arstechnica.com Open in urlscan Pro
50.31.169.131 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-re...
Submission: On January 17 via manual (January 17th 2019, 2:01:34 am UTC) from US

Summary HTTP 255 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 79 IPs in 6 countries across 49 domains to perform 255 HTTP transactions. The main IP is 50.31.169.131, located in Chicago, United States and belongs to SERVERCENTRAL - Server Central Network, US. The main domain is arstechnica.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on January 24th 2017. Valid for: 2 years.

This is the only time arstechnica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	50.31.169.131 50.31.169.131	23352 (SERVERCEN...) (SERVERCENTRAL - Server Central Network)
18	205.234.175.175 205.234.175.175	30081 (CACHENETW...) (CACHENETWORKS - CacheNetworks)
2	2.21.37.83 2.21.37.83	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.0.239 151.101.0.239	54113 (FASTLY) (FASTLY - Fastly)
6	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	18.195.154.247 18.195.154.247	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	46.228.164.13 46.228.164.13	56396 (TURN) (TURN)
1	184.31.90.127 184.31.90.127	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.190.92.63 35.190.92.63	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	104.111.214.103 104.111.214.103	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2.21.37.220 2.21.37.220	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	35.153.9.60 35.153.9.60	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	143.204.98.215 143.204.98.215	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.1.121.7 52.1.121.7	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	54.144.146.119 54.144.146.119	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
11	52.2.117.76 52.2.117.76	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2 5	52.19.121.121 52.19.121.121	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	143.204.96.211 143.204.96.211	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	143.204.101.27 143.204.101.27	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
9	2.21.37.92 2.21.37.92	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.30.183.205 52.30.183.205	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2.19.33.231 2.19.33.231	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	143.204.101.74 143.204.101.74	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.158.240.160 54.158.240.160	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	2a00:1450:400... 2a00:1450:400c:c04::9b	() ()
1 1	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20b... 2600:9000:20bb:dc00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	2.21.38.73 2.21.38.73	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	23.67.133.23 23.67.133.23	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.6.60.254 52.6.60.254	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
6	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE - Google LLC)
1	34.250.76.236 34.250.76.236	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	66.117.28.86 66.117.28.86	() ()
2	2606:4700::68... 2606:4700::6810:50ad	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	64.74.236.19 64.74.236.19	22075 (AS-OUTBRAIN) (AS-OUTBRAIN - Outbrain)
1	151.101.2.2 151.101.2.2	54113 (FASTLY) (FASTLY - Fastly)
2	52.94.216.48 52.94.216.48	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
17	34.235.240.97 34.235.240.97	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
15	143.204.98.2 143.204.98.2	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	18.195.102.90 18.195.102.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.190.40.172 35.190.40.172	15169 (GOOGLE) (GOOGLE - Google LLC)
2	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE - Google LLC)
3	52.21.120.172 52.21.120.172	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	143.204.101.24 143.204.101.24	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	143.204.98.73 143.204.98.73	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2606:4700::68... 2606:4700::6813:f87e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	23.211.3.55 23.211.3.55	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	104.18.219.82 104.18.219.82	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2606:4700::68... 2606:4700::6812:603c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	52.0.240.180 52.0.240.180	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	143.204.90.45 143.204.90.45	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2606:4700::68... 2606:4700::6810:52ad	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	74.119.119.131 74.119.119.131	19750 (AS-CRITEO) (AS-CRITEO - Criteo Corp.)
1	54.77.151.154 54.77.151.154	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	143.204.101.51 143.204.101.51	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	18.213.181.62 18.213.181.62	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
12	213.19.162.71 213.19.162.71	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
15 38	152.195.15.114 152.195.15.114	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
4	178.250.0.93 178.250.0.93	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	143.204.98.182 143.204.98.182	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:814::2006	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
5	143.204.101.76 143.204.101.76	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	54.165.0.24 54.165.0.24	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	143.204.98.10 143.204.98.10	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2.21.38.40 2.21.38.40	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.194.108.5 54.194.108.5	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	54.246.133.167 54.246.133.167	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.94.220.16 52.94.220.16	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	63.140.41.50 63.140.41.50	() ()
255	79

1 50.31.169.131 (Chicago, United States)

ASN23352 (SERVERCENTRAL - Server Central Network, US)
PTR: ge-11-2-1.ar10.ord6.us.scnet.net

arstechnica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 205.234.175.175 (United States)

ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US)
PTR: vip1.G-anycast1.cachefly.net

cdn.arstechnica.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.21.37.83 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-37-83.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.239 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

pixel.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81f::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.154.247 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-154-247.eu-central-1.compute.amazonaws.com

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom)

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.90.127 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-90-127.deploy.static.akamaitechnologies.com

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.92.63 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 63.92.190.35.bc.googleusercontent.com

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.214.103 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-214-103.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.37.220 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-37-220.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.153.9.60 (Seattle, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-153-9-60.compute-1.amazonaws.com

api.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.215 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-215.fra50.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.1.121.7 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-1-121-7.compute-1.amazonaws.com

infinityid.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.144.146.119 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-144-146-119.compute-1.amazonaws.com

4d.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.2.117.76 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-117-76.compute-1.amazonaws.com

capture.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.19.121.121 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-19-121-121.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.59.101 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.96.211 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-96-211.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.27 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-27.fra50.r.cloudfront.net

player.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.21.37.92 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-37-92.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.183.205 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-30-183-205.eu-west-1.compute.amazonaws.com

segment-data.zqtk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.33.231 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-33-231.deploy.static.akamaitechnologies.com

cdn.mediavoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
plugin.mediavoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.74 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-74.fra50.r.cloudfront.net

cdn.accelerator.arsdev.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.158.240.160 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-158-240-160.compute-1.amazonaws.com

infinityid.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Ireland) 1 redirects

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20bb:dc00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.21.38.73 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-38-73.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.67.133.23 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-133-23.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.6.60.254 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-6-60-254.compute-1.amazonaws.com

srv-2019-01-17-02.config.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.22.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.76.236 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-250-76-236.eu-west-1.compute.amazonaws.com

condenast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (Lehi, United States) 1 redirects

ASN- ()

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:50ad (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

polarcdn-terrax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.19 (United States)

ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US)
PTR: chi.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.94.216.48 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 34.235.240.97 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-235-240-97.compute-1.amazonaws.com

capture.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 143.204.98.2 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-2.fra50.r.cloudfront.net

dwgyu36up6iuz.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.102.90 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-102-90.eu-central-1.compute.amazonaws.com

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.40.172 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 172.40.190.35.bc.googleusercontent.com

api.skimlinks.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.67.47 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.21.120.172 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-21-120-172.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81c::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.24 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-24.fra50.r.cloudfront.net

player.cnevids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.73 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-73.fra50.r.cloudfront.net

d2c8v52ll5s99u.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:f87e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

static.polarcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.211.3.55 (Cambridge, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-211-3-55.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.219.82 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

polarcdn-pentos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:603c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

bw-prod.plrsrvcs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.0.240.180 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-0-240-180.compute-1.amazonaws.com

srv-2019-01-17-02.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.90.45 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-90-45.fra50.r.cloudfront.net

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:52ad (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

polarcdn-terrax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.131 (Palo Alto, United States)

ASN19750 (AS-CRITEO - Criteo Corp., US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.151.154 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-151-154.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.51 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-51.fra50.r.cloudfront.net

mid.rkdms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.181.62 (Cambridge, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-213-181-62.compute-1.amazonaws.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 213.19.162.71 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 152.195.15.114 (Ashburn, United States) 15 redirects

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.0.93 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.182 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-182.fra50.r.cloudfront.net

d2c8v52ll5s99u.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2006 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 143.204.101.76 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-76.fra50.r.cloudfront.net

dp8hsntg6do36.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.165.0.24 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-165-0-24.compute-1.amazonaws.com

capture.condenastdigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.10 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-10.fra50.r.cloudfront.net

dwgyu36up6iuz.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.38.40 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-38-40.deploy.static.akamaitechnologies.com

px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.108.5 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-194-108-5.eu-west-1.compute.amazonaws.com

condenast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.246.133.167 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-246-133-167.eu-west-1.compute.amazonaws.com

condenast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.94.220.16 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.41.50 (Lehi, United States)

ASN- ()
PTR: arstechnica.com.ssl.d1.sc.omtrdc.net

sstats.arstechnica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	condenastdigital.com pixel.condenastdigital.com infinityid.condenastdigital.com 4d.condenastdigital.com capture.condenastdigital.com	22 KB
38	advertising.com 15 redirects adserver-us.adtech.advertising.com	9 KB
27	cloudfront.net d1z2jf7jlzjs58.cloudfront.net dwgyu36up6iuz.cloudfront.net d2c8v52ll5s99u.cloudfront.net dp8hsntg6do36.cloudfront.net	2 MB
18	arstechnica.net cdn.arstechnica.net	851 KB
12	rubiconproject.com fastlane.rubiconproject.com	28 KB
10	demdex.net 3 redirects dpm.demdex.net condenast.demdex.net	11 KB
8	casalemedia.com as-sec.casalemedia.com	5 KB
8	evidon.com c.evidon.com	75 KB
8	outbrainimg.com tcheck.outbrainimg.com log.outbrainimg.com images.outbrainimg.com	34 KB
8	skimresources.com 1 redirects s.skimresources.com r.skimresources.com p.skimresources.com t.skimresources.com	24 KB
7	doubleclick.net 1 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net pubads.g.doubleclick.net	99 KB
6	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	60 KB
6	amazon-adsystem.com c.amazon-adsystem.com aax.amazon-adsystem.com	23 KB
5	cnevids.com api.cnevids.com player.cnevids.com	56 KB
5	google-analytics.com www.google-analytics.com	18 KB
4	criteo.com bidder.criteo.com	852 B
4	polarcdn-pentos.com polarcdn-pentos.com	789 B
4	google.com 1 redirects ampcid.google.com www.google.com adservice.google.com	954 B
3	moatads.com z.moatads.com px.moatads.com	176 KB
3	googleapis.com imasdk.googleapis.com	101 KB
3	betrad.com l.betrad.com	360 B
3	polarcdn-terrax.com polarcdn-terrax.com	12 KB
3	parsely.com srv-2019-01-17-02.config.parsely.com srv-2019-01-17-02.pixel.parsely.com	1 KB
3	googletagservices.com www.googletagservices.com	64 KB
3	google.de ampcid.google.de www.google.de adservice.google.de	644 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	1 KB
3	bounceexchange.com tag.bounceexchange.com assets.bounceexchange.com	86 KB
2	facebook.net connect.facebook.net	58 KB
2	plrsrvcs.com bw-prod.plrsrvcs.com	2 KB
2	mediavoice.com cdn.mediavoice.com plugin.mediavoice.com	118 KB
2	outbrain.com widgets.outbrain.com odb.outbrain.com	44 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	6 KB
2	adobedtm.com assets.adobedtm.com	65 KB
2	arstechnica.com arstechnica.com sstats.arstechnica.com Failed	15 KB
1	2mdn.net s0.2mdn.net	10 KB
1	rlcdn.com api.rlcdn.com	50 B
1	rkdms.com mid.rkdms.com	398 B
1	adsrvr.org match.adsrvr.org	512 B
1	criteo.net static.criteo.net	25 KB
1	polarcdn.com static.polarcdn.com	108 KB
1	consensu.org api.skimlinks.mgr.consensu.org	636 B
1	everesttech.net 1 redirects cm.everesttech.net	527 B
1	quantcount.com rules.quantcount.com	2 KB
1	arsdev.net cdn.accelerator.arsdev.net	305 B
1	zqtk.net segment-data.zqtk.net	940 B
1	indexww.com js-sec.indexww.com	38 KB
1	sail-horizon.com ak.sail-horizon.com	41 KB
1	turn.com d.turn.com	698 B
1	googletagmanager.com www.googletagmanager.com	43 KB
255	49

	Domain	Requested by
38	adserver-us.adtech.advertising.com	15 redirects arstechnica.com
33	capture.condenastdigital.com	arstechnica.com
18	cdn.arstechnica.net	arstechnica.com cdn.arstechnica.net
16	dwgyu36up6iuz.cloudfront.net	arstechnica.com d2c8v52ll5s99u.cloudfront.net
12	fastlane.rubiconproject.com	js-sec.indexww.com
8	as-sec.casalemedia.com	js-sec.indexww.com
8	c.evidon.com	assets.adobedtm.com c.evidon.com arstechnica.com
6	images.outbrainimg.com	arstechnica.com
5	dp8hsntg6do36.cloudfront.net	arstechnica.com d2c8v52ll5s99u.cloudfront.net
5	tpc.googlesyndication.com	securepubads.g.doubleclick.net
5	condenast.demdex.net	1 redirects assets.adobedtm.com
5	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net arstechnica.com
5	dpm.demdex.net	2 redirects arstechnica.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com arstechnica.com
4	bidder.criteo.com	static.criteo.net
4	polarcdn-pentos.com	static.polarcdn.com
4	d2c8v52ll5s99u.cloudfront.net	player.cnevids.com imasdk.googleapis.com d2c8v52ll5s99u.cloudfront.net
4	aax.amazon-adsystem.com	c.amazon-adsystem.com
3	imasdk.googleapis.com	player.cnevids.com imasdk.googleapis.com
3	l.betrad.com	arstechnica.com
3	polarcdn-terrax.com	cdn.mediavoice.com static.polarcdn.com arstechnica.com
3	player.cnevids.com	cdn.arstechnica.net player.cnevids.com
3	www.googletagservices.com	cdn.arstechnica.net securepubads.g.doubleclick.net
3	4d.condenastdigital.com	pixel.condenastdigital.com cdn.arstechnica.net
3	infinityid.condenastdigital.com	pixel.condenastdigital.com cdn.arstechnica.net d2c8v52ll5s99u.cloudfront.net
3	sb.scorecardresearch.com	1 redirects arstechnica.com www.googletagmanager.com
2	connect.facebook.net	d2c8v52ll5s99u.cloudfront.net connect.facebook.net
2	assets.bounceexchange.com	tag.bounceexchange.com assets.bounceexchange.com
2	srv-2019-01-17-02.pixel.parsely.com	arstechnica.com
2	bw-prod.plrsrvcs.com	static.polarcdn.com arstechnica.com
2	z.moatads.com	securepubads.g.doubleclick.net d2c8v52ll5s99u.cloudfront.net
2	t.skimresources.com	s.skimresources.com
2	adservice.google.com	www.googletagservices.com imasdk.googleapis.com
2	c.amazon-adsystem.com	cdn.arstechnica.net c.amazon-adsystem.com
2	p.skimresources.com	arstechnica.com
2	r.skimresources.com	1 redirects arstechnica.com
2	d1z2jf7jlzjs58.cloudfront.net	arstechnica.com d1z2jf7jlzjs58.cloudfront.net
2	api.cnevids.com	cdn.arstechnica.net
2	s.skimresources.com	arstechnica.com s.skimresources.com
2	assets.adobedtm.com	arstechnica.com assets.adobedtm.com
1	px.moatads.com	arstechnica.com
1	pubads.g.doubleclick.net	d2c8v52ll5s99u.cloudfront.net
1	s0.2mdn.net	imasdk.googleapis.com
1	api.rlcdn.com	js-sec.indexww.com
1	mid.rkdms.com	js-sec.indexww.com
1	match.adsrvr.org	js-sec.indexww.com
1	static.criteo.net	js-sec.indexww.com
1	static.polarcdn.com	securepubads.g.doubleclick.net
1	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
1	api.skimlinks.mgr.consensu.org	s.skimresources.com
1	pixel.quantserve.com	arstechnica.com
1	odb.outbrain.com	widgets.outbrain.com
1	log.outbrainimg.com	widgets.outbrain.com
1	plugin.mediavoice.com	cdn.mediavoice.com
1	cm.everesttech.net	1 redirects
1	sstats.arstechnica.com	assets.adobedtm.com
1	adservice.google.de	www.googletagservices.com
1	srv-2019-01-17-02.config.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	rules.quantcount.com	secure.quantserve.com
1	www.google.de	arstechnica.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	cdn.accelerator.arsdev.net	cdn.arstechnica.net
1	cdn.mediavoice.com	cdn.arstechnica.net
1	segment-data.zqtk.net	cdn.arstechnica.net
1	js-sec.indexww.com	cdn.arstechnica.net
1	ampcid.google.de	www.google-analytics.com
1	widgets.outbrain.com	cdn.arstechnica.net
1	ampcid.google.com	www.google-analytics.com
1	tag.bounceexchange.com	arstechnica.com
1	ak.sail-horizon.com	www.googletagmanager.com
1	d.turn.com	arstechnica.com
1	secure.quantserve.com	www.googletagmanager.com
1	pixel.condenastdigital.com	cdn.arstechnica.net
1	www.googletagmanager.com	arstechnica.com
1	arstechnica.com	d2c8v52ll5s99u.cloudfront.net
255	77

This site contains links to these domains. Also see Links.

Domain
video.arstechnica.com
cdn.arstechnica.net
www.gettyimages.com
www.facebook.com
twitter.com
www.reddit.com
asert.arbornetworks.com
www.welivesecurity.com
en.wikipedia.org
www.ncsc.gov.uk
pitchfork.com
www.twitter.com
www.outbrain.com
click.clickntrax.com
clickit.atrrat.com
www.quora.com
r.securefunnel.io
www.hyper-tech.co
condenast.com
www.condenast.com

Subject Issuer	Validity	Valid
*.arstechnica.com COMODO RSA Domain Validation Secure Server CA	`2017-01-24` - `2019-01-24`	2 years	crt.sh
*.cachefly.net GlobalSign Organization Validation CA - SHA256 - G2	`2018-09-14` - `2019-09-29`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2018-04-06` - `2019-04-11`	a year	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2018-09-13` - `2020-10-07`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
condenast.com GlobalSign CloudSSL CA - SHA256 - G3	`2018-11-14` - `2019-09-07`	10 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2018-10-16` - `2019-10-21`	a year	crt.sh
*.turn.com DigiCert SHA2 Secure Server CA	`2018-01-03` - `2019-02-25`	a year	crt.sh
ak.sail-horizon.com GeoTrust RSA CA 2018	`2018-04-10` - `2019-04-10`	a year	crt.sh
tag.bounceexchange.com Thawte RSA CA 2018	`2018-08-13` - `2020-08-12`	2 years	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.google.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-03-14`	a year	crt.sh
*.cnevids.com Trusted Secure Certificate Authority 5	`2017-01-10` - `2020-01-10`	3 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
*.conde.io Amazon	`2018-05-22` - `2019-06-22`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2018-03-12` - `2019-03-12`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2018-04-16` - `2019-02-06`	10 months	crt.sh
*.zqtk.net COMODO RSA Domain Validation Secure Server CA	`2018-08-09` - `2020-08-24`	2 years	crt.sh
*.mediavoice.com DigiCert SHA2 Secure Server CA	`2018-04-07` - `2019-04-07`	a year	crt.sh
*.accelerator.arsdev.net Amazon	`2018-08-14` - `2019-09-14`	a year	crt.sh
www.google.de Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.outbrainimg.com DigiCert ECC Secure Server CA	`2018-04-25` - `2019-04-25`	a year	crt.sh
*.evidon.com DigiCert ECC Secure Server CA	`2018-02-02` - `2019-04-02`	a year	crt.sh
*.config.parsely.com Amazon	`2018-03-27` - `2019-04-27`	a year	crt.sh
ssl446800.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-10-26` - `2019-05-04`	6 months	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-12-03` - `2019-09-07`	9 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2018-12-12` - `2019-12-10`	a year	crt.sh
api.skimlinks.mgr.consensu.org DigiCert SHA2 Secure Server CA	`2018-08-15` - `2019-10-23`	a year	crt.sh
l.betrad.com Go Daddy Secure Certificate Authority - G2	`2017-04-25` - `2019-06-24`	2 years	crt.sh
tpc.googlesyndication.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
ssl962736.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-12-19` - `2019-12-11`	a year	crt.sh
moatads.com DigiCert ECC Secure Server CA	`2018-11-10` - `2020-02-09`	a year	crt.sh
ssl887612.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-05-18` - `2019-04-19`	a year	crt.sh
ssl880796.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-03-29` - `2019-03-21`	a year	crt.sh
*.pixel.parsely.com Amazon	`2018-03-27` - `2019-04-27`	a year	crt.sh
*.bounceexchange.com Amazon	`2018-08-21` - `2019-09-21`	a year	crt.sh
*.criteo.net DigiCert SHA2 Secure Server CA	`2018-11-08` - `2019-12-19`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2017-02-15` - `2019-04-19`	2 years	crt.sh
*.rkdms.com Entrust Certification Authority - L1K	`2017-10-09` - `2020-10-30`	3 years	crt.sh
*.rlcdn.com Go Daddy Secure Certificate Authority - G2	`2017-05-08` - `2019-06-21`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2016-01-12` - `2019-03-01`	3 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 High Assurance Server CA	`2018-05-22` - `2020-05-26`	2 years	crt.sh
*.criteo.com DigiCert SHA2 Secure Server CA	`2018-11-05` - `2020-01-03`	a year	crt.sh
*.doubleclick.net Google Internet Authority G3	`2018-12-19` - `2019-03-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
sstats.arstechnica.com DigiCert SHA2 High Assurance Server CA	`2018-02-06` - `2019-05-02`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Frame ID: 3F9E7B98628473CAE5A3CF063186CC83
Requests: 223 HTTP requests in this frame

Frame: https://condenast.demdex.net/dest5.html?d_nsid=0
Frame ID: AAB91AEF9DE6B3DF336494E9F8C78242
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: B4152A44059BD7E00E517682E3E1A54D
Requests: 28 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Frame ID: C18A54B6AF1689E85946B12E6FCDA3B5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Frame ID: 9E6AAA1F8230A2A2E9B58F248C1C7CBC
Requests: 1 HTTP requests in this frame

Frame: https://static.polarcdn.com/creative/creative.js
Frame ID: 1B57299F331E6F587F8B8B06C62205AA
Requests: 12 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame10.min.html
Frame ID: E7A9B408028D871BD6675BB18F15CCA4
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.272.0_en.html
Frame ID: 1A93452915FCEEFBB03A5FB7599A31AB
Requests: 1 HTTP requests in this frame

Frame: https://condenast.demdex.net/dest4.html?d_nsid=0
Frame ID: 0943C3B2FE1C76CFB6402A41F41F433A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Frame ID: A8B9636DEB023537AFCDF4C3BB82731A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Frame ID: 4B1AF93BE06245904F08CFC92BD666F7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Bounce Exchange (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

env /^bouncex$/i

Criteo (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^criteo/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
env /^google_ad_/i
env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^googletag$/i
env /^google_tag_manager$/i

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^moment$/i

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

env /^(?:OutbrainPermaLink|OB_releaseVer)$/i

Parse.ly (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^PARSELY$/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^quantserve$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^s_(?:account|objectID|code|INST)$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

255
Requests

98 %
HTTPS

23 %
IPv6

49
Domains

77
Subdomains

79
IPs

6
Countries

3941 kB
Transfer

8719 kB
Size

17
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: http://video.arstechnica.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://cdn.arstechnica.net/wp-content/uploads/2018/10/GettyImages-981636794.jpg
Title: Enlarge

Search URL Search Domain Scan URL

URL: https://www.gettyimages.com/search/photographer?family=editorial&photographer=picture%20alliance&sort=mostpopular#license
Title: Lino Mirgeler/picture alliance via Getty Images

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Farstechnica.com%2F%3Fpost_type%3Dpost%26p%3D1441853
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Eight+months+after+discovery%2C+unkillable+LoJax+rootkit+campaign+remains+active&url=https%3A%2F%2Farstechnica.com%2F%3Fpost_type%3Dpost%26p%3D1441853
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Farstechnica.com%2F%3Fpost_type%3Dpost%26p%3D1441853&title=Eight+months+after+discovery%2C+unkillable+LoJax+rootkit+campaign+remains+active
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Title: bombshell report

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
Title: researchers from Eset documented LoJax samples

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Serial_Peripheral_Interface_Bus
Title: Serial Peripheral Interface

Search URL Search Domain Scan URL

URL: http://asert.arbornetworks.com/lojax-fancy-since-2016
Title: back with new research

Search URL Search Domain Scan URL

URL: https://www.ncsc.gov.uk/content/files/protected_files/article_files/NCSC_APT28%20v6.pdf
Title: research published in October

Search URL Search Domain Scan URL

URL: https://pitchfork.com/features/sponsor-content/pillow-talk-podcast-series/?utm_campaign=paid-spon-cb2&utm_medium=nativetile&utm_source=polar&utm_brand=p4k&intcid=polar

Search URL Search Domain Scan URL

URL: https://www.twitter.com/dangoodin001
Title: @dangoodin001

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/the-art-of-glen-schofield
Title: The artistic mind of Glen Schofield

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/war-stories-dead-space-the-drag-tentacle
Title: War Stories | Dead Space: The drag tentacle

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/how-does-that-work-rising-sea-levels
Title: How Does That Work?: Rising sea levels

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/hybrid-options-for-us-s-next-top-fighter
Title: Hybrid Options for US's Next Top Fighter

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/aliens-versus-predator-war-stories
Title: War Stories | Aliens versus Predator: The 11th hour decision

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/teach-the-controversy-flat-earthers
Title: Teach the Controversy: Flat Earthers

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/star-control-war-stories
Title: War Stories | Star Control: Science non-fiction

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/how-does-that-work-large-hadron-collider
Title: How Does That Work?: The Large Hadron Collider

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/war-stories-serious-sam
Title: War Stories | Serious Sam: Saved by a vertical slice

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-gets-a-crucial-green-light
Title: Delta V: The Burgeoning World of Small Rockets, Paul Allen's Huge Plane, and SpaceX Gets a Crucial Green-light

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/chris-hadfield-explains-his-space-oddity-video
Title: Chris Hadfield explains his 'Space Oddity' video

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/apollo-the-greatest-leap-episode-1-risk
Title: The Greatest Leap, Episode 1: Risk

Search URL Search Domain Scan URL

URL: http://video.arstechnica.com/watch/war-stories-ultima-online-the-virtual-ecology
Title: War Stories | Ultima Online: The virtual ecology

Search URL Search Domain Scan URL

URL: https://video.arstechnica.com/
Title: More videos

Search URL Search Domain Scan URL

URL: http://www.outbrain.com/what-is/default/en
Title: Powered by

Search URL Search Domain Scan URL

URL: http://click.clickntrax.com/384fba9c-30c4-4340-b643-28cce2fb4493?source=$origsrcid$&ADID=Place-Here&sectionid=$section_id$&sectionname=$section_name$&publisherid=$publisher_id$&publishername=$publisher_name$&adtitle=Top+10+Mac+Antivirus+-+Do+Mac+Users+Really+Need+Protection%3F
Title: Top 10 Mac Antivirus - Do Mac Users Really Need Protection?My Antivirus Review

Search URL Search Domain Scan URL

URL: http://clickit.atrrat.com/ea675cf8-b379-4127-9ab7-06a7ff3264d9?source=$origsrcid$&ADID=Place-Here&sectionid=$section_id$&sectionname=$section_name$&publisherid=$publisher_id$&publishername=$publisher_name$&adtitle=Top+10+Mac+Antivirus+2019+-+Who%27s+Raked+%231%3F
Title: Top 10 Mac Antivirus 2019 - Who's Raked #1?My Antivirus Review

Search URL Search Domain Scan URL

URL: http://clickit.atrrat.com/e4eaed76-8201-435d-b4b0-c2d50ea3ea20?source=$origsrcid$&ADID=Place-Here&sectionid=$section_id$&sectionname=$section_name$&publisherid=$publisher_id$&publishername=$publisher_name$&adtitle=Top+10+Antivirus+For+Mac+Users.+%231+Is+Free.+%282019%29
Title: Top 10 Antivirus For Mac Users. #1 Is Free. (2019)My AntiVirus Review

Search URL Search Domain Scan URL

URL: https://www.quora.com/Why-should-I-use-DuckDuckGo-instead-of-Google/answer/Gabriel-Weinberg
Title: Think Google is showing you biased results? You're right!Quora

Search URL Search Domain Scan URL

URL: https://r.securefunnel.io/0f7542ef-e770-499b-93d7-e96153ecd36a?pub=$origsrcid$&ad=008668a5b1854c7ca6efa92fe90a1b76c7&section_id=$section_id$&section_name=$section_name$&publisherid=$publisher_id$&publishername=$publisher_name$&adtitle=25+Insanely+Cool+Products+From+America+Finally+in+%24%7Bcountry%7D%24&geo={geo}
Title: 25 Insanely Cool Products From America Finally in GermanyNext Tech

Search URL Search Domain Scan URL

URL: https://www.hyper-tech.co/zshde-lp?utm_source=outbrain&utm_medium=$section_id$&utm_content=Warum+dieser+neue+Erfolgsduschkopf+so+besonders+ist&utm_campaign=ob_zsh_de_des_003
Title: Warum dieser neue Erfolgsduschkopf so besonders istHyper Tech

Search URL Search Domain Scan URL

URL: http://condenast.com/

Search URL Search Domain Scan URL

URL: https://www.condenast.com/user-agreement/
Title: User Agreement

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/
Title: Privacy Policy and Cookie Statement

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/#california
Title: Your California Privacy Rights

Search URL Search Domain Scan URL

URL: https://www.condenast.com/online-behavioral-advertising-oba-and-how-to-opt-out-of-oba/#clickheretoreadmoreaboutonlinebehavioraladvertising(oba)
Title: Ad Choices

Search URL Search Domain Scan URL

URL: https://www.condenast.com/privacy-policy/#privacypolicy
Title: Privacy Policy (updated 5/25/18)

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://sb.scorecardresearch.com/b?c1=2&c2=6035094&ns__t=1547690459034&ns_c=UTF-8&c8=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%20Technica&c7=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1547690459034&ns_c=UTF-8&c8=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%20Technica&c7=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c9=

Request Chain 47

https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290

Request Chain 49

https://r.skimresources.com/api/?callback=skimlinksBeaconCallback&data=%7B%22pubcode%22%3A%22100098X1555750%22%2C%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%2C%22domains%22%3A%5B%22cdn.arstechnica.net%22%2C%22gettyimages.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22reddit.com%22%2C%22asert.arbornetworks.com%22%2C%22welivesecurity.com%22%2C%22en.wikipedia.org%22%2C%22ncsc.gov.uk%22%2C%22outbrain.com%22%2C%22condenast.com%22%5D%7D HTTP 302
https://r.skimresources.com/api/?callback=skimlinksBeaconCallback&persistence=1&xguid=01D1CRMKC4ECZZ0Z7VNTSP9KB3&data=%7B%22pubcode%22%3A%22100098X1555750%22%2C%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%2C%22domains%22%3A%5B%22cdn.arstechnica.net%22%2C%22gettyimages.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22reddit.com%22%2C%22asert.arbornetworks.com%22%2C%22welivesecurity.com%22%2C%22en.wikipedia.org%22%2C%22ncsc.gov.uk%22%2C%22outbrain.com%22%2C%22condenast.com%22%5D%7D&checksum=a3830583b98b1030de51b94a4c34b4823a7b24c880458ddd3f3b936ee736836d

Request Chain 67

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&gjid=1413079677&_gid=671833167.1547690459&_u=aGBAgUAjAAQC~&z=616511879 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&_v=j72&z=616511879 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&_v=j72&z=616511879&slf_rd=1&random=1014574165

Request Chain 80

https://cm.everesttech.net/cm/dd?d_uuid=86273593532673725160051117907126153217 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XD-h4AAADy35-BKk HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=XD-h4AAADy35-BKk

Request Chain 174

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG

Request Chain 175

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH

Request Chain 180

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1

Request Chain 181

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl

Request Chain 220

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH

Request Chain 221

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1

Request Chain 222

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl

Request Chain 236

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W

Request Chain 237

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb

Request Chain 245

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK

Request Chain 246

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU

Request Chain 247

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU

Request Chain 248

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb

Request Chain 249

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W

Request Chain 250

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK

Request Chain 268

https://condenast.demdex.net/event?d_nsid=0&d_ld=_ts%3D1547690489494&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690489494&c_pageName=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_channel=Biz%20%26amp%3B%20IT&c_events=event2%2Cevent28&c_eVar2=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_prop3=D%3Dv3&c_eVar3=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&c_prop4=D%3Dv4&c_eVar4=1441853&c_prop5=D%3Dv5&c_eVar5=report&c_prop6=D%3Dv6&c_eVar6=Biz%20%26amp%3B%20IT&c_prop7=D%3Dv7&c_eVar7=Biz%20%26amp%3B%20IT%2Fundefined&c_prop11=D%3Dv11&c_eVar11=9%3A01%20PM%7CWednesday&c_prop16=not%20logged%20in&c_eVar16=not%20logged%20in&c_prop17=1&c_eVar17=1&c_prop23=D%3Dv23&c_eVar23=New&c_prop32=D%3Dv32&c_eVar32=1&c_prop44=D%3Dv44&c_eVar44=null&c_prop50=fancy-bear%7Clojax%7Cmalware%7Crootkits%7Cuefi%7Ctype%3A%20report&c_prop51=D%3Dv51&c_eVar51=desktop%20layout%3A1600x1200&c_prop55=D%3Dv55&c_eVar55=Dan%20Goodin&c_prop56=D%3Dv56&c_eVar56=0.9&c_prop60=D%3Dv60&c_eVar60=939&c_prop61=D%3Dv61&c_eVar61=12h%7C0d&c_prop62=D%3Dv62&c_eVar62=2019-01-16T14%3A00%3A15%2B00%3A00&c_prop65=D%3Dv65&c_eVar65=null HTTP 302
https://condenast.demdex.net/firstevent?d_nsid=0&d_ld=_ts%3D1547690489494&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690489494&c_pageName=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_channel=Biz%20%26amp%3B%20IT&c_events=event2%2Cevent28&c_eVar2=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_prop3=D%3Dv3&c_eVar3=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&c_prop4=D%3Dv4&c_eVar4=1441853&c_prop5=D%3Dv5&c_eVar5=report&c_prop6=D%3Dv6&c_eVar6=Biz%20%26amp%3B%20IT&c_prop7=D%3Dv7&c_eVar7=Biz%20%26amp%3B%20IT%2Fundefined&c_prop11=D%3Dv11&c_eVar11=9%3A01%20PM%7CWednesday&c_prop16=not%20logged%20in&c_eVar16=not%20logged%20in&c_prop17=1&c_eVar17=1&c_prop23=D%3Dv23&c_eVar23=New&c_prop32=D%3Dv32&c_eVar32=1&c_prop44=D%3Dv44&c_eVar44=null&c_prop50=fancy-bear%7Clojax%7Cmalware%7Crootkits%7Cuefi%7Ctype%3A%20report&c_prop51=D%3Dv51&c_eVar51=desktop%20layout%3A1600x1200&c_prop55=D%3Dv55&c_eVar55=Dan%20Goodin&c_prop56=D%3Dv56&c_eVar56=0.9&c_prop60=D%3Dv60&c_eVar60=939&c_prop61=D%3Dv61&c_eVar61=12h%7C0d&c_prop62=D%3Dv62&c_eVar62=2019-01-16T14%3A00%3A15%2B00%3A00&c_prop65=D%3Dv65&c_eVar65=null

255 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/ 44 KB
15 KB 450ms
211ms Document
text/html 50.31.169.131
Server Central Ne...

General

Check archive.org

Show headers Download Go to

Full URL

https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.31.169.131 Chicago, United States, ASN23352 (SERVERCENTRAL - Server Central Network, US),

Reverse DNS

ge-11-2-1.ar10.ord6.us.scnet.net

Software

nginx /

Resource Hash

98186ed9ee6944352823743af3481b0095fa6e25ad29f23bccc50a1b67988967

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: arstechnica.com
:scheme: https
:path: /information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: nginx
date: Thu, 17 Jan 2019 02:00:58 GMT
content-type: text/html; charset=UTF-8
link: <https://arstechnica.com/wp-json/>; rel="https://api.w.org/"
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
x-ars-server: web210
content-encoding: gzip

GET
H2 200 main-3618ab6f60.css
cdn.arstechnica.net/wp-content/themes/ars/assets/css/ 327 KB
68 KB 70ms
8ms Stylesheet
text/css 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1ddd5ed00374c63990260393f10557f09cf19b45fea3775104bde8c9a2b0513d

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 69565
x-cf-tsc: 1547227855
x-cf2: H
last-modified: Fri, 11 Jan 2019 17:27:43 GMT
server: CFS 0215
x-cff: B
etag: W/"5c38d20f-51d6e"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 9
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 GettyImages-981636794-800x533.jpg
cdn.arstechnica.net/wp-content/uploads/2018/10/ 63 KB
64 KB 105ms
44ms Image
image/jpeg 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2018/10/GettyImages-981636794-800x533.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: ea9238b0e0b45fbcc34a2f202ebcd403d4b7b71ffeb75ca6157c3e8533e4c563

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 64795
x-cf-tsc: 1547647332
x-cf2: H
last-modified: Tue, 16 Oct 2018 18:09:32 GMT
server: CFS 0215
x-cff: B
etag: "5bc6295c-fd1b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 2
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 main-4d3fd07e48.js Show response
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 634 KB
208 KB 85ms
25ms Script
application/javascript 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-4d3fd07e48.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 47174171706551047d2fe5421d41c10f9682647ba8127a743f3e3a0d7354193f

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 212402
x-cf-tsc: 1546554028
x-cf2: H
last-modified: Thu, 03 Jan 2019 22:18:44 GMT
server: CFS 0215
x-cff: B
etag: W/"5c2e8a44-9e709"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 4
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 ars-14c34c0ed5.ads.us.js Show response
cdn.arstechnica.net/wp-content/themes/ars/assets/js/ 2 KB
1 KB 12ms
10ms Script
application/javascript 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/ars-14c34c0ed5.ads.us.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 9c5cf88831dd2b9b958a1503b69819bf66b56a1ef5e20f2f8a7df81a4ecf25c6

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
content-encoding: gzip
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1527178109:cacheN.fra2-01:H
status: 200
content-length: 799
x-cf-tsc: 1546504786
x-cf2: H
last-modified: Wed, 02 Jan 2019 16:11:49 GMT
server: CFS 0215
x-cff: B
etag: W/"5c2ce2c5-66b"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 21503
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H/1.1 200
OK satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js Show response
assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/ 104 KB
34 KB 302ms
15ms Script
application/x-javascript 2.21.37.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.83 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-83.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 64230599a9383ecbe698e348ca55b33096869b8b8ffd6a8923918488629f325c

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Nov 2018 21:18:16 GMT
Server: Apache
ETag: "47f40c9097e79b869a19e7c5cd70e4e8:1541625496"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *, *
Content-Length: 34596
Expires: Thu, 17 Jan 2019 03:00:59 GMT

GET
H2 200 100098X1555750.skimlinks.js Show response
s.skimresources.com/js/ 36 KB
14 KB 77ms
18ms Script
application/octet-stream 151.139.128.10
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233c486bc0555e60b4510ec7a86ae7a5081d972db2b842628e002ee6700c48d9

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
content-encoding: gzip
last-modified: Mon, 12 Nov 2018 15:04:54 GMT
server: AmazonS3
x-amz-request-id: BDB0A7219FB0DA07
etag: "eda9ac50219f76603f2f25464f5ac620"
x-hw: 1547690458.cds020.pa1.hn,1547690458.cds024.pa1.c
content-type: application/octet-stream
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 13758
x-amz-id-2: jxqtJ6LaovIIyoSV8j1woTCZ4tLjG9U5K/V2Ev9eRWM8Q4K78aRDLtCpS4ir42JgI+NQWEQ/+k4=

GET
H2 200 services.min.js Show response
cdn.arstechnica.net/cns/ 150 KB
44 KB 10ms
8ms Script
text/javascript 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 823eeb34c26c31ea20a8719fa789b9f1020cff75a0d6f1d7c9d504fe416a0017

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
content-encoding: gzip
x-cf3: H
x-amz-request-id: 731CBD589F747E21
x-cf1: 14961:fD.fra2:co:1544719051:cacheN.fra2-01:H
status: 200
content-length: 44026
x-amz-id-2: H35zkxaLrf+QslzkT3sL/ln7M3lWt5A4xZIpBDUWJYxCn94Vrk2xDQklzrBbBAselsPZdW+YUKI=
x-served-by: cache-mdw17374-MDW
cf4ttl: 43200.000
x-cf2: H
last-modified: Thu, 13 Dec 2018 15:42:02 GMT
server: CFS 0215
x-timer: S1544719054.370437,VS0,VE62
x-cff: B
etag: "4fbdab11caa65f97eaabd3f0eda4e3c5"
vary: Accept-Encoding
x-amz-version-id: kgYGkBqPutM0XGjc4__NJvSdg.OeWJBz
access-control-allow-origin: *
expires: Thu, 14 Mar 2019 02:00:58 GMT
cache-control: max-age=4838400
cf4age: 2
accept-ranges: bytes
content-type: text/javascript
x-cf-tsc: 1544719057
x-cache-hits: 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 172 KB
43 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:81d::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

7cff63e25366e60caa22f6880ef7655a373c4b2d8e7d53ecc8d6cec0d31b5ff4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 43921
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:00:58 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 357 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 economica-bold-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 25 KB
25 KB 86ms
15ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-bold-otf-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 25592
x-cf-tsc: 1537803271
x-cf2: H
last-modified: Thu, 20 Sep 2018 18:33:06 GMT
server: CFS 0215
x-cff: B
etag: "5ba3e7e2-63f8"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 4383
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 economica-regular-otf-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 24 KB
24 KB 78ms
7ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/economica-regular-otf-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 24264
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-5ec8"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 23091
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
DATA 200
OK truncated
/ 279 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ecbfb541946a9a9437190a21d98e1c7ab7d863837d7d038a9a1e053c649c8ba

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 400 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 700 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ab499494548829e507e9b6cd57247a6cd565e7f1bc6eb55e3da445af76f1f0c

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49282a74c6ced31e99f808232188ade8d82652004df4d664dcdb98c32563dd39

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 841 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 039f13cdf684666dd973e2385f773385adb074039e8a832ec48e1ae35fb20c15

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 GettyImages-866419132-360x200.jpg
cdn.arstechnica.net/wp-content/uploads/2018/10/ 21 KB
22 KB 10ms
9ms Image
image/jpeg 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2018/10/GettyImages-866419132-360x200.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d21522bb3cf6769f780c7ef0030ce5b4764e6dfbcdaf1045bd483a5c4b06745e

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 21906
x-cf-tsc: 1547647333
x-cf2: H
last-modified: Tue, 02 Oct 2018 03:08:44 GMT
server: CFS 0215
x-cff: B
etag: "5bb2e13c-5592"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 2
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 Dang.jpg
cdn.arstechnica.net/wp-content/uploads/2018/10/ 90 KB
91 KB 10ms
10ms Image
image/jpeg 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/uploads/2018/10/Dang.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 92486
x-cf-tsc: 1546831276
x-cf2: H
last-modified: Mon, 08 Oct 2018 19:35:22 GMT
server: CFS 0215
x-cff: B
etag: "5bbbb17a-16946"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 27374
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 channel-ars-be7bb52ba9.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 5 KB
5 KB 15ms
15ms Image
image/png 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/channel-ars-be7bb52ba9.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: M
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 4809
x-cf-tsc: 1530907000
x-cf2: H
last-modified: Fri, 06 Jul 2018 19:55:30 GMT
server: CFS 0215
x-cff: B
etag: "5b3fc932-12c9"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 0
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7f2558d7005dc61e343b6abb61a63da8ace760a0fdd45cb0cc124b0de5b4c2f

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 opensans-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 18 KB
19 KB 71ms
30ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-regular-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 18824
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-4988"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 23091
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 bitter-italic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 24 KB
24 KB 78ms
38ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-italic-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 24212
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-5e94"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 23091
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 bitter-regular-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 22 KB
23 KB 63ms
23ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-regular-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 22872
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-5958"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 23091
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 opensans-semibold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 19 KB
19 KB 71ms
31ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibold-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 18972
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-4a1c"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 38972
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 opensans-semibolditalic-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 20 KB
21 KB 62ms
22ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-semibolditalic-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 59201950b83489808587827b4050ffe0597992825daa88c227476cdbbf8ca282

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 20872
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-5188"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 34017
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 opensans-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 19 KB
19 KB 76ms
37ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/opensans-bold-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 19516
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-4c3c"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 38972
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H2 200 bitter-bold-webfont.woff2
cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/ 22 KB
22 KB 71ms
32ms Font
application/octet-stream 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/fonts/bitter-bold-webfont.woff2
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:00:58 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 22104
x-cf-tsc: 1530891431
x-cf2: H
last-modified: Tue, 03 Jul 2018 20:25:31 GMT
server: CFS 0215
x-cff: B
etag: "5b3bdbbb-5658"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 23075
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:58 GMT

GET
H/1.1 200
OK sparrow.min.js Show response
pixel.condenastdigital.com/ 38 KB
14 KB 57ms
7ms Script
application/javascript 151.101.0.239
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.condenastdigital.com/sparrow.min.js
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.239 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6f46a2a5192d94d5ffc83b9e3eaaf59d2c2b66318e2bc2402445e9f7e01aeaa

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Content-Encoding: gzip
Age: 126519
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 10692
Connection: keep-alive
Content-Length: 13140
x-amz-id-2: zCNAGG8sADNVe6sVWyRJBqBRyQUSn1uVXAsV4WQ8qu1KJSDkYFH56KsRiRjZecyIpPXAVZmpdHQ=
X-Served-By: cache-iad2147-IAD, cache-hhn1536-HHN
Last-Modified: Tue, 08 Jan 2019 14:53:30 GMT
Server: AmazonS3
X-Timer: S1547690459.036185,VS0,VE0
ETag: "aba687548ee8d739ce1aa24ae9995c5b"
Vary: Accept-Encoding
x-amz-request-id: EFF3535D7696A12F
Access-Control-Allow-Origin: *
Cache-Control: no-cache, public, max-age=604800
Accept-Ranges: bytes
Content-Type: application/javascript
Expires: Tue, 08 Jan 2019 20:53:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 2796
date: Thu, 17 Jan 2019 01:14:23 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17404
expires: Thu, 17 Jan 2019 03:14:23 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 12 KB
6 KB 309ms
7ms Script
application/x-javascript 18.195.154.247
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.154.247 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-154-247.eu-central-1.compute.amazonaws.com
Software: QS /
Resource Hash: 404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17-Jan-2019 02:00:59 GMT
Server: QS
ETag: M0-e2b9884a
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5456
Expires: Thu, 24 Jan 2019 02:00:59 GMT

GET
H/1.1 200
OK PageName=information%20technology,SiteID=Ars%20Technica,CampaignID=1802C,Channel=website,CreativeID=undefined Show response
d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzI4NTk1MjExL3QvMA/kv/ 253 B
698 B 1349ms
32ms Script
text/javascript 46.228.164.13
TURN

General

Check archive.org

Show headers Download Go to

Full URL: https://d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzI4NTk1MjExL3QvMA/kv/PageName=information%20technology,SiteID=Ars%20Technica,CampaignID=1802C,Channel=website,CreativeID=undefined
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.228.164.13 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e8065fa379843903255c4917847250cd54dc9708c98c94c9f086cec33cfe555a

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:00:59 GMT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=UTF-8
Content-Length: 253
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 200
OK spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 112 KB
41 KB 3304ms
8ms Script
text/javascript 184.31.90.127
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.90.127 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-90-127.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7151495ab00af9e216a26700f87cbd461c91b119a6bb9c903cae0ae0e91f3baf

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Nov 2018 18:39:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=600, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41467
Expires: Thu, 17 Jan 2019 02:11:02 GMT

GET
H2 200 i.js Show response
tag.bounceexchange.com/2806/ 15 KB
6 KB 7072ms
15ms Script
text/plain 35.190.92.63
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/2806/i.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.92.63 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 63.92.190.35.bc.googleusercontent.com
Software: fasthttp /
Resource Hash: d70db447120036dadf47dceee0a152a8ec743c408cc16f107e03e84aae9adfa1

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
server: fasthttp
etag: 67401a5cd75a69
content-type: text/plain; charset=utf-8
status: 200
cache-control: no-cache, must-revalidate
x-region: europe-west3
alt-svc: clear
content-length: 5813
via: 1.1 google

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6035094&ns__t=1547690459034&ns_c=UTF-8&c8=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%2...
https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1547690459034&ns_c=UTF-8&c8=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%...

0
248 B

22ms
21ms

Image
text/plain

104.111.214.103
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1547690459034&ns_c=UTF-8&c8=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%20Technica&c7=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c9=
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-214-103.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:14 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1547690459034&ns_c=UTF-8&c8=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%20Technica&c7=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c9=
Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:14 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
932 B 6ms
6ms Script
text/javascript 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 01:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 3140
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 856
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:08:39 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
435 B 49ms
14ms XHR
application/json 2a00:1450:4001:817::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK outbrain.js Show response
widgets.outbrain.com/ 103 KB
37 KB 78ms
41ms Script
application/x-javascript 2.21.37.220
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js?_=1547690459178
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-4d3fd07e48.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.220 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-220.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: afd7f745317772a647ce57a48fbf5e8eed6ccc5f08a490f5ad0f97f69c2ddb42

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Jan 2019 14:05:36 GMT
Server: Apache
ETag: "0db020249fb8309a9f90cb01d209c909:1547647536"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,POST
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 36883

GET
H/1.1 200
OK video_groups Show response
api.cnevids.com/v1/ 4 KB
1 KB 1477ms
111ms XHR
application/json 35.153.9.60
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cnevids.com/v1/video_groups?filters={%22channel_key%22:%22arstechnica%22}&pagesize=20&endpoint=oo.arstechnica

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-4d3fd07e48.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.153.9.60 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-153-9-60.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

c89fd7013fef2a7d6f861b111aa5266259ef2bf10633fba2cdb833ffb95d5b08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/*
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Status: 200 OK
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 651
X-XSS-Protection: 1; mode=block
X-Request-Id: 6f12ce66-e21a-462c-80fb-e802813f8ce4
X-Runtime: 0.002520
X-Backend-Node: 10.110.121.175
Server: nginx/1.12.1
X-Frame-Options: SAMEORIGIN
ETag: W/"62446aea7651d9ef7d223bae550deae9"
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/ 6 KB
3 KB 51ms
8ms Script
application/x-javascript 143.204.98.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.215 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-215.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 725913eab3460e2955a8ac4ec176f902c7d8d2db60757248b735cbf8698b0749

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: public
Date: Wed, 16 Jan 2019 17:23:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Mar 2014 00:45:07 GMT
Server: nginx
Age: 31034
ETag: "53191693-19c1"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
Connection: keep-alive
X-Amz-Cf-Id: ab3zXzdKcOzlQ--SFQoR5sy5XvLV7InYN7s3ijzcqhAfOboDV_bBMA==
Expires: Thu, 17 Jan 2019 17:23:45 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
364 B 101ms
58ms XHR
application/json 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK / Show response
infinityid.condenastdigital.com/ 36 B
1 KB 21572ms
112ms XHR
text/plain 52.1.121.7
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://infinityid.condenastdigital.com/?rand=1547690459245
Requested by: Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.121.7 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-1-121-7.compute-1.amazonaws.com
Software: nginx/1.15.3 /
Resource Hash: 8a3bec1cf2bc7aa6b7950ee0cd4e325110ccae788675ea67e1c5a6bce849f6d8

Request headers

Accept: text/plain
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:20 GMT
content-encoding: gzip
Server: nginx/1.15.3
vary: origin,accept-encoding
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 56

GET
H/1.1 200
OK content Show response
4d.condenastdigital.com/ 4 KB
2 KB 1671ms
107ms XHR
application/json 54.144.146.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://4d.condenastdigital.com/content?url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F
Requested by: Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.146.119 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-144-146-119.compute-1.amazonaws.com
Software: /
Resource Hash: 6bcd779f2259b0bb45f76be835d7e4097167a09b18f39bf4ead1e2d1b64150db

Request headers

Accept: text/plain
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:00 GMT
content-encoding: gzip
transfer-encoding: chunked
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
Connection: keep-alive

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 6829ms
100ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A00%3A59.247Z&_t=library_sparrow&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a068bb25-f745-400d-b345-b291267a05ed&uNw=1&uUq=1&sID=ce203cc4-8825-4cf1-9030-ba78decf5bba&pID=5e4b856f-477d-4ec9-b04f-9ff1d8d11ad0&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&requestStart=684.2000000178814&requestEnd=753.3999979496002&init=950.1999989151955&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 6931ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A00%3A59.255Z&_t=loaded&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a068bb25-f745-400d-b345-b291267a05ed&sID=ce203cc4-8825-4cf1-9030-ba78decf5bba&pID=5e4b856f-477d-4ec9-b04f-9ff1d8d11ad0&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns&cns=2_25_5&feature_get_entries=true&feature_performance_now=true&cns_metrics=1_1_0&cns_metrics_sparrow=1_2_0&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290

0
-1 B

34ms
30ms

XHR

52.19.121.121
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.121.121 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-19-121-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Location: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290
X-TID: R6d9tWpsQ3o=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Access-Control-Allow-Origin: https://arstechnica.com
X-TID: R6d9tWpsQ3o=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK s-code-contents-566dcf5046f148f38d0aa32bf73df40db7ae7768.js Show response
assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/ 104 KB
31 KB 14ms
13ms Script
application/x-javascript 2.21.37.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/s-code-contents-566dcf5046f148f38d0aa32bf73df40db7ae7768.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.83 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-83.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9a425fc348afedf03100a9a5cccb756c1a00818d57e4a2bbb1c032111f0ac454

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 07 Nov 2018 21:18:16 GMT
Server: Apache
ETag: "ccc6d020b3575de11cd0e798e0463ccd:1541625496"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *, *, *
Content-Length: 31389
Expires: Thu, 17 Jan 2019 03:00:59 GMT

GET
H2

200

/ Show response
r.skimresources.com/api/
Redirect Chain

https://r.skimresources.com/api/?callback=skimlinksBeaconCallback&data=%7B%22pubcode%22%3A%22100098X1555750%22%2C%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2...
https://r.skimresources.com/api/?callback=skimlinksBeaconCallback&persistence=1&xguid=01D1CRMKC4ECZZ0Z7VNTSP9KB3&data=%7B%22pubcode%22%3A%22100098X1555750%22%2C%22page%22%3A%22https%3A%2F%2Farstech...

177 B
472 B

18ms
17ms

Script
application/javascript

35.190.59.101
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?callback=skimlinksBeaconCallback&persistence=1&xguid=01D1CRMKC4ECZZ0Z7VNTSP9KB3&data=%7B%22pubcode%22%3A%22100098X1555750%22%2C%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%2C%22domains%22%3A%5B%22cdn.arstechnica.net%22%2C%22gettyimages.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22reddit.com%22%2C%22asert.arbornetworks.com%22%2C%22welivesecurity.com%22%2C%22en.wikipedia.org%22%2C%22ncsc.gov.uk%22%2C%22outbrain.com%22%2C%22condenast.com%22%5D%7D&checksum=a3830583b98b1030de51b94a4c34b4823a7b24c880458ddd3f3b936ee736836d

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

1cce57f8cec50d1c8a0e6ad9f50b8b49d4803e0ad0c08e7b0443d92181bc2987

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:02 GMT
via: 1.1 google
x-content-type-options: nosniff
server: openresty/1.11.2.5
access-control-allow-origin: https://arstechnica.com
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
access-control-allow-credentials: true
content-type: application/javascript
alt-svc: clear

Redirect headers

date: Thu, 17 Jan 2019 02:01:02 GMT
via: 1.1 google
server: openresty/1.11.2.5
access-control-allow-origin: https://arstechnica.com
location: //r.skimresources.com/api/?callback=skimlinksBeaconCallback&persistence=1&xguid=01D1CRMKC4ECZZ0Z7VNTSP9KB3&data=%7B%22pubcode%22%3A%22100098X1555750%22%2C%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%2C%22domains%22%3A%5B%22cdn.arstechnica.net%22%2C%22gettyimages.com%22%2C%22facebook.com%22%2C%22twitter.com%22%2C%22reddit.com%22%2C%22asert.arbornetworks.com%22%2C%22welivesecurity.com%22%2C%22en.wikipedia.org%22%2C%22ncsc.gov.uk%22%2C%22outbrain.com%22%2C%22condenast.com%22%5D%7D&checksum=a3830583b98b1030de51b94a4c34b4823a7b24c880458ddd3f3b936ee736836d
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 302
access-control-allow-credentials: true
content-type: text/html
alt-svc: clear
content-length: 167

GET
H2 200 px.gif
p.skimresources.com/ 43 B
493 B 37ms
19ms Image
image/gif 151.139.128.10
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=4.432916379695473
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
status: 200
x-guploader-uploadid: AEnB2UpFuJo-UrWeVowgIQqA3Xq6JPsbk5ud85qv4xIo7nKm7BvLtqGrBsAZnwNH0LdoiOBASuOVV51pz7ur140HLkkT7RSc6Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1547690459.cds020.pa1.hn,1547690459.cds008.pa1.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
107 B 24ms
19ms Image
image/gif 151.139.128.10
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=4.432916379695473
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
status: 200
x-guploader-uploadid: AEnB2UpFuJo-UrWeVowgIQqA3Xq6JPsbk5ud85qv4xIo7nKm7BvLtqGrBsAZnwNH0LdoiOBASuOVV51pz7ur140HLkkT7RSc6Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1547690459.cds020.pa1.hn,1547690459.cds008.pa1.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 29 KB
10 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:809::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e8c5a890ac0b0d498710076cfe38917b3cfdd4695ea386c0c499396e972e2e83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "54 / 47 of 1000 / last-modified: 1547657544"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 9786
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:00:59 GMT

GET
H/1.1 200
OK apstag.js Show response
c.amazon-adsystem.com/aax2/ 64 KB
19 KB 69ms
22ms Script
application/javascript 143.204.96.211
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.96.211 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-96-211.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 261cb1950ae859043e5a4f65fec3e77623b71bbfa3242d72180af0dc90bd551d

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 16 Jan 2019 16:37:16 GMT
Content-Encoding: gzip
Server: Server
Age: 33823
ETag: 759522e5ad5bf46eba5bd6f20b2e0bf2
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
Cache-Control: public, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: 2ENJFQNfaMnNf7akyJtt_5Z3M4mHB0LzjWhKZxfeqr55OSTDvBFh5w==

GET
H/1.1 200
OK arstechnica.js Show response
player.cnevids.com/interlude/ 107 KB
27 KB 1430ms
120ms Script
text/javascript 143.204.101.27
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/interlude/arstechnica.js

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.101.27 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-143-204-101-27.fra50.r.cloudfront.net

Software

nginx/1.14.1 /

Resource Hash

fc0ceb96776505afa5d3741111785df694c7b99ae9c1407a2698a23548019151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 26906
X-XSS-Protection: 1; mode=block
X-Request-Id: 05f96bce-c293-48e4-a1a1-3e23c2c48401
X-Runtime: 0.011649
X-Backend-Node: 10.110.44.154
Server: nginx/1.14.1
ETag: W/"7d2be2779a40d440b4fc9e4e81a66dc3"
Vary: Origin,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: NZt7A7DhY16qP21KUQpVM-kycXFHqu89gfyYNKCj-WhGckahJGogyw==

GET
H/1.1 200
OK htw-condenast.js Show response
js-sec.indexww.com/ht/ 173 KB
38 KB 7069ms
8ms Script
text/javascript 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/htw-condenast.js
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7e3b9033f4ca4eb837497a36031a4c27e6905bd8a0554f81a43faaa63981ec1f

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:06 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jan 2019 01:40:30 GMT
Server: Apache
ETag: "761daf-2b41b-57f9d7aca3314"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2692
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 38322
Expires: Thu, 17 Jan 2019 02:45:58 GMT

GET
H/1.1 200
OK conde-nast Show response
segment-data.zqtk.net/ 669 B
940 B 138ms
28ms Script
application/javascript 52.30.183.205
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://segment-data.zqtk.net/conde-nast?url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.183.205 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-30-183-205.eu-west-1.compute.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: f3e97b6ec8eb0b68bf77cb4a2d510bf23d75f967a1476b5c9469be8d01aff146

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Last-Modified: Wed, 16 Jan 2019 14:01:49 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Content-Length: 669
Expires: Fri, 18 Jan 2019 14:01:49 GMT

GET
H/1.1 200
OK conde-asa-polar-master.js Show response
cdn.mediavoice.com/nativeads/script/condenastcorporate/ 5 KB
2 KB 50ms
7ms Script
text/javascript 2.19.33.231
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.33.231 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-33-231.deploy.static.akamaitechnologies.com
Software: gunicorn/0.17.2 /
Resource Hash: 030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:00:59 GMT
Content-Encoding: gzip
Server: gunicorn/0.17.2
Vary: Accept-Encoding
X-Varnish: 807294745 807294666
X-Country: DE
Cache-Control: max-age=13323
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 2018

GET
H2 200 https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F Show response
cdn.accelerator.arsdev.net/h/ 12 B
305 B 66ms
13ms Script
application/javascript 143.204.101.74
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.accelerator.arsdev.net/h/https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F?callback=arsData
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.74 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-74.fra50.r.cloudfront.net
Software: nginx/1.4.6 (Ubuntu) / PHP/5.5.9-1ubuntu4.9
Resource Hash: 18c4dfbdcbf664e92468c3a09814db7f114f9b393613e2cb077d81565d496f8d

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 01:57:49 GMT
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
server: nginx/1.4.6 (Ubuntu)
age: 289
x-powered-by: PHP/5.5.9-1ubuntu4.9
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=300, public
x-amz-cf-id: UWucqXgd-2LZjY4aZf6xOd2vRGQFKk8ZSaxlqBEyyubvFmYsu2yndA==

GET
H/1.1 200
OK content Show response
4d.condenastdigital.com/ 4 KB
2 KB 1687ms
110ms XHR
application/json 54.144.146.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://4d.condenastdigital.com/content?url=https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.146.119 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-144-146-119.compute-1.amazonaws.com
Software: /
Resource Hash: 6bcd779f2259b0bb45f76be835d7e4097167a09b18f39bf4ead1e2d1b64150db

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:00 GMT
content-encoding: gzip
transfer-encoding: chunked
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
Connection: keep-alive

GET
H/1.1 200
OK / Show response
infinityid.condenastdigital.com/ 36 B
1 KB 1458ms
107ms XHR
text/plain 54.158.240.160
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://infinityid.condenastdigital.com/?rand=1547690459318
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.158.240.160 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-158-240-160.compute-1.amazonaws.com
Software: nginx/1.15.3 /
Resource Hash: d8131a24804caf3a8c7465a840863f5cbfff594f082d52bf8250ed50d810f698

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:00 GMT
content-encoding: gzip
Server: nginx/1.15.3
vary: origin,accept-encoding
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
access-control-allow-credentials: true
Connection: keep-alive
transfer-encoding: chunked

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 6629ms
107ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A00%3A59.321Z&_t=library_service&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a068bb25-f745-400d-b345-b291267a05ed&sID=ce203cc4-8825-4cf1-9030-ba78decf5bba&pID=5e4b856f-477d-4ec9-b04f-9ff1d8d11ad0&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&init=682.499997317791&requestEnd=574.0999989211559&requestStart=560.199998319149&device=desktop&cns=2_25_5&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 6019ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A00%3A59.330Z&_t=page_created&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a068bb25-f745-400d-b345-b291267a05ed&sID=ce203cc4-8825-4cf1-9030-ba78decf5bba&pID=5e4b856f-477d-4ec9-b04f-9ff1d8d11ad0&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=426400&image_count=1&image_surface=426400&server=production&vp_height=1200&vp_width=1585&channel=information_technology&slots_count=6&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H2 200 yubikey-promo-2x-a2b77428d4.png
cdn.arstechnica.net/wp-content/themes/ars/assets/img/ 153 KB
153 KB 9ms
9ms Image
image/png 205.234.175.175
CacheNetworks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/img/yubikey-promo-2x-a2b77428d4.png
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-4d3fd07e48.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS - CacheNetworks, Inc., US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1f984105fa8d01eee607c197a2b918604aa4c0d608f1cbf8a0f15f6502d2318d

Request headers

Referer: https://cdn.arstechnica.net/wp-content/themes/ars/assets/css/main-3618ab6f60.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
x-cf3: H
cf4ttl: 43200.000
x-cf1: 14961:fD.fra2:co:1525808045:cacheN.fra2-01:H
status: 200
content-length: 156233
x-cf-tsc: 1538680937
x-cf2: H
last-modified: Thu, 04 Oct 2018 19:19:12 GMT
server: CFS 0215
x-cff: B
etag: "5bb667b0-26249"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=4838400
cf4age: 66
accept-ranges: bytes
expires: Thu, 14 Mar 2019 02:00:59 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ded8aafe08adcc23835de89f62fbee0b98184f32296c7679ab5b5a358f044f63

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 5 KB
2 KB 36ms
32ms XHR
application/json 52.19.121.121
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1547690459290
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.121.121 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-19-121-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e9194432efb90a588b018a79e23ff27cd08ee5eef4e641e453404cf75727f47d

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v014-050f2a749.edge-irl1.demdex.com 5.46.1.20190109131638 4ms
Pragma: no-cache
Content-Encoding: gzip
X-TID: 9ZZxgsV0QHQ=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1418
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
108 B 6ms
6ms Image
image/gif 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j72&a=1479152547&t=pageview&_s=1&dl=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&dr=%2F&dp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&ul=en-us&de=UTF-8&dt=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%20%7C%20Ars%20Technica&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAgUAjAAQC~&jid=857121935&gjid=1413079677&cid=562191446.1547690459&tid=UA-31997-1&_gid=671833167.1547690459&gtm=2wg170NLXNPCQ&cg1=article%7Creport&cg2=information-technology&cg3=information%20technology&cd1=GTM-NLXNPCQ&cd2=58&cd4=&cd6=Thu%20Jan%2017%202019%2002%3A00%3A59%20GMT%2B0000%20(Coordinated%20Universal%20Time)&cd7=1547690459004.lz6cmydt&cd8=0&cd9=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F67.0.3396.87%20Safari%2F537.36&cd10=English&cd11=desktop&cd12=0&cd13=Tag%20Name%3A%20GA%20-%20Pageview%20-%20Core%20Pageview%20-%20All%20Pages&cd20=none&cd25=Dan%20Goodin&cd26=1441853&cd27=939&cd28=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cd29=web&cd32=2019-01-16T14%3A00%3A15%2B00%3A00&cd34=2019-01-16T21%3A58%3A55%2B00%3A00&cd35=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cd36=web&cd43=Ars%20Technica&cd45=Adblock%20Enabled%20-%20false&cd62=https%3A%2F%2Farstechnica.com%2F%3Fp%3D1441853&cd63=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cd65=&cd72=1.0.0&cd92=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cd93=information%20technology&cd98=article%7Creport&cd103=&cd3=562191446.1547690459&z=1193129326

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Dec 2018 05:02:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2494685
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&gjid=1413079677&_gid=671833167.1547690459&_u=aGBAgUAjAAQC~&z=616511879
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&_v=j72&z=616511879
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&_v=j72&z=616511879&slf_rd=1&random=1014574165

42 B
109 B

18ms
18ms

Image
image/gif

2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&_v=j72&z=616511879&slf_rd=1&random=1014574165

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:806::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31997-1&cid=562191446.1547690459&jid=857121935&_v=j72&z=616511879&slf_rd=1&random=1014574165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-Jjy-Cyr1NZGRz.js Show response
rules.quantcount.com/ 4 KB
2 KB 79ms
16ms Script
application/x-javascript 2600:9000:20bb:dc00:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-Jjy-Cyr1NZGRz.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:dc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efdbd8582066a12cf45115f1e150d2a8de06bf6b14db3feca98b116efeb9e0bb

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 01:12:32 GMT
content-encoding: gzip
last-modified: Mon, 19 Mar 2018 22:18:17 GMT
server: AmazonS3
age: 2909
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-id: RXywVqHVV47LMYRgJyVG8oWB0ZspsMa0ROD6gJDngFHs6e4fLq_LZA==
via: 1.1 9f4017bef2e790d377578f1a7821f0ea.cloudfront.net (CloudFront)

GET
H/1.1 200
OK YXJzdGVjaG5pY2EuY29t Show response
tcheck.outbrainimg.com/tcheck/check/ 16 B
477 B 1046ms
8ms XHR
application/json 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://tcheck.outbrainimg.com/tcheck/check/YXJzdGVjaG5pY2EuY29t

Requested by

Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1547690459178

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-73.deploy.static.akamaitechnologies.com

Software

Resource Hash

929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Strict-Transport-Security: max-age=0; includeSubDomains;
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=12098
Date: Thu, 17 Jan 2019 02:01:00 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: false
Content-Length: 16
Expires: Thu, 17 Jan 2019 05:22:38 GMT

GET
H2 200 evidon-sitenotice-tag.js Show response
c.evidon.com/sitenotice/ 39 KB
10 KB 3057ms
7ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: fe1df624f15b85e885749a212f99e8016465c9d5049f8f39741b29b13bd06b28

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:03 GMT
content-encoding: gzip
last-modified: Wed, 19 Dec 2018 22:28:28 GMT
server: Apache
etag: "8018b4c8db48fe908f81a5068f6145c1:1545258509"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
content-length: 10414
expires: Fri, 18 Jan 2019 02:01:03 GMT

GET
H2 200 country.js Show response
c.evidon.com/geo/ 260 B
344 B 1621ms
14ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/country.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:03 GMT
content-encoding: gzip
last-modified: Wed, 30 May 2018 22:23:16 GMT
server: Apache
etag: "c1e367d098d326049811561575dbda4a:1527718996"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 165

GET
H2 200 snthemes.js Show response
c.evidon.com/sitenotice/4419/ 57 KB
3 KB 1359ms
14ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/4419/snthemes.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cfcdfbf144964c03b23e6e63abfeeeb923eedda0c421f6279bad5040ef5a3dd1

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:03 GMT
content-encoding: gzip
last-modified: Thu, 26 Jul 2018 15:49:16 GMT
server: Apache
etag: "4f337c9f26cb2f12ef4d5d50fc716fc2:1532620156"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
content-length: 3254
expires: Fri, 18 Jan 2019 02:01:03 GMT

GET
H2 200 settings.js Show response
c.evidon.com/sitenotice/4419/arstechnica/ 14 KB
2 KB 16ms
15ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/4419/arstechnica/settings.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f482356f61d552b7653d70d9dc728b7387bfe8e702ed2bf366b69f668cde6f9c

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:03 GMT
content-encoding: gzip
last-modified: Tue, 15 Jan 2019 18:42:02 GMT
server: Apache
etag: "e2fb7a2dcfeae8f7ff12687adace904f:1547577722"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
content-length: 1960
expires: Fri, 18 Jan 2019 02:01:03 GMT

GET
H/1.1 200
OK arstechnica.com Show response
srv-2019-01-17-02.config.parsely.com/config/ 387 B
805 B 660ms
99ms Script
text/javascript 52.6.60.254
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://srv-2019-01-17-02.config.parsely.com/config/arstechnica.com
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.6.60.254 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-6-60-254.compute-1.amazonaws.com
Software: / Express
Resource Hash: e1459731ddc9b4312b5f81413130606e03e46dc1d691382936e6b4682d06d173

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:04 GMT
Cache-Control: private, no-cache
Connection: keep-alive
X-Powered-By: Express
ETag: W/"183-EYbBnyQ/eQ8LAZ/TrSnVRA"
Content-Length: 387
Content-Type: text/javascript; charset=utf-8

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:824::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=arstechnica.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:821::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=arstechnica.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:00:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_287.js Show response
securepubads.g.doubleclick.net/gpt/ 184 KB
63 KB 42ms
42ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

9f45ff23beda15b136534fc1bfa236b26cc727e444b026815dedcb0f9e8ac9e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Jan 2019 18:15:14 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 64202
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:04 GMT

GET
H/1.1 200
OK Cookie set dest5.html
condenast.demdex.net/ Frame AAB9 0
0 155ms
30ms Document
text/html 34.250.76.236
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://condenast.demdex.net/dest5.html?d_nsid=0
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/satelliteLib-56a425e07376b6977c987d46ef46ba636a6e2036.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.76.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-250-76-236.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: condenast.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=86273593532673725160051117907126153217
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 09 Jan 2019 14:48:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=86273593532673725160051117907126153217;Path=/;Domain=.demdex.net;Expires=Tue, 16-Jul-2019 02:00:59 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: sxd5J464SKk=
Content-Length: 2764
Connection: keep-alive

GET id
sstats.arstechnica.com/ 0
0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=86273593532673725160051117907126153217
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XD-h4AAADy35-BKk
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=XD-h4AAADy35-BKk

42 B
769 B

32ms
32ms

Image
image/gif

52.19.121.121
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=XD-h4AAADy35-BKk
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.121.121 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-19-121-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v014-09e4fbf68.edge-irl1.demdex.com 5.46.1.20190109131638 2ms
Pragma: no-cache
X-TID: lygqtU38S98=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
X-TID: SZlMJ3wmR+U=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=XD-h4AAADy35-BKk
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 3031ms
8ms XHR
application/javascript 143.204.96.211
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.96.211 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-96-211.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d6f482982f8f1a1814e279ff50df4ccc301533ca9655e4d080d6b90ec69d69e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Wed, 16 Jan 2019 20:26:34 GMT
Content-Encoding: gzip
Vary: Origin
Age: 20069
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Access-Control-Allow-Origin: *
Last-Modified: Fri, 24 Aug 2018 07:13:51 GMT
Server: AmazonS3
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
Cache-Control: public, max-age=86400
X-Amz-Cf-Id: pgDVn6xS-WqGxJXhiM1cg0_LpKHp_mIxPSuWBkHu1V7WkzocM912aQ==

GET
H/1.1 200
OK plugin.js Show response
plugin.mediavoice.com/ 310 KB
116 KB 299ms
8ms Script
application/javascript 2.19.33.231
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://plugin.mediavoice.com/plugin.js
Requested by: Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.33.231 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-33-231.deploy.static.akamaitechnologies.com
Software: nginx/1.13.5 /
Resource Hash: dab9c2f282823b6544279f4638589fa886c4ced7688ec319f95477924b11e384

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:04 GMT
Content-Encoding: gzip
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 118250
Last-Modified: Mon, 07 Jan 2019 20:38:18 GMT
Server: nginx/1.13.5
ETag: W/"5c33b8ba-4d8fc"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS
X-Varnish: 1881195458 1880436557
Access-Control-Allow-Origin: *
Cache-Control: max-age=23879
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Thu, 17 Jan 2019 08:39:03 GMT

GET
H2 200 condenastcorporate Show response
polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/ 181 B
578 B 69ms
26ms XHR
application/json 2606:4700::6810:50ad
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/organization/condenastcorporate
Requested by: Host: cdn.mediavoice.com
URL: https://cdn.mediavoice.com/nativeads/script/condenastcorporate/conde-asa-polar-master.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bd131d59efb6aa6a2d98ce4af498a811c84f74148129e140ff5a76904ca9f74

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

timing-allow-origin: *
date: Thu, 17 Jan 2019 02:00:59 GMT
content-encoding: gzip
server: cloudflare
status: 200
etag: W/"4ed41fc03a3c3b67ac78af86ee19d7f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Country
cache-control: max-age=86400
x-country: DE
cf-ray: 49a53b3cda7dc2c9-FRA

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
299 B 451ms
109ms Script
application/json 64.74.236.19
Outbrain

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1547690459633&sessionId=c2538a21-9b3c-4d1a-e47a-c6681afeb1b9&url=arstechnica.com&cheqEvent=0&exitReason=2
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1547690459178
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.19 , United States, ASN22075 (AS-OUTBRAIN - Outbrain, Inc., US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:04 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 4
Expires: 0

GET
H2 200 get Show response
odb.outbrain.com/utils/ 13 KB
8 KB 166ms
166ms Script
text/x-json 151.101.2.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://odb.outbrain.com/utils/get?url=http%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&srcUrl=http%3A%2F%2Ffeeds.arstechnica.com%2Farstechnica%2Findex%2F&settings=true&recs=true&widgetJSId=JS_1&key=NANOWDGT01&idx=0&version=01020010&apv=false&sig=XStFiPiD&format=vjapi&rand=58588&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&adblck=false&secured=true&cmpStat=0&ref=

Requested by

Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1547690459178

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

d41c559a619ae6355aef247796dc6bcfe8c5806bcda7d7107c88352f4f98f6ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=0; includeSubDomains;
content-encoding: gzip
traffic-path: NYDC1, JFK, HHN, Europe1
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
status: 200
x-served-by: cache-jfk8126-JFK, cache-hhn1543-HHN
pragma: no-cache
x-timer: S1547690464.411704,VS0,VE159
date: Thu, 17 Jan 2019 02:01:04 GMT
vary: Accept-Encoding, User-Agent
content-type: text/x-json; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache
backend-ip: 104.156.90.26
accept-ranges: bytes, bytes
x-cache-hits: 0, 0

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 1932ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A00.349Z&_t=slot_staged&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&uNw=1&uUq=1&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=426400&image_count=1&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&CNS_init_to_staged=1370.1000027358532&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 47 B
344 B 3156ms
42ms XHR
text/javascript 52.94.216.48
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pid=4143510855051547690459510&cb=5802023861651547690460356&ws=1600x1200&v=7.24.00&t=2000&slots=%5B%7B%22sd%22%3A%22cns_ads_1547690460343G7J6MeUjeOD9oVv0JKKHjej1tnGClp_post_nav_0_container%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%7D%5D&pj=%7B%22apse%22%3A%7B%22chunkRequests%22%3Afalse%2C%22shouldSampleLatency%22%3Afalse%7D%7D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.216.48 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: 61114ad3beea1362435588af13e633fe25ab46f3f5cb855d151f7d3961d746e8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:03 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 47

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 1972ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A00.358Z&_t=slot_staged&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=426400&image_count=1&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&CNS_init_to_staged=1379.100002348423&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 47 B
344 B 3191ms
41ms XHR
text/javascript 52.94.216.48
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pid=4143510855051547690459510&cb=2350458013891547690460363&ws=1600x1200&v=7.24.00&t=2000&slots=%5B%7B%22sd%22%3A%22cns_ads_1547690460345CCrqqBWDXd6CkesBHV6dwMuirbbnWI_siderail_0_container%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%7D%5D&pj=%7B%22apse%22%3A%7B%22chunkRequests%22%3Afalse%2C%22shouldSampleLatency%22%3Afalse%7D%7D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.216.48 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: 41522e653d97047ee25397c7fa3aeab9c0dfcbe7033bad63b600f5cd7073e3b7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:03 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 47

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 618ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A00.365Z&_t=slot_staged&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=426400&image_count=1&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2050.000000745058&staged=2068.70000064373&pageload_to_staged=2068.70000064373&channel=information_technology&ctx_template=article&id=native_xrail300x140_frame&instance=0&name=native_xrail_0&position_fold=atf&position_xy=41x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=native_xrail&CNS_init=682.499997317791&CNS_init_to_staged=1386.2000033259392&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 576ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A00.368Z&_t=slot_staged&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4200&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=426400&image_count=1&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2050.4999980330467&staged=2072.4999979138374&pageload_to_staged=2072.4999979138374&channel=information_technology&ctx_template=article&id=1547690460347ariuju4kmf31qgk6wop0ehgt8ey9pu&instance=0&name=out_of_page_0&out_of_page=true&position_fold=atf&position_xy=0x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=out_of_page&CNS_init=682.499997317791&CNS_init_to_staged=1390.0000005960464&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK 5b27ee7e8c1abc4e7900000f Show response
api.cnevids.com/v1/video_groups/ 27 KB
6 KB 113ms
112ms XHR
application/json 35.153.9.60
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cnevids.com/v1/video_groups/5b27ee7e8c1abc4e7900000f?endpoint=oo.arstechnica

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-4d3fd07e48.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.153.9.60 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-153-9-60.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

b6e377f3ea7a742a5abdb797684a0c7ac594b8d8a6f22c691e371718959fb3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/*
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Status: 200 OK
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 5411
X-XSS-Protection: 1; mode=block
X-Request-Id: 12e4bc18-094e-4599-a4c8-add6547ae3e9
X-Runtime: 0.003049
X-Backend-Node: 10.110.74.40
Server: nginx/1.12.1
X-Frame-Options: SAMEORIGIN
ETag: W/"9a9caa50bcd46c0503304360e87f9ffa"
Vary: Accept-Encoding, Origin
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate

GET
H/1.1 200
OK 5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629 Show response
player.cnevids.com/script/video/ 57 KB
19 KB 113ms
112ms Script
text/javascript 143.204.101.27
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/script/video/5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629

Requested by

Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/wp-content/themes/ars/assets/js/main-4d3fd07e48.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.101.27 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-143-204-101-27.fra50.r.cloudfront.net

Software

nginx/1.14.1 /

Resource Hash

05d1b87611218711c52b6a77b972e081a5f105be29f197c3cbd50cf4e4fe3267

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cache: Miss from cloudfront
Status: 200 OK
Connection: keep-alive
Content-Length: 18617
X-XSS-Protection: 1; mode=block
X-Request-Id: baf3fb28-f3db-4202-8b2a-9e2efc7417ff
X-Runtime: 0.005942
X-Backend-Node: 10.110.73.214
Server: nginx/1.14.1
ETag: W/"e97c1b22c5af44d4a8aa7e207b7adc52"
Vary: Origin,Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: FRprhGiUWpomPtf0I8Gm6JsxhliOm8E_h4_8NdUSDjQl-ncvW7XnFw==

GET
H/1.1 200
OK arstechnica_the-art-of-glen-schofield.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1547590224/ 14 KB
14 KB 54ms
10ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1547590224/arstechnica_the-art-of-glen-schofield.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: c7eef47edac8c0673dca85d301b896da4196e5230b243168c749f07bbc4834d7

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 16 Jan 2019 21:44:32 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 15392
Edge-Cache-Tag: 478167326677407632418375752943002021374,404749671192515790889513374839386840902,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13885
X-Request-Id: c29d178c326e084c
X-Served-By: cache-hhn1528-HHN
Last-Modified: Wed, 16 Jan 2019 21:44:22 GMT
Server: cloudinary
X-Timer: S1547675072.117625,VS0,VE162
ETag: "29d7dab42d3e7ef8007145643dc0497f"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: oFmgT_8_PUzS7QmUB8xwaWDHXHlCGb3V0SMsYyxe_al0NWK8yn1Izg==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_war-stories-dead-space-the-drag-tentacle.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/ 7 KB
8 KB 8ms
7ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1546889545/arstechnica_war-stories-dead-space-the-drag-tentacle.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 08 Jan 2019 16:38:59 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 724925
Edge-Cache-Tag: 561334743792169660751574031162860899763,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 7393
X-Served-By: cache-fra19129-FRA
Last-Modified: Tue, 08 Jan 2019 16:38:58 GMT
Server: cloudinary
X-Timer: S1546965539.158106,VS0,VE116
ETag: "17a6e4b5eb75eb12f5d8c89eb3d0ace8"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: 2R4AKZ0fkxp4hjk4hpVcL5VbfOhBwmKlKpsk2rhdppKHQjUcXgasYg==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_how-does-that-work-rising-sea-levels.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1543950592/ 9 KB
10 KB 8ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1543950592/arstechnica_how-does-that-work-rising-sea-levels.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: dd261883873740a78bac0e65e1cef85b5fcc28635db0ec6c77fdedc60dc88862

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 06 Dec 2018 14:36:02 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 991485
Edge-Cache-Tag: 385094425222450584203964863140983279661,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 9655
X-Served-By: cache-hhn1537-HHN
Last-Modified: Thu, 06 Dec 2018 14:36:01 GMT
Server: cloudinary
X-Timer: S1544106963.502265,VS0,VE111
ETag: "bda75cc62fe7e0ea855b01b75e00e673"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: KyUUj3_3IqPac0Sv0CR3islqQY2jTLBqa69mGagMFkI9RytXgl-KGw==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_hybrid-options-for-us-s-next-top-fighter.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1543245409/ 6 KB
7 KB 9ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1543245409/arstechnica_hybrid-options-for-us-s-next-top-fighter.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: e014974a17d0f6e6775b4fcf5e53e2b0f3570edc070104c75d34a07d8dac4cc5

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 28 Nov 2018 15:14:37 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1680291
Edge-Cache-Tag: 283442808216472163809384800557055011655,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 6586
X-Served-By: cache-hhn1535-HHN
Last-Modified: Wed, 28 Nov 2018 14:30:45 GMT
Server: cloudinary
X-Timer: S1543418077.346624,VS0,VE114
ETag: "8a94ee8d7c54e8d420f337a0b28fb6a6"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: _5ELvr4rkZibb4EbmE-HE3GhCcRduHWi2-dZoxJA0uAR2MDpEfniZw==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_aliens-versus-predator-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1542719515/ 17 KB
18 KB 8ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1542719515/arstechnica_aliens-versus-predator-war-stories.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 5ddf806082eabde301c3f42cad406c3257f0836d803e1ae16edd7409a3761690

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 12 Jan 2019 08:35:02 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1215064
Edge-Cache-Tag: 402425429441914115354689601022187160991,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 17174
X-Request-Id: a9b13009adb82c66
X-Served-By: cache-fra19122-FRA
Last-Modified: Tue, 20 Nov 2018 16:11:00 GMT
Server: cloudinary
X-Timer: S1542731249.431714,VS0,VE239
ETag: "1ddf868459b99b95adadcd059b4d901d"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: eqZnmWT4R-mZ-OhWPJTID4rZXuMc0pVbX7KV5Ll-ag7GlXXIBtzNuA==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_teach-the-controversy-flat-earthers.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/ 10 KB
11 KB 8ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1541592304/arstechnica_teach-the-controversy-flat-earthers.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 09 Nov 2018 14:44:56 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1427286
Edge-Cache-Tag: 522150850958368321191235208678465217967,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10595
X-Request-Id: 0d3c8bdfb997f2cc
X-Served-By: cache-fra19130-FRA
Last-Modified: Fri, 09 Nov 2018 14:44:53 GMT
Server: cloudinary
X-Timer: S1541774697.715247,VS0,VE188
ETag: "6c0c4f8a9d61ed2b5863a8058c624a37"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: IcLORcFoOD_JqBGljwnL_seAtMlBG7lzLtjqOLnluOWoXFoYcvKWrQ==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_star-control-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1540238325/ 10 KB
11 KB 8ms
7ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1540238325/arstechnica_star-control-war-stories.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 5ecce433fdd65965f4acae00993b06c37d0f4960c18b36312efbf96471f95474

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 23 Oct 2018 16:50:31 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1427059
Edge-Cache-Tag: 530064111679661360080335205530300069954,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 10583
X-Served-By: cache-hhn1536-HHN
Last-Modified: Tue, 23 Oct 2018 16:50:21 GMT
Server: cloudinary
X-Timer: S1540313432.546501,VS0,VE110
ETag: "adccb40ff91a04ac0066ab46e3c60f86"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: zS_1Vi-gwGyN7M5M2s1VFFj87KU0mH8T8pVksx6MPIG-N4-iw8k3NQ==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_how-does-that-work-large-hadron-collider.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1539634118/ 13 KB
14 KB 9ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1539634118/arstechnica_how-does-that-work-large-hadron-collider.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: aec9de81a94ce1c153f8f578690649c002134406ad2f1c68f5f733dc6418311b

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Oct 2018 15:48:10 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1763967
Edge-Cache-Tag: 578511210380702293952908853782841386926,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13020
X-Request-Id: 94641e3b8ada22c7
X-Served-By: cache-fra19126-FRA
Last-Modified: Wed, 17 Oct 2018 15:48:05 GMT
Server: cloudinary
X-Timer: S1539791290.108416,VS0,VE158
ETag: "5cd4ae49cd1c17d209311809b175d278"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: yQF-FaFI70D7y5HoRmcOp0cmzfnkw3YmS0Rp9yCJLrsRE3o60jPlig==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_war-stories-serious-sam.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1538576823/ 13 KB
14 KB 8ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1538576823/arstechnica_war-stories-serious-sam.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: ed86af54b875e74d1f45f0e835237ecb7f8d1bd3f06d51c9586576ef756a372e

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 14 Jan 2019 00:49:53 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1215007
Edge-Cache-Tag: 302283555134930517008734674519776029634,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13034
X-Served-By: cache-hhn1547-HHN
Last-Modified: Wed, 03 Oct 2018 18:45:04 GMT
Server: cloudinary
X-Timer: S1538592324.341440,VS0,VE112
ETag: "5ad02d5b6b61591f35f1a938c31ee9e9"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: skeKzhmdczB-smBHPjhX0mXnRzSv-GL5fuaJ3bRxbv8pp618rC9O7Q==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/ 12 KB
13 KB 8ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1537406983/arstechnica_delta-v-the-burgeoning-world-of-small-rockets-paul-allen-s-huge-plane-and-spacex-get-s-a-crucial-green-light.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 14 Jan 2019 01:01:06 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1216464
Edge-Cache-Tag: 389498626973997838808844380914497340413,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 12509
X-Request-Id: 4e915ac71870520d
X-Served-By: cache-hhn1523-HHN
Last-Modified: Fri, 21 Sep 2018 16:51:30 GMT
Server: cloudinary
X-Timer: S1539654107.953322,VS0,VE303
ETag: "b9c502ffc902b60d0eb13698b37a945d"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: VX29muIsGeCjOfbErfxDkg3s_5D3bI26KiuOkqz8t4gmVC6TJY-Yhw==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/ 7 KB
8 KB 8ms
7ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1522031130/arstechnica_chris-hadfield-explains-his-space-oddity-video.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sat, 04 Aug 2018 00:07:14 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 3348827
Edge-Cache-Tag: 294316597633303263276952824544497226127,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 7181
X-Served-By: cache-fra19147-FRA
Last-Modified: Fri, 06 Jul 2018 12:23:22 GMT
Server: cloudinary
X-Timer: S1533341234.118391,VS0,VE1
ETag: "0549828edcecd339d8d10ebe6119de70"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: pERdfrVtzi7Zrm2G7pqSCfkuox_OylL0Cj94K9aJNpJ93rZplW6_WA==
X-Cache-Hits: 1

GET
H/1.1 200
OK arstechnica_apollo-mission-episode-1.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/ 14 KB
15 KB 8ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1512424612/arstechnica_apollo-mission-episode-1.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 06 Jul 2018 19:56:52 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1325611
Edge-Cache-Tag: 424632948265147424317824738369264083785,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14040
X-Request-Id: 2c586190b5f04277
X-Served-By: cache-hhn1529-HHN
Last-Modified: Tue, 05 Dec 2017 01:52:25 GMT
Server: cloudinary
X-Timer: S1530907012.372106,VS0,VE153
ETag: "ecc047c6eed3dc571a78eab647201220"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: ZBWtjN4jUnrk6abY3Wtp90fpiY6GBlNcp5706O1iSbpzXM_6vUTj7A==
X-Cache-Hits: 0

GET
H/1.1 200
OK arstechnica_richard-garriot-war-stories.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/ 14 KB
14 KB 9ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_thescene.jpg,fl_progressive,g_center,h_169,q_80,w_300/v1513807048/arstechnica_richard-garriot-war-stories.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: 4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 06 Jul 2018 19:56:52 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 1414015
Edge-Cache-Tag: 489732375708630852448407029403767769375,605383893367339607624947511135489672318,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 13885
X-Request-Id: bb3d79146157beb6
X-Served-By: cache-fra19125-FRA
Last-Modified: Fri, 06 Jul 2018 19:56:42 GMT
Server: cloudinary
X-Timer: S1530907012.103758,VS0,VE151
ETag: "13d45a1733ad4d2f3ae707584d6a8a32"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: YQy7zZHfyiAbPH1VrV7k7LoLCOxv1EFmZFtB50wurz81HvLq3kvL6g==
X-Cache-Hits: 0

GET
DATA 200
OK truncated
/ 408 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK user Show response
4d.condenastdigital.com/ 46 B
410 B 324ms
108ms XHR
application/json 54.144.146.119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://4d.condenastdigital.com/user?xid=f15b9ae6-55b4-42b1-84e3-195001e6d8b0
Requested by: Host: cdn.arstechnica.net
URL: https://cdn.arstechnica.net/cns/services.min.js?1547689500
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.146.119 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-144-146-119.compute-1.amazonaws.com
Software: /
Resource Hash: b8a9da3237afc7e659dba43fcde38cdb0d5e9bb547b0d380201fe0affb89d5f8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:01 GMT
content-encoding: gzip
transfer-encoding: chunked
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
Connection: keep-alive

GET
H/1.1 200
OK pixel;r=1147662028;labels=Culture.Ars%20Technica.information%20technology.;rf=0;a=p-Jjy-Cyr1NZGRz;url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discove...
pixel.quantserve.com/ 35 B
479 B 10ms
9ms Image
image/gif 18.195.102.90
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.quantserve.com/pixel;r=1147662028;labels=Culture.Ars%20Technica.information%20technology.;rf=0;a=p-Jjy-Cyr1NZGRz;url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F;fpan=1;fpa=P0-712101356-1547690460923;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=0;et=1547690460923;tzo=0;ogl=site_name.Ars%20Technica%2Curl.https%3A%2F%2Farstechnica%252Ecom%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discov%2Ctitle.Eight%20months%20after%20discovery%252C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active%2Cimage.https%3A%2F%2Fcdn%252Earstechnica%252Enet%2Fwp-content%2Fuploads%2F2018%2F10%2FGettyImages-981636794-760%2Cdescription.Control%20servers%20for%20Fancy%20Bear's%20UEFI-burrowing%20malware%20still%20responding%20to%20ping%2Ctype.article
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.102.90 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-102-90.eu-central-1.compute.amazonaws.com
Software: QS /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:05 GMT
Server: QS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 511ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A01.358Z&_t=slot_requested&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4700&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30457.14285714286&image_count=14&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&is_first_Request=true&requested=3061.499997973442&pageLoad_to_requested=3061.499997973442&CNS_init_to_requested=2379.000000655651&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 464ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A01.366Z&_t=slot_requested&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4700&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30457.14285714286&image_count=14&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=3068.9999982714653&pageLoad_to_requested=3068.9999982714653&CNS_init_to_requested=2386.5000009536743&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 407ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A01.370Z&_t=slot_requested&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4700&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30457.14285714286&image_count=14&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2050.000000745058&staged=2068.70000064373&pageload_to_staged=2068.70000064373&channel=information_technology&ctx_template=article&id=native_xrail300x140_frame&instance=0&name=native_xrail_0&position_fold=atf&position_xy=41x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=native_xrail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1386.2000033259392&inViewport=2072.299998253584&pageLoad_to_in_viewport=1389.800000935793&isRefresh=true&requested=3073.8999992609024&pageLoad_to_requested=3073.8999992609024&CNS_init_to_requested=2391.4000019431114&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 356ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A01.375Z&_t=slot_requested&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4700&pSw=1600&pSh=1200&uID=a208ffbc-2b9f-47a6-923e-b6c04b86d64a&sID=6eefb6d6-b5e9-4734-9051-08c964ac404b&pID=bf9fc605-971b-4ce7-b43a-1dfd716dc8fd&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30457.14285714286&image_count=14&image_surface=426400&server=production&vp_height=1200&vp_width=1585&created=2050.4999980330467&staged=2072.4999979138374&pageload_to_staged=2072.4999979138374&channel=information_technology&ctx_template=article&id=1547690460347ariuju4kmf31qgk6wop0ehgt8ey9pu&instance=0&name=out_of_page_0&out_of_page=true&position_fold=atf&position_xy=0x0&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=out_of_page&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1390.0000005960464&inViewport=2076.299998909235&pageLoad_to_in_viewport=1393.800001591444&isRefresh=true&requested=3078.1999975442886&pageLoad_to_requested=3078.1999975442886&CNS_init_to_requested=2395.7000002264977&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H2 200 iab Show response
api.skimlinks.mgr.consensu.org/ 772 B
636 B 3056ms
22ms XHR
application/json 35.190.40.172
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.skimlinks.mgr.consensu.org/iab

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.40.172 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

172.40.190.35.bc.googleusercontent.com

Software

nginx/1.14.0 /

Resource Hash

4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx/1.14.0
access-control-allow-headers: *
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://arstechnica.com
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

POST
H2 200 track.php Show response
t.skimresources.com/api/ 22 B
90 B 71ms
39ms XHR
application/javascript 35.201.67.47
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/track.php

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.201.67.47 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

nginx/1.14.0 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:03 GMT
via: 1.1 google
x-content-type-options: nosniff
server: nginx/1.14.0
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
alt-svc: clear
content-length: 22

POST
H2 200 link Show response
t.skimresources.com/api/ 22 B
367 B 55ms
24ms XHR
application/javascript 35.201.67.47
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.201.67.47 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

nginx/1.14.0 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:03 GMT
via: 1.1 google
x-content-type-options: nosniff
server: nginx/1.14.0
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
alt-svc: clear
content-length: 22

GET
H2 200 en.js Show response
c.evidon.com/sitenotice/4419/translations/ 72 KB
4 KB 13ms
13ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/4419/translations/en.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7713f8cd92d4d6de8f561a9974209f8532e11b1db64d9a20efb50cf995609db0

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:03 GMT
content-encoding: gzip
last-modified: Tue, 14 Aug 2018 17:59:16 GMT
server: Apache
etag: "130e50d48e15fc5162f9707b91233f47:1534269556"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
content-length: 3963
expires: Fri, 18 Jan 2019 02:01:03 GMT

GET
H2 200 vendorlist.js Show response
c.evidon.com/sitenotice/ 125 KB
51 KB 14ms
14ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/vendorlist.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 33e3217dbe468f5f346598e2c819d6a0427738d7139b7caac21ae71e57ac3dd9

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:03 GMT
content-encoding: gzip
last-modified: Thu, 03 Jan 2019 17:51:09 GMT
server: Apache
etag: "03b5fb3a45cea230b32f33f15435fe69:1546537869"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
content-length: 52097
expires: Fri, 18 Jan 2019 02:01:03 GMT

GET
H2 200 evidon-banner.js Show response
c.evidon.com/sitenotice/ 8 KB
3 KB 7ms
7ms Script
application/x-javascript 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/sitenotice/evidon-banner.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4b51cad50779921c134fe5f8a46df29da7bdedf5f643c331d192b6057af97992

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:04 GMT
content-encoding: gzip
last-modified: Wed, 19 Dec 2018 22:28:29 GMT
server: Apache
etag: "41298c7c9394582aaf744ce4397a8521:1545258511"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=86400, private;max-age=86400
accept-ranges: bytes
content-length: 2538
expires: Fri, 18 Jan 2019 02:01:04 GMT

GET
H2 204 20312
l.betrad.com/site/v3/4419/3803/3/1/2/1/ 0
120 B 550ms
96ms Image
text/plain 52.21.120.172
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/4419/3803/3/1/2/1/20312?consent=0
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.120.172 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-21-120-172.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 icong1.png
c.evidon.com/pub/ 506 B
667 B 7ms
7ms Image
image/png 23.67.133.23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/pub/icong1.png
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.67.133.23 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-133-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 47ecf8e24654258186de2aabeeb592dc0c1f3d071b0f5b48622be67a9fd60c98

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:04 GMT
last-modified: Thu, 02 Jun 2011 18:30:38 GMT
server: Apache
etag: "e06dbc187b21a416c4ef0da5a3fd3829:1307039438"
content-type: image/png
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-length: 506

GET
H2 204 20312
l.betrad.com/site/v3/4419/3803/3/2/2/1/ 0
120 B 97ms
97ms Image
text/plain 52.21.120.172
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/4419/3803/3/2/2/1/20312?consent=0
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.120.172 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-21-120-172.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by: Express
vary: Accept-Encoding

GET
H2 204 20312
l.betrad.com/site/v3/4419/3803/3/4/2/1/ 0
120 B 97ms
96ms Image
text/plain 52.21.120.172
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/site/v3/4419/3803/3/4/2/1/20312?consent=0
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.120.172 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-21-120-172.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
x-powered-by: Express
vary: Accept-Encoding

GET
H2 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 161 KB
60 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

fd29e87f16a5748fcf192f58f79d2c91e133267210695b5424bfbcf0c611b333

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 01:24:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2210
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 61049
x-xss-protection: 1; mode=block
server: cafe
etag: 10480344238816706117
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Jan 2019 02:24:15 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 16 KB
6 KB 242ms
241ms XHR
text/plain 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1668255561670279&correlator=4451079646673189&output=ldjh&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&hxva=1&scor=1014209491436964&eid=21062453%2C21062723&vrg=287&tfcd=0&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=1&sfv=1-0-31&iu_parts=3379%2Cconde.ars%2Cinterstitial%2Cinformation-technology%2Carticle%2C1%2Chero%2Crail%2C2&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5%2C0%2F1%2F6%2F3%2F4%2F5%2C0%2F1%2F7%2F3%2F4%2F5%2C0%2F1%2F7%2F3%2F4%2F8&prev_iu_szs=1x1%2C728x90%7C970x60%7C970x250%7C930x400%7C930x370%7C970x90%7C970x420%7C9x1%7C9x3%7C9x9%7C1200x370%2C300x250%7C300x600%7C300x1050%2C300x140&fsbs=1%2C1%2C1%2C1&ists=8&prev_scp=ctx_slot_name%3D_out_of_page_0%26ctx_slot_instance%3D_out_of_page_0%26ctx_slot_type%3D_out_of_page%26ctx_slot_manual_rn%3D0%26ctx_slot_rn%3D0%7Cctx_slot_name%3Dpost_nav_0%26amznbid%3D2%26amznp%3D2%26ctx_slot_instance%3Dpost_nav_0%26ctx_slot_type%3Dpost_nav%26ctx_slot_manual_rn%3D0%26ctx_slot_rn%3D0%7Cctx_slot_name%3Dsiderail_0%26amznbid%3D2%26amznp%3D2%26ctx_slot_instance%3Dsiderail_0%26ctx_slot_type%3Dsiderail%26ctx_slot_manual_rn%3D0%26ctx_slot_rn%3D0%7Cctx_slot_name%3Dnative_xrail_0%26ctx_slot_instance%3Dnative_xrail_0%26ctx_slot_type%3Dnative_xrail%26ctx_slot_manual_rn%3D0%26ctx_slot_rