am
c.evidon.com
c.go-mpulse.net
cbsdfp5832910442.s.moatpixel.com
cbsi.demdex.net
cdn-magiclinks.trackonomics.net
cdn.doubleverify.com
cdn.jsdelivr.net
cdn.syndication.twimg.com
cdn.taboola.com
cdn.viglink.com
cdn3.doubleverify.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
dpm.demdex.net
dw.cbsi.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
googleads.g.doubleclick.net
idsync.rlcdn.com
iicbsi-a.akamaihd.net
images.taboola.com
in.ml314.com
js-sec.indexww.com
l.betrad.com
lightboxapi2.azurewebsites.net
match.adsrvr.org
ml314.com
optimized-by.rubiconproject.com
pagead2.googlesyndication.com
pbs.twimg.com
ping.chartbeat.net
pixel.everesttech.net
pixel.mathtag.com
platform.twitter.com
ps.eyeota.net
px.moatads.com
rev.cbsi.com
rtb0.doubleverify.com
saa.cbsi.com
sb.scorecardresearch.com
secure-us.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
static.chartbeat.com
sync.crwdcntrl.net
syndication.twitter.com
t.co
tags.bluekai.com
tags.tiqcdn.com
tpc.googlesyndication.com
tps20513.doubleverify.com
trc.taboola.com
tru.am
urs.zdnet.com
vidtech.cbsinteractive.com
web-sdk.urbanairship.com
widget.perfectmarket.com
www.everestjs.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagservices.com
www.lightboxcdn.com
www.summerhamster.com
www.zdnet.com
z.moatads.com
zd.net
zdnet1.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
zn_3xebfjduss0srw5-cbs.siteintercept.qualtrics.com
104.17.208.240
104.244.42.197
104.244.42.72
15.188.31.119
151.101.114.109
151.101.13.181
151.101.14.133
151.101.14.2
152.199.23.241
172.217.16.130
172.217.21.230
172.217.22.34
172.217.23.98
18.203.144.219
185.33.223.80
2.18.233.143
2.18.233.201
2.19.38.84
2.20.171.216
213.254.244.13
213.254.244.19
23.37.55.184
23.5.97.37
23.67.136.71
23.99.128.52
2600:9000:20eb:7e00:18:1fcd:349:ca21
2600:9000:2156:800:1d:8c8c:47c0:93a1
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::6819:a222
2606:4700:20::6819:a322
2606:4700::6810:4ea5
2606:4700::6810:a40d
2a00:1288:110:c305::a000
2a00:1450:4001:800::2003
2a00:1450:4001:808::200e
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:818::2004
2a00:1450:4001:820::2001
2a00:1450:4001:820::200a
2a00:1450:4001:825::2002
2a01:4a0:1338:28::c38a:ff18
2a02:26f0:6c00:181::11a6
2a02:26f0:6c00:184::11a6
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::444
3.120.224.89
3.9.36.140
3.93.243.95
34.248.158.173
35.157.160.140
35.190.38.167
35.190.72.21
35.227.208.151
52.2.113.48
52.211.50.74
52.212.90.74
52.214.93.23
52.215.98.88
52.73.113.243
54.77.236.71
64.30.230.22
66.117.28.68
66.117.28.86
67.199.248.12
69.173.144.142
69.173.144.154
72.247.224.248
72.247.225.98
72.247.226.173
72.247.226.64
95.101.203.206
01d8dc9b1537cab815f3e216f469223d432ffd3681ec538fd1f8abb1d423893f
0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0
03532814821f169f4c4bc775fc12dc3e79d20d73efcb9a8d278bd8756c6e6ebf
03e1da8a82c9504cda70bfe4731b5d3b1590f938b7a679ff7e285fcaabe5b077
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1
07178558c596bc2fe33d99750a349d5413fa4571fc778cefbe4f4f367404f6d6
0b9028c7ecccf4f31fafcfca176cd6ed38197d7b3d6ea4c107b98af8eecc525b
0bca2eedd443a8b8dfe138e9c9467e6b76de7f60d69495bae8f949e689e9cbf5
0d5e4dc934211218b91cad4d788c526810f7e9c827f32db1aeeb323143e071f1
0dd96e4c2618b847e44b23e56ab9ca48410e53a21d35a5dbed55526d6fdf9cd5
0e13cd6845611f0c419398a75b85ba014a7fffb1b9e9575c2e1b4cfefebd0017
0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f
0f2f503559bf91ee627a5b0d76c76a2db2a45f08671d557e75fc6aa5abda1977
0f4176807e149be9c6cc0e583699fffe630cccb37e57242ce5a7b1f7d63d859d
0f91e664ba993207337dbd5b1ab9f156c5f579d99d9b2e1315706815deadd0ae
10113bad06fefd5698a45480ffaedd421c6e06f9dbd0d1c772b7128bbea0842d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c
19293620368e303e572701f2f16c940806c142dd00dcccb877b16dfcd6f59c6c
1a7ab29e9d26f12a409d74a66514606997702d15a676d3503112a52cf635109f
1bd7a7078987d4a536bdb4a5b56faf5099813c2e4ecc8d91cee8c6526ec2f66e
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9
1d1eab2e9d5b36e1297db68599d3e9c3df71869a0863fb261972b93e919d7af1
1d4d518e1da495fb6d6d8b3d86bba79d7597b61b466e71c45cdb09ed79659c53
1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b
2295889eebe5f34a71ea2c320882592fd2a945453668e4cd3a83c84922c85237
22f71c21eb2309397ddaece26f9c16c1b282969a63ae3dce4aee8f98ff66401e
28cb972c1f5debce9af4258ea2ea2fcb1233b42328b11a104395b0f219a1faab
2b8d8ef7fec86e16424f0c6be7f0471a0c29256e074e1336d92876ddb4bc09ff
2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab
2c5b007faad4d45c5a1432ff314826dc530741524c15e5b6b0df5197ef43eb92
2d3e9015bb665cc4e62a0aada26a74311bf87ba40e12b896724f447a98e68a89
2f179c0918ddb8af28b17040e1822625ffa2635a08e4fa98521d0a95dc9a554b
309e20d540054848c2bee4268a2ec8e37656da9e7d5f8084c6f66f4fd711aed6
3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0
364efc68e57240e144c1334b7b4e77dcac0dc65d71777b38992f6cd8ffc67b73
371678c738b3bbea36b32d7cb5b0b4d14182ee51ac165ae7ae45f6dc78c29a3d
39f0e13a96fd029965b5b5fd3504853b6fe6ded07b4dd8862a0e033be626e655
3a18cc29d89287ebb9fa636217661fa8879a33f91abe2ff4e730fd1065d526c7
3e9f80d09e0f6fa80aae5bc48d6cd6afdac6724ebbd86eef600b710004fc58f4
3fa65e12e469cb726df63956a5dd5513b18213fd1ba59697f7e97f259296ea33
3ff065de0d90b0510727a72c173d05652c30967c5e6561dbf1d82fa077cabb22
406df391ba3322a11308f76639a968ffc5d7bd61d5b914cdeab960941ba5f9cf
41e1b82b530a565f139da63948d96402471dadea6e3e912578cc2de4426bbe41
4244cfa1afe780495286ee026578cb2426c6289a692694c436fa10a473e77397
442a7a1c4b2feb2317d01d12c96a3d11b31c1fb417d70473d9edccb6b64a7466
4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0
44f035e19ba8a7274d35fd51138771dc809cf46ab8ca3e5507b3750a22131f60
458031c1beb286b351738608cbd8513550fb9f1330a80c9b3a31ef43edde2028
45d476cbfef9ea60d8d7defc8bc58124e23b30510fc4cd3e20050524c5f50ecd
4624d38bdfda0ef172f6726dbea9802d2e5d427847c24b4364fc701349cda06a
490e4bfc694eb831ba439b5d5decbe1b488391681ee6424fa439683a4e4dc095
49c2a3cf0f363bf387c06a35a4a4e6c7255799b3776bed55914862136d783028
4b6d022516b48072704aeeb407e2d557568647087feefa57f1b216abcd49c171
4d565f67641c732365c3180ec1e37c7a987825faad3e8632de8a07a9101feedd
4dabcf86a321e132330448c63a36d88816c4f633896650bf2231e0a074d9f0d9
4e7e803000d58fced9aa75702851ff352110b0ee6590ae62c6020d0bfb02f644
