URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Submission: On September 11 via manual from US

Summary

This website contacted 6 IPs in 5 countries across 8 domains to perform 30 HTTP transactions.
The main IP is 68.232.34.125, located in United States and belongs to EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US. The main domain is www.cisecurity.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 24th 2019. Valid for: 2 years.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Domain & IP information

IP Address AS Autonomous System
22 68.232.34.125 15133 (EDGECAST)
1 2a04:4e42:1b:... 54113 (FASTLY)
2 52.164.210.24 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
30 6
Domain
Subdomains
Transfer
22 cisecurity.org
713 KB
4 google-analytics.com
38 KB
2 cookiebot.com
32 KB
1 google.de
109 B
1 google.com
228 B
1 doubleclick.net
170 B
1 googletagmanager.com
23 KB
1 jsdelivr.net
1 KB
30 8
Domain Requested by
22 www.cisecurity.org www.cisecurity.org
4 www.google-analytics.com 1 redirects www.googletagmanager.com
www.google-analytics.com
2 consent.cookiebot.com www.cisecurity.org
consent.cookiebot.com
1 www.google.de www.cisecurity.org
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 www.googletagmanager.com www.cisecurity.org
1 cdn.jsdelivr.net www.cisecurity.org
30 8
Subject / Issuer Validity Valid
*.cisecurity.org
Go Daddy Secure Certificate Authority - G2
2019-05-24 -
2021-07-22
2 years
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year
consent.cookiebot.com
Go Daddy Secure Certificate Authority - G2
2019-01-14 -
2021-01-08
2 years
*.google-analytics.com
GTS CA 1O1
2019-08-23 -
2019-11-21
3 months
www.google.de
GTS CA 1O1
2019-08-23 -
2019-11-21
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /^(?:ECAcc|ECS|ECD)/i

Web
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Web
Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
/white-papers/security-event-primer-malware
51 KB
13 KB
Document
General
Full URL
https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6ACF) /
Resource Hash
004391944e4632e6b609bb255866a10d040cd97817bda2f510ee1a0ff6cdb476
Security Headers
Name Value
X-Frame-Options DENY

Request headers

:method
GET
:authority
www.cisecurity.org
:scheme
https
:path
/white-papers/security-event-primer-malware/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Wed, 11 Sep 2019 10:43:53 GMT
link
<https://www.cisecurity.org/wp-json/>; rel="https://api.w.org/" <https://www.cisecurity.org/?p=16824>; rel=shortlink
server
ECAcc (amb/6ACF)
vary
Accept-Encoding
x-cache
HIT
x-frame-options
DENY
content-length
12651
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@2/src
2 KB
1 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
1062
etag
W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
x-served-by
cache-ams21021-AMS, cache-hhn4028-HHN
date
Wed, 11 Sep 2019 10:49:51 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
88aad.css
/wp-content/cache/minify
273 KB
49 KB
Stylesheet
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6A93) /
Resource Hash
5feee3486aa8d8fa975698d27c6cd75196d1050a52bd164fbf9659c943667eaf
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Wed, 12 Jun 2019 14:11:28 GMT
server
ECAcc (amb/6A93)
x-frame-options
DENY
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
content-length
49762
79ad7.js
/wp-content/cache/minify
228 KB
76 KB
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/79ad7.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6ACD) /
Resource Hash
7d9b80313624ea4a29f1cbfea1770b0462f59960aac160deaa08ddc7d249dacc
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 21 May 2019 23:31:04 GMT
server
ECAcc (amb/6ACD)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
77216
a1df5.js
/wp-content/cache/minify
8 KB
2 KB
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/a1df5.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AFB) /
Resource Hash
3e81d625bb5c251a6a0db5fa653fdc5b84239ace0b71acb7e2f0f5de7affe5c4
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AFB)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
2127
a40bb.js
/wp-content/cache/minify
998 B
599 B
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/a40bb.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6A9B) /
Resource Hash
4d5cf4a09c8715a40938e92aeeb2761b79929efcb5fe2804e8d1bea90d41f756
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6A9B)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
528
Adblocked uc.js
consent.cookiebot.com
47 KB
11 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.164.210.24 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
529d75973eb694a103d512ee55a0169da6c93d69dfb9c6562d8db39c92394505
Blocked
Source: easylist, Type: annoyance (This would have been blocked)

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
etag
"801a9835be5cd51:0"
last-modified
Tue, 27 Aug 2019 10:00:09 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public,max-age=86401
accept-ranges
bytes
content-length
11578
logo.png
/wp-content/themes/cis/assets/images
67 KB
67 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/logo.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B15) /
Resource Hash
6e2453c2a90ec881960e826322f17056c34c9e9d8b8f4e32349548cf8e2f6543
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B15)
etag
"15e2e0-10b04-585f782694cef"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
68356
tagline-img.png
/wp-content/themes/cis/assets/images
61 KB
61 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/tagline-img.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B1E) /
Resource Hash
21c8fc8f9ff649c59b46df2ad7818c8f2e203921b20ae544821061df8713cd3b
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B1E)
etag
"15e2f6-f41f-585f782695c8f"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
62495
CIS_SecureSuite_Membership_Spot_TM_white-r.png?x60581
/wp-content/uploads/2018/01
14 KB
14 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/uploads/2018/01/CIS_SecureSuite_Membership_Spot_TM_white-r.png?x60581
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AD3) /
Resource Hash
8e1ade447eb09eff321edd665d73738798b73f2d00e5c4a6696fd11c2196f543
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Fri, 05 Jan 2018 15:31:54 GMT
server
ECAcc (amb/6AD3)
etag
"208ed-394e-5620925fa56ce"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
14670
arrow-right.png
/wp-content/themes/cis/assets/images
213 B
282 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/arrow-right.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B6B) /
Resource Hash
4070a903cad9fd4c86decd909c3ca199c575c02bc7990fe4a75a5cd4f9f9c056
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B6B)
etag
"15e2b9-d5-585f78268628d"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
213
CIS_SecureSuite_Membership_Spot_TM_white.png
/wp-content/themes/cis/assets/images
12 KB
13 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/CIS_SecureSuite_Membership_Spot_TM_white.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B55) /
Resource Hash
a82f8644df0410e649fbefd6b2d19a3c19896a4b55687bbc7a719e6b2d5ad042
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B55)
etag
"15e28f-31f3-585f78267f914"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
12787
CIS_Controls__RGB.png
/wp-content/themes/cis/assets/images
52 KB
52 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/CIS_Controls__RGB.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AF2) /
Resource Hash
cf73e77ff57b43c928e6bc56cf3918a7a2f03bb00e24a3953971544f645a10ff
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Wed, 14 Aug 2019 13:39:21 GMT
server
ECAcc (amb/6AF2)
etag
"168473-d06e-59013e26b7917"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
53358
arrow-right-white.png
/wp-content/themes/cis/assets/images
213 B
280 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/arrow-right-white.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AB6) /
Resource Hash
22ffe7bd893adf06d87d7bee0c02f13b548e702e0787f83d29984b2bec1263e1
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AB6)
etag
"15e2b7-d5-585f782685ea5"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
213
Adblocked facebook.svg
/wp-content/themes/cis/assets/images
1 KB
694 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/facebook.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B5F) /
Resource Hash
cb8add66674b5127df91491fe234388629bfd8d492aaca53eb62b2cd28c23aa4
Blocked
Source: easylist, Type: annoyance (This would have been blocked)
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B5F)
etag
"15e2d7-411-585f78268916d+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
620
Adblocked twitter.svg
/wp-content/themes/cis/assets/images
2 KB
997 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/twitter.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B16) /
Resource Hash
575da3ffc058c15fbc836c1f1089ebfe3a80f63a3ef5094f32134773da667fa7
Blocked
Source: easylist, Type: annoyance (This would have been blocked)
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B16)
etag
"15e2fb-6c5-585f78269b667+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
911
Adblocked linkedin.svg
/wp-content/themes/cis/assets/images
1 KB
699 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/linkedin.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B2D) /
Resource Hash
9b3e12a77d78aa821c00ea9ac65246d8880792df747cd87bd84e986cdd68ec38
Blocked
Source: easylist, Type: annoyance (This would have been blocked)
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B2D)
etag
"15e2de-411-585f78268993e+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
625
Adblocked youtube.svg
/wp-content/themes/cis/assets/images
1 KB
756 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/youtube.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AB2) /
Resource Hash
df40c77e0080a524ed7cce475240dc309bac6b26521946f227717be0dc4886e7
Blocked
Source: easylist, Type: annoyance (This would have been blocked)
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AB2)
etag
"15e30a-4a2-585f7826a4ad8+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
682
13d7d.js
/wp-content/cache/minify
1 KB
825 B
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/13d7d.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B4D) /
Resource Hash
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 13 Dec 2018 03:35:06 GMT
server
ECAcc (amb/6B4D)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
753
Adblocked gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x
www.googletagmanager.com
66 KB
23 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f3314e50d3d7db0f0e4a7da996973e1a4aca2c87f090debf028d87616e20a008
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
*
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
23055
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
wp-emoji-release.min.js?ver=5.2.3
/wp-includes/js
14 KB
5 KB
Script
General
Full URL
https://www.cisecurity.org/wp-includes/js/wp-emoji-release.min.js?ver=5.2.3
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B46) /
Resource Hash
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 19 May 2019 08:12:16 GMT
server
ECAcc (amb/6B46)
etag
"15e0f8-3610-589392c80a410+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/javascript
status
200
content-length
4622
Verified OpenSans-ExtraBold.ttf
/wp-content/themes/cis/assets/fonts
217 KB
114 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-ExtraBold.ttf
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AB3) /
Resource Hash
0fcbdb5cbeea00ae532352c7c94a7d288ebc911ba85f4d595012032dcab64ba8
Verified resource
extjs/6.2.0/classic/theme-triton/resources/fonts/OpenSans-ExtraBold.ttf at cdnjs.com, project extjs
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AB3)
etag
"15e25f-36578-585f782663bc1+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
116199
Verified OpenSans-Regular.ttf
/wp-content/themes/cis/assets/fonts
212 KB
111 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-Regular.ttf
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B56) /
Resource Hash
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
Verified resource
extjs/6.2.0/classic/theme-triton/resources/fonts/OpenSans-Regular.ttf at cdnjs.com, project extjs
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B56)
etag
"15e264-35110-585f782665b02+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
113987
Verified OpenSans-Bold.ttf
/wp-content/themes/cis/assets/fonts
219 KB
114 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-Bold.ttf
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/cache/minify/79ad7.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B48) /
Resource Hash
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
Verified resource
extjs/6.2.0/classic/theme-triton/resources/fonts/OpenSans-Bold.ttf at cdnjs.com, project extjs
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B48)
etag
"15e25d-36d50-585f782662c21+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
116651
Verified glyphicons-halflings-regular.woff2
/wp-content/themes/cis/assets/bootstrap/fonts
18 KB
18 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/cache/minify/79ad7.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B5D) /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Verified resource
bootswatch/3.3.5/fonts/glyphicons-halflings-regular.woff2 at cdnjs.com, project bootswatch
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B5D)
etag
"15e24a-466c-585f7826597b0+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
18056
Adblocked analytics.js
www.google-analytics.com
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
378
date
Wed, 11 Sep 2019 10:43:33 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17803
expires
Wed, 11 Sep 2019 12:43:33 GMT
Adblocked cc.js?renew=false&referer=www.cisecurity.org&dnt=false&forceshow=false&cbid=965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1&whitelabel=false&brandid=Cookiebot&framework=
consent.cookiebot.com/965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1
82 KB
21 KB
Script
General
Full URL
https://consent.cookiebot.com/965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1/cc.js?renew=false&referer=www.cisecurity.org&dnt=false&forceshow=false&cbid=965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1&whitelabel=false&brandid=Cookiebot&framework=
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.164.210.24 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4733bbdc855a097f29e37a2929d2d96f2527360a80b255fa397cba7e9b753e2b
Blocked
Source: easylist, Type: annoyance (This would have been blocked)

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
last-modified
Wed, 11 Sep 2019 10:49:51 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
status
200
x-powered-by
ASP.NET
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=7200
access-control-allow-headers
cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, bustcache
content-length
21117
Adblocked js?id=GTM-NKMWZVJ&t=gtm1&cid=809261289.1568198992&aip=true
www.google-analytics.com/gtm
54 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-NKMWZVJ&t=gtm1&cid=809261289.1568198992&aip=true
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ed05b7c46e0b123f68b20357708f816e12d9a1d3552e803e822f938053ad387b
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
br
last-modified
Wed, 11 Sep 2019 09:00:00 GMT
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
20805
x-xss-protection
0
expires
Wed, 11 Sep 2019 10:49:51 GMT
ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
www.google.de/ads
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1086049661&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=S...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_gid=1309253187.1568198992&gjid=1160539535&_v=j79&z=2054040718
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Sep 2019 10:49:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 11 Sep 2019 10:49:51 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Adblocked collect?v=1&_v=j79&aip=1&a=1086049661&t=timing&_s=2&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=Security%20Event%20Primer%20%E2%80%93%...
www.google-analytics.com
35 B
110 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&aip=1&a=1086049661&t=timing&_s=2&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=Security%20Event%20Primer%20%E2%80%93%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&plt=371&pdt=2&dns=3&rrt=0&srt=20&tcp=55&dit=189&clt=189&_gst=206&_gbt=235&_cst=98&_cbt=199&_u=aGDAAEADQ~&jid=&gjid=&cid=809261289.1568198992&tid=UA-4446498-12&_gid=1309253187.1568198992&gtm=2wg8l2P5Q9JG6&z=1691489274
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Aug 2019 06:05:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1485849
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 28
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1086049661&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=S...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_gid=1309253187.1568198992&gjid=1160539535&_v=j79&z=2054040718
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Cookies object| dataLayer object| _wpemojiSettings function| $ function| jQuery function| Retina function| RetinaImagePath function| RetinaImage object| process_membership function| postStuff function| check_member_status function| check_price function| submit_form function| submitOnRenew function| test_submit function| getCompanyName function| getQueryVariable function| get_membership_type function| get_member_email function| on_membership_process_change function| on_membership_type_change function| displaySubmitButton function| enableSBtn function| disableSBtn function| hideSubmitButton function| hideElements function| resetPrice function| updateMemberTitleText function| getStateProvice function| getCheckedBoxes function| validateInput function| askQuote object| downloadpdf function| setRecentlyViewedBenchmarkCookie object| elementPosition object| wp object| google_tag_manager string| GoogleAnalyticsObject function| ga function| CookiebotCallback_OnAccept object| CookieConsent object| CookieControl object| Cookiebot object| twemoji object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_optimize object| CookiebotDialog object| CookieConsentDialog object| that object| cookieTable number| j function| showCookieBanner function| hideCookieBanner number| cookieBannerSliderPos

3 Cookies

Domain/Path Name / Value
.cisecurity.org/ Name: _gid
Value: GA1.2.1309253187.1568198992
.cisecurity.org/ Name: _gat_UA-4446498-12
Value: 1
.cisecurity.org/ Name: _ga
Value: GA1.2.809261289.1568198992

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.cisecurity.org/wp-content/cache/minify/79ad7.js, Line 26, Column552
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

cdn.jsdelivr.net
consent.cookiebot.com
stats.g.doubleclick.net
www.cisecurity.org
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com


2a00:1450:4001:819::2008
2a00:1450:4001:819::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:81f::2004
2a00:1450:400c:c0c::9a
2a04:4e42:1b::621
52.164.210.24
68.232.34.125

004391944e4632e6b609bb255866a10d040cd97817bda2f510ee1a0ff6cdb476
0fcbdb5cbeea00ae532352c7c94a7d288ebc911ba85f4d595012032dcab64ba8
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
21c8fc8f9ff649c59b46df2ad7818c8f2e203921b20ae544821061df8713cd3b
22ffe7bd893adf06d87d7bee0c02f13b548e702e0787f83d29984b2bec1263e1
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
3e81d625bb5c251a6a0db5fa653fdc5b84239ace0b71acb7e2f0f5de7affe5c4
4070a903cad9fd4c86decd909c3ca199c575c02bc7990fe4a75a5cd4f9f9c056
4733bbdc855a097f29e37a2929d2d96f2527360a80b255fa397cba7e9b753e2b
4d5cf4a09c8715a40938e92aeeb2761b79929efcb5fe2804e8d1bea90d41f756
529d75973eb694a103d512ee55a0169da6c93d69dfb9c6562d8db39c92394505
575da3ffc058c15fbc836c1f1089ebfe3a80f63a3ef5094f32134773da667fa7
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
5feee3486aa8d8fa975698d27c6cd75196d1050a52bd164fbf9659c943667eaf
6e2453c2a90ec881960e826322f17056c34c9e9d8b8f4e32349548cf8e2f6543
7d9b80313624ea4a29f1cbfea1770b0462f59960aac160deaa08ddc7d249dacc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e1ade447eb09eff321edd665d73738798b73f2d00e5c4a6696fd11c2196f543
9b3e12a77d78aa821c00ea9ac65246d8880792df747cd87bd84e986cdd68ec38
a82f8644df0410e649fbefd6b2d19a3c19896a4b55687bbc7a719e6b2d5ad042
cb8add66674b5127df91491fe234388629bfd8d492aaca53eb62b2cd28c23aa4
cf73e77ff57b43c928e6bc56cf3918a7a2f03bb00e24a3953971544f645a10ff
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
df40c77e0080a524ed7cce475240dc309bac6b26521946f227717be0dc4886e7
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
ed05b7c46e0b123f68b20357708f816e12d9a1d3552e803e822f938053ad387b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3314e50d3d7db0f0e4a7da996973e1a4aca2c87f090debf028d87616e20a008
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c