URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Submission: On September 11 via manual from US

Summary

This website contacted 6 IPs in 5 countries across 8 domains to perform 30 HTTP transactions. The main IP is 68.232.34.125, located in United States and belongs to EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US. The main domain is www.cisecurity.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on May 24th 2019. Valid for: 2 years.
This is the only time www.cisecurity.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
22 68.232.34.125 15133 (EDGECAST)
1 2a04:4e42:1b:... 54113 (FASTLY)
2 52.164.210.24 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
30 6
Domain Requested by
22 www.cisecurity.org www.cisecurity.org
4 www.google-analytics.com 1 redirects www.googletagmanager.com
www.google-analytics.com
2 consent.cookiebot.com www.cisecurity.org
consent.cookiebot.com
1 www.google.de www.cisecurity.org
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 www.googletagmanager.com www.cisecurity.org
1 cdn.jsdelivr.net www.cisecurity.org
30 8
Subject Issuer Validity Valid
*.cisecurity.org
Go Daddy Secure Certificate Authority - G2
2019-05-24 -
2021-07-22
2 years crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year crt.sh
consent.cookiebot.com
Go Daddy Secure Certificate Authority - G2
2019-01-14 -
2021-01-08
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2019-08-23 -
2019-11-21
3 months crt.sh
www.google.de
GTS CA 1O1
2019-08-23 -
2019-11-21
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Frame ID: 82A3D61E6A682A86FFCBC69C824B86B0
Requests: 30 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /^(?:ECAcc|ECS|ECD)/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

30
Requests

100 %
HTTPS

75 %
IPv6

8
Domains

8
Subdomains

6
IPs

5
Countries

807 kB
Transfer

1749 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1086049661&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=Security%20Event%20Primer%20%E2%80%93%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAAEADQ~&jid=1893886762&gjid=1160539535&cid=809261289.1568198992&tid=UA-4446498-12&_gid=1309253187.1568198992&_r=1&gtm=2wg8l2P5Q9JG6&z=2054040718 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_gid=1309253187.1568198992&gjid=1160539535&_v=j79&z=2054040718 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.cisecurity.org/white-papers/security-event-primer-malware/
51 KB
13 KB
Document
General
Full URL
https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6ACF) /
Resource Hash
004391944e4632e6b609bb255866a10d040cd97817bda2f510ee1a0ff6cdb476
Security Headers
Name Value
X-Frame-Options DENY

Request headers

:method
GET
:authority
www.cisecurity.org
:scheme
https
:path
/white-papers/security-event-primer-malware/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Wed, 11 Sep 2019 10:43:53 GMT
link
<https://www.cisecurity.org/wp-json/>; rel="https://api.w.org/" <https://www.cisecurity.org/?p=16824>; rel=shortlink
server
ECAcc (amb/6ACF)
vary
Accept-Encoding
x-cache
HIT
x-frame-options
DENY
content-length
12651
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@2/src/
2 KB
1 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
1062
etag
W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
x-served-by
cache-ams21021-AMS, cache-hhn4028-HHN
date
Wed, 11 Sep 2019 10:49:51 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
88aad.css
www.cisecurity.org/wp-content/cache/minify/
273 KB
49 KB
Stylesheet
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6A93) /
Resource Hash
5feee3486aa8d8fa975698d27c6cd75196d1050a52bd164fbf9659c943667eaf
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Wed, 12 Jun 2019 14:11:28 GMT
server
ECAcc (amb/6A93)
x-frame-options
DENY
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
content-length
49762
79ad7.js
www.cisecurity.org/wp-content/cache/minify/
228 KB
76 KB
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/79ad7.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6ACD) /
Resource Hash
7d9b80313624ea4a29f1cbfea1770b0462f59960aac160deaa08ddc7d249dacc
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 21 May 2019 23:31:04 GMT
server
ECAcc (amb/6ACD)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
77216
a1df5.js
www.cisecurity.org/wp-content/cache/minify/
8 KB
2 KB
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/a1df5.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AFB) /
Resource Hash
3e81d625bb5c251a6a0db5fa653fdc5b84239ace0b71acb7e2f0f5de7affe5c4
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AFB)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
2127
a40bb.js
www.cisecurity.org/wp-content/cache/minify/
998 B
599 B
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/a40bb.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6A9B) /
Resource Hash
4d5cf4a09c8715a40938e92aeeb2761b79929efcb5fe2804e8d1bea90d41f756
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6A9B)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
528
uc.js
consent.cookiebot.com/
47 KB
11 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.164.210.24 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
529d75973eb694a103d512ee55a0169da6c93d69dfb9c6562d8db39c92394505

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
etag
"801a9835be5cd51:0"
last-modified
Tue, 27 Aug 2019 10:00:09 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public,max-age=86401
accept-ranges
bytes
content-length
11578
logo.png
www.cisecurity.org/wp-content/themes/cis/assets/images/
67 KB
67 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/logo.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B15) /
Resource Hash
6e2453c2a90ec881960e826322f17056c34c9e9d8b8f4e32349548cf8e2f6543
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B15)
etag
"15e2e0-10b04-585f782694cef"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
68356
tagline-img.png
www.cisecurity.org/wp-content/themes/cis/assets/images/
61 KB
61 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/tagline-img.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B1E) /
Resource Hash
21c8fc8f9ff649c59b46df2ad7818c8f2e203921b20ae544821061df8713cd3b
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B1E)
etag
"15e2f6-f41f-585f782695c8f"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
62495
CIS_SecureSuite_Membership_Spot_TM_white-r.png
www.cisecurity.org/wp-content/uploads/2018/01/
14 KB
14 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/uploads/2018/01/CIS_SecureSuite_Membership_Spot_TM_white-r.png?x60581
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AD3) /
Resource Hash
8e1ade447eb09eff321edd665d73738798b73f2d00e5c4a6696fd11c2196f543
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Fri, 05 Jan 2018 15:31:54 GMT
server
ECAcc (amb/6AD3)
etag
"208ed-394e-5620925fa56ce"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
14670
arrow-right.png
www.cisecurity.org/wp-content/themes/cis/assets/images/
213 B
282 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/arrow-right.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B6B) /
Resource Hash
4070a903cad9fd4c86decd909c3ca199c575c02bc7990fe4a75a5cd4f9f9c056
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B6B)
etag
"15e2b9-d5-585f78268628d"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
213
CIS_SecureSuite_Membership_Spot_TM_white.png
www.cisecurity.org/wp-content/themes/cis/assets/images/
12 KB
13 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/CIS_SecureSuite_Membership_Spot_TM_white.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B55) /
Resource Hash
a82f8644df0410e649fbefd6b2d19a3c19896a4b55687bbc7a719e6b2d5ad042
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B55)
etag
"15e28f-31f3-585f78267f914"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
12787
CIS_Controls__RGB.png
www.cisecurity.org/wp-content/themes/cis/assets/images/
52 KB
52 KB
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/CIS_Controls__RGB.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AF2) /
Resource Hash
cf73e77ff57b43c928e6bc56cf3918a7a2f03bb00e24a3953971544f645a10ff
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Wed, 14 Aug 2019 13:39:21 GMT
server
ECAcc (amb/6AF2)
etag
"168473-d06e-59013e26b7917"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
53358
arrow-right-white.png
www.cisecurity.org/wp-content/themes/cis/assets/images/
213 B
280 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/arrow-right-white.png
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AB6) /
Resource Hash
22ffe7bd893adf06d87d7bee0c02f13b548e702e0787f83d29984b2bec1263e1
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AB6)
etag
"15e2b7-d5-585f782685ea5"
x-frame-options
DENY
x-cache
HIT
content-type
image/png
status
200
accept-ranges
bytes
content-length
213
facebook.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/
1 KB
694 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/facebook.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B5F) /
Resource Hash
cb8add66674b5127df91491fe234388629bfd8d492aaca53eb62b2cd28c23aa4
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B5F)
etag
"15e2d7-411-585f78268916d+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
620
twitter.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/
2 KB
997 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/twitter.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B16) /
Resource Hash
575da3ffc058c15fbc836c1f1089ebfe3a80f63a3ef5094f32134773da667fa7
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B16)
etag
"15e2fb-6c5-585f78269b667+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
911
linkedin.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/
1 KB
699 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/linkedin.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B2D) /
Resource Hash
9b3e12a77d78aa821c00ea9ac65246d8880792df747cd87bd84e986cdd68ec38
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B2D)
etag
"15e2de-411-585f78268993e+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
625
youtube.svg
www.cisecurity.org/wp-content/themes/cis/assets/images/
1 KB
756 B
Image
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/images/youtube.svg
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AB2) /
Resource Hash
df40c77e0080a524ed7cce475240dc309bac6b26521946f227717be0dc4886e7
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AB2)
etag
"15e30a-4a2-585f7826a4ad8+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
image/svg+xml
status
200
content-length
682
13d7d.js
www.cisecurity.org/wp-content/cache/minify/
1 KB
825 B
Script
General
Full URL
https://www.cisecurity.org/wp-content/cache/minify/13d7d.js
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B4D) /
Resource Hash
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
private
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 13 Dec 2018 03:35:06 GMT
server
ECAcc (amb/6B4D)
x-frame-options
DENY
x-cache
HIT
content-type
application/x-javascript; charset=utf-8
status
200
content-length
753
gtm.js
www.googletagmanager.com/
66 KB
23 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f3314e50d3d7db0f0e4a7da996973e1a4aca2c87f090debf028d87616e20a008
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
*
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
23055
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
wp-emoji-release.min.js
www.cisecurity.org/wp-includes/js/
14 KB
5 KB
Script
General
Full URL
https://www.cisecurity.org/wp-includes/js/wp-emoji-release.min.js?ver=5.2.3
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B46) /
Resource Hash
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 19 May 2019 08:12:16 GMT
server
ECAcc (amb/6B46)
etag
"15e0f8-3610-589392c80a410+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/javascript
status
200
content-length
4622