4ee617e49145819a29be70032bbada0b361d54c4c63178509e99791723c068c6
4f72e8df44e82a8066b16ca8ab2d59f8f9ef21fa52c07d8554972f48b5105f13
53ff0df84dda8d7b657d34f0b8858744625467aa64243985823abc53f9eb9955
54ab61c95d518c1e6df231234e3986b878840f4d567199ebe4ab710aa31f01a4
56bf23712a69fd442b3f61b0d7060b84e09a35627d52e72d443f078a60dae972
58dd97fee53545eb5931d3a5d4a12e9c193cf3029148e6fabafc083a63c64711
59bd2b951ddd469df9405293fc085fe6ee3321081421ad01c49d0593940cf9cf
5d2fd858935588f03aab5ff6c0064741fd6e251202eb3a4dcb066c53fd67d3ed
5eb494aff9ae1727dee6bb67db8ba152f4032d6c7a8ace02aa339bc63f2ff1b3
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5ecc6a93ec2939faa8dbf80084346c7d940f5a2181ee69343810da52902eb92d
6470e92657d639fa907300d3c1ffcf43dff26ba7d7cebcbad74cf07d43dcf62a
66ef1b7581d8ef7b82bfe2ca363a612a479d89b808e2241f68d3e8c75f4f06d4
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6a1876194ae901a5aada71334addb72d0b1ed2b10f4971c33bc62484640ac656
6b58782f772eaeb73d36b47159ed802f146182cf5d8fe4cfd838e6e629e6bd1a
6c97b7a62795b30ab8b882ebc5ac5bb06cf0fefbd9f48db5124b48e6b5debcf6
6d882ff14a4e92b34ee7447c70342e3fb51fcc83c58bef39834cac4d046b1f1d
6de73873dd441f953668e77030299f082e0f3e6335bf944d88d44978162e6609
723a9ea05d1491d99d5defcd6db01a8c9fb50b583e69889abad120b0a74a2c2a
72d17955a9639827785e752152d5641881e5c9781a5ed2069e871af0f0b5a619
73590f0f9306daec633d1ed6b71f0c7f0c75c44d0a32c647c5b1fa4ef65e3393
757f864235e41462b7404cbe4591f051fc7f138e89008cb6b935ca920db0e997
763fa0bd7eff816d0a5f8c3e4075f9173a5cebf51a1e2c0d1174f841de10b9dd
76d54e3e54e9e510919a16e465341bfa77820a8e10f52b8ccb2064580b4f58c4
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
791b7ff5657f9c41e24adaa1f6f5a4dc51046d292b25b01a5a8d152ff4a951ac
7aee25147e91ea27917ac5cfd8ea30fdcae0e6b1072e51a1d644dafb76ab5c4f
7b7612d5ce5102a59484c4d41bdc0235c9cc3c52141474815da28214770e3504
7b788dc1c4600de725ef824dceb98a653553aa2f7aaff0c7d95ae5ffa11ff518
7c46604c0440be3fd2d6a5e217846cde699e81422afd52625b633bc28cfe3446
7d48a92366a12d0f8185341086861f4ee23aa3383d31408bf227dde2ff41cda6
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
7eae865fd7c820936603897a072b7ddd77b2c74e8022160fd19792291a63fac8
822c9f6d9ea2ebd32d3b9c2185c1513e56930265c0293b5211f8a1ffe83fb503
82bbafe6f10665c303950cee83918e548ed3048f21062fd2b79d00d67a89bd01
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b53332e794515ac85327a8f08c046ee02d7004dd2c30f122ae8c4cdd36cc4e
84463a261d88c66954bc078203d2314ab350730b75248848f1ee067e5551c117
849262292181fb7d63f6dfeb00ab67d2b81c103ac98454b4602d9632a97ca9c6
857625f2c776ba1d4fa2a3c4d41f8967db5c7d14ac556ce29935d2189d278a15
86385663e668c7cd9e9eefe2169e64a1e6bc68c6da5bd3932600dc058cbb8135
87ac409f438261db195c53acc08374c2e5de948f51ba7abc624c9550f561314d
885fb8b9c3d2738bd627def3899f26d4d42641bbb868cc99d1fbc16f0ed9f4c6
8998e68f9bb1686ca1e03fcf3f0d6ea669c32d1f3554aeea809f1b1824ff6625
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d6f28aca57aaa289b1cb68f08c6e59e171976304173f40e32ec592a695bfc6f
926667274b85bf7f1b0c71672b8a67b10b4c661878d2c163a1ecd3c080b5ffc5
93186c254a44cae276e2c5b92fd902fb3d91a52c34d1e5b9aceab13855884401
9337d4f2ef8a00759da573e178e302712fec944ac54cfd808f48c526b9816d3b
967a9ab99d9cda43032e6c15718645e1e2670c5c4dd81e00590aede230ef91bf
9704097b65c1337c519b52bfcb6a0131d46d7a40450df292877ff99ddf085711
98e7b2a59ae1e87cfcb103e140d62403cd47f09581e7a0338661943dce62900f
99baf84f76d3a9cc29bed4906739b0bcc7f65756e9085de1c7bbc046738fea59
9c41ba408efaf3a7a36099370bc814e38b0afd42229fa9e0e6040740620c85c0
9c6af299685617864c257472040f437ef951afec994720a24781931cc3527017
9d6844f9a66630f40b7f8db61d06b303297f1cb7dcaa6853dc354b6ba8a866e5
9db8bd3e641dc88d54edf476a148e75e29b4e8ccd040cb340404d557578dcfbd
9ea97a974cee9a92985a4736308ca072b489e1315ab66f69b5e84e2b56167fda
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a3034942d8067228a20852e62c70926dff828a9ea26cc695026286650322bc29
a5a60f946ae371d211b6b008e616512c1b2419d57c0c0316c3dd164f712ad1de
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad7ed17bf4c8d9dd2511e7254670822d0f90c8fb89187f860cfbcb91821abc84
add749acfa50866947a808d826a5abade18555345abd1be39f92c22bd4f1107b
b074efbdeefe1ec32345d926433e18394170f4dfd990880ea56190ed9fcbf2f3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2357ab2fed3658278dabf0fcf83036768d80d266ea8f6b277fa48a81810a4ec
b282f20434ff6df47d353a7bf41a7465b30c7c5a18ee48a16cc90ee1f097dae7
b2d552c0df8b25867ece11ae83f61fe132599d8307bac5d5ba743b2378d2cb1d
b488a912e3df5e1a0573ea4e2a11de42778648288f729e0f0cb353c28e65cabe
b4a3d1551c7f6d704c039c803f2cb25d93939c4e8082c5d33b3f23caf54ab2b3
b59b2a1b8b73edc1c35d71f24bee56ad3008e4783182eac39be08da425b22d5c
b9d6fddb0988440902fcfc72f371ecfa80ee2eb36073f9eebc17449ee41c886f
ba2fa15976662b87f31dccdd53d415b927f2118760fdafc4ac21dd2c1b234ff3
bd13404866644f19bfd9bb0d8c96f58536885414ba14fcae712da48d22e74631
becd936a4fa06677bf84c090e5b658e881c3f1f03bf52befdf58611e2b2e515c
bed2de9d275aac529be30839c326144d1aabf22049eab4c8fe9d2a65ab07ef44
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4
c3aadbac6b63029767bf6c5bbf744ca6ea2bd55fb8e2c44abae8dcc6954e7027
c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0
c5504b653227f75724ffa0c683f89b223b92b675b03b73e888cc1837d5884ffc
c649aaa88ce29f86caa50dc08e1745c9783e049656ff2d5a93ef813b7f0c662a
c72da1449dd9a75292e00ddd2a8f3e4f3021914e442d80536e850ceefb40b643
c819bdc0c00ad4c17bb70d283483621c86ebb70aff8e8fd2d28f02b898e4158d
caab9bbec165591d5214448b624dae44a3cbc575721ba71da2f7130bbbcbc6dc
cd5e6512fdbb698425174148dba05f72357a3b1944413f8812c55c4025d3d562
cdd64e5652c18bfd813e4c6adfd0d2c030bcf0c4730ac94cb6371e79cfc6f7c0
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d02197080b9680999381b5f5337fedd92674e5a1550ddfcc0c70612d3170a5e3
d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d11ce36e09c1a56a58b2832fa1de8d29ecde3c0b345c8256ec68b0169d2f98dc
d125c6beac955881ed6f2cfd94f776735f863b615dfc681dda0acc4468164741
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41
d376263f7912434deb05ab9613cf6ea2a9f15f4b82dad68422eb0d5de195669e
d4bf85df37940345c4a0795bcc6556e480751e36f503425c25b1993071e90c9c
d696da403b0169c2191d0ec0b0fcdaa85487b21b19fd58f4b1fb5b9edf40b153
d6f28c2ecc7e7b603cead026b3febaa53ef60ef1ee17095ccaa5bfd465565e5e
d7c3238b2195fb180a902a65cbe1fbb8f174f042f9df4a0f31dc60ebadef26f3
da52af54b0a90f89c3b6c3482a53119a588e68f99f3cb4d7af0e4460ff8e5016
dabf73474662398f4f686a1b3103542f53384dd6241e6ac13f8ba535c6372aff
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dbb7b18cd750f4e02338239742a3251bd609ab552e84d415b85e101ec652e72a
dd056ca6c38f0b52129c6e53275e0c6da333d89d71431156a73551343c2c7c02
de443310c929238cd7d5218a6f52ccd10d33f8406ea52cb40c13d6a93f25e8a0
de9ae3ebbd1aa5ea0fa2e03e632507f20dab1b25fac9dc568f6c14263247056c
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
ded8511664e1caedb3aca8750aa6ed4dda5d0e82e4a96ff9bb80716132a45afb
e0b8436d50fb200de76d7a25cf450ea238cd100197f8e9d462e9228153da873f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e482ba089d973ca257acfd70b2d7541447d5d333449b106d5c3dffebe322566a
e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e59c8c655db8c097ed0067789aeb44ed58f25f8c68a5772bbb3f1fdc18e5e336
e5bd32899e67fa7c88b01ccae606bc29b05993bd892756f7c097448e27b47981
e652e50a9c06026fc683995cb7f6cbada0817527cdd14db66bf48a37d22e1405
e6714e710a44b528d83256bfcf631af84847ae6b456ec21c7aab672e5c32e282
e6b1766ed4880584708c3cafa6c5955d593d9c07511ca199d84ad211577160d6
e92203fac7e350300a972fe8b3366526e36209aabaf469341fafeae8d704e78c
e9a9adae6e4bee3537cf76364da27add5324575b9b9f87a21e4c675e2c852137
eb07b53d262575cef96004e2be725ac235db39262e9bb8466a2a9b85cf532aa8
ed5e5703cc5519f66145305677499b6ea6a65a6d629981341e9fca4d2b94aef3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c8ad030a90f1ee3cdcd5910587eab25da7bb0ec6f942d979bba4d506b38380
f10810172b4a4049d548062290310253859d51dd142858309e2ef3712e8aafbc
f1f493f2418d851d9c9d5a6522417b0faa8e54fc93255abe5939b309a6e1465e
f5b52ad70c5d645388b52d2fadaf8a5311aee9a01436866ab9b3e2c5f02e1c22
f5b5ac5fdb8870504505be0a9522061f905e5c1b25a927f877303785129cb3f9
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f73cd554f9a839d872ac99762067d0171d2d09830af910c470cb5cc746f9c666
f92514f4e39c16da9037f964148a09a79419744b77d611860ffc81c86aeace0a
f96f203f5605c9f56e7f6f97caf6ea84f122872ec3c5ac1f9037a1b508c706ee
f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473
fa33d1db535d783b0baf4e74bdc7ce9e54633f87a03669b2803e567088d64ccb
fd0034d6eb55846fa76df23cfb14b23a4dc07ea641e0607b936c8156b9a21120
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
ffaeeea8b8a09eda9e1eb2f2dc2c9ae055afb7fdbd4d88f57f324f8cad1d4ac5
ffe2ef5ce19169f51b69f0dfdac122f402043b13afd7c65b2dab551ebf3b7629

www.zdnet.com Open in urlscan Pro 2.18.233.143 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

339 Requests

100 %HTTPS

31 %IPv6

58 Domains

89 Subdomains

66 IPs

7 Countries

4221 kBTransfer

13041 kBSize

9 Cookies

48 Outgoing links

Page URL History

Redirected requests

339 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.zdnet.com Open in urlscan Pro
2.18.233.143 Public Scan

Screenshot
Live screenshot

Full Image

339
Requests

100 %
HTTPS

31 %
IPv6

58
Domains

89
Subdomains

66
IPs

7
Countries

4221 kB
Transfer

13041 kB
Size

9
Cookies

339 HTTP transactions
13 data transactions