OpenSans-ExtraBold.ttf
www.cisecurity.org/wp-content/themes/cis/assets/fonts/
217 KB
114 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-ExtraBold.ttf
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6AB3) /
Resource Hash
0fcbdb5cbeea00ae532352c7c94a7d288ebc911ba85f4d595012032dcab64ba8
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6AB3)
etag
"15e25f-36578-585f782663bc1+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
116199
OpenSans-Regular.ttf
www.cisecurity.org/wp-content/themes/cis/assets/fonts/
212 KB
111 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-Regular.ttf
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B56) /
Resource Hash
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B56)
etag
"15e264-35110-585f782665b02+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
113987
OpenSans-Bold.ttf
www.cisecurity.org/wp-content/themes/cis/assets/fonts/
219 KB
114 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/fonts/OpenSans-Bold.ttf
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/cache/minify/79ad7.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B48) /
Resource Hash
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B48)
etag
"15e25d-36d50-585f782662c21+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
116651
glyphicons-halflings-regular.woff2
www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/fonts/
18 KB
18 KB
Font
General
Full URL
https://www.cisecurity.org/wp-content/themes/cis/assets/bootstrap/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/wp-content/cache/minify/79ad7.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.34.125 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (amb/6B5D) /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.cisecurity.org/wp-content/cache/minify/88aad.css
Origin
https://www.cisecurity.org
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sun, 07 Apr 2019 21:36:14 GMT
server
ECAcc (amb/6B5D)
etag
"15e24a-466c-585f7826597b0+gzip"
x-frame-options
DENY
x-cache
HIT
content-type
text/plain; charset=UTF-8
status
200
content-length
18056
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5Q9JG6&gtm_auth=nxQySRuQFY4djanswAuNtQ&gtm_preview=env-5&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
378
date
Wed, 11 Sep 2019 10:43:33 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17803
expires
Wed, 11 Sep 2019 12:43:33 GMT
cc.js
consent.cookiebot.com/965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1/
82 KB
21 KB
Script
General
Full URL
https://consent.cookiebot.com/965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1/cc.js?renew=false&referer=www.cisecurity.org&dnt=false&forceshow=false&cbid=965d9c8b-6ef3-48b4-ba8f-11d8d9ba39c1&whitelabel=false&brandid=Cookiebot&framework=
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.164.210.24 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4733bbdc855a097f29e37a2929d2d96f2527360a80b255fa397cba7e9b753e2b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
gzip
last-modified
Wed, 11 Sep 2019 10:49:51 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
status
200
x-powered-by
ASP.NET
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=7200
access-control-allow-headers
cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, bustcache
content-length
21117
js
www.google-analytics.com/gtm/
54 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-NKMWZVJ&t=gtm1&cid=809261289.1568198992&aip=true
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ed05b7c46e0b123f68b20357708f816e12d9a1d3552e803e822f938053ad387b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 11 Sep 2019 10:49:51 GMT
content-encoding
br
last-modified
Wed, 11 Sep 2019 09:00:00 GMT
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
20805
x-xss-protection
0
expires
Wed, 11 Sep 2019 10:49:51 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=1086049661&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=S...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_gid=1309253187.1568198992&gjid=1160539535&_v=j79&z=2054040718
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
Requested by
Host: www.cisecurity.org
URL: https://www.cisecurity.org/white-papers/security-event-primer-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 11 Sep 2019 10:49:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 11 Sep 2019 10:49:51 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4446498-12&cid=809261289.1568198992&jid=1893886762&_v=j79&z=2054040718&slf_rd=1&random=1563002660
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
110 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&aip=1&a=1086049661&t=timing&_s=2&dl=https%3A%2F%2Fwww.cisecurity.org%2Fwhite-papers%2Fsecurity-event-primer-malware%2F&ul=en-us&de=UTF-8&dt=Security%20Event%20Primer%20%E2%80%93%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&plt=371&pdt=2&dns=3&rrt=0&srt=20&tcp=55&dit=189&clt=189&_gst=206&_gbt=235&_cst=98&_cbt=199&_u=aGDAAEADQ~&jid=&gjid=&cid=809261289.1568198992&tid=UA-4446498-12&_gid=1309253187.1568198992&gtm=2wg8l2P5Q9JG6&z=1691489274
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.cisecurity.org/white-papers/security-event-primer-malware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Aug 2019 06:05:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1485849
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Cookies object| dataLayer object| _wpemojiSettings function| $ function| jQuery function| Retina function| RetinaImagePath function| RetinaImage object| process_membership function| postStuff function| check_member_status function| check_price function| submit_form function| submitOnRenew function| test_submit function| getCompanyName function| getQueryVariable function| get_membership_type function| get_member_email function| on_membership_process_change function| on_membership_type_change function| displaySubmitButton function| enableSBtn function| disableSBtn function| hideSubmitButton function| hideElements function| resetPrice function| updateMemberTitleText function| getStateProvice function| getCheckedBoxes function| validateInput function| askQuote object| downloadpdf function| setRecentlyViewedBenchmarkCookie object| elementPosition object| wp object| google_tag_manager string| GoogleAnalyticsObject function| ga function| CookiebotCallback_OnAccept object| CookieConsent object| CookieControl object| Cookiebot object| twemoji object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_optimize object| CookiebotDialog object| CookieConsentDialog object| that object| cookieTable number| j function| showCookieBanner function| hideCookieBanner number| cookieBannerSliderPos

3 Cookies

Domain/Path Name / Value
.cisecurity.org/ Name: _gid
Value: GA1.2.1309253187.1568198992
.cisecurity.org/ Name: _gat_UA-4446498-12
Value: 1
.cisecurity.org/ Name: _ga
Value: GA1.2.809261289.1568198992

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.cisecurity.org/wp-content/cache/minify/79ad7.js(Line 26)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
consent.cookiebot.com
stats.g.doubleclick.net
www.cisecurity.org
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
2a00:1450:4001:819::2008
2a00:1450:4001:819::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:81f::2004
2a00:1450:400c:c0c::9a
2a04:4e42:1b::621
52.164.210.24
68.232.34.125
004391944e4632e6b609bb255866a10d040cd97817bda2f510ee1a0ff6cdb476
0fcbdb5cbeea00ae532352c7c94a7d288ebc911ba85f4d595012032dcab64ba8
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
21c8fc8f9ff649c59b46df2ad7818c8f2e203921b20ae544821061df8713cd3b
22ffe7bd893adf06d87d7bee0c02f13b548e702e0787f83d29984b2bec1263e1
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
3e81d625bb5c251a6a0db5fa653fdc5b84239ace0b71acb7e2f0f5de7affe5c4
4070a903cad9fd4c86decd909c3ca199c575c02bc7990fe4a75a5cd4f9f9c056
4733bbdc855a097f29e37a2929d2d96f2527360a80b255fa397cba7e9b753e2b
4d5cf4a09c8715a40938e92aeeb2761b79929efcb5fe2804e8d1bea90d41f756
529d75973eb694a103d512ee55a0169da6c93d69dfb9c6562d8db39c92394505
575da3ffc058c15fbc836c1f1089ebfe3a80f63a3ef5094f32134773da667fa7
5894a3649b213cf5b2d673b6e7a871815fd1d120fa68a463592f27db14eae323
5feee3486aa8d8fa975698d27c6cd75196d1050a52bd164fbf9659c943667eaf
6e2453c2a90ec881960e826322f17056c34c9e9d8b8f4e32349548cf8e2f6543
7d9b80313624ea4a29f1cbfea1770b0462f59960aac160deaa08ddc7d249dacc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e1ade447eb09eff321edd665d73738798b73f2d00e5c4a6696fd11c2196f543
9b3e12a77d78aa821c00ea9ac65246d8880792df747cd87bd84e986cdd68ec38
a82f8644df0410e649fbefd6b2d19a3c19896a4b55687bbc7a719e6b2d5ad042
cb8add66674b5127df91491fe234388629bfd8d492aaca53eb62b2cd28c23aa4
cf73e77ff57b43c928e6bc56cf3918a7a2f03bb00e24a3953971544f645a10ff
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
df40c77e0080a524ed7cce475240dc309bac6b26521946f227717be0dc4886e7
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
ed05b7c46e0b123f68b20357708f816e12d9a1d3552e803e822f938053ad387b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3314e50d3d7db0f0e4a7da996973e1a4aca2c87f090debf028d87616e20a008
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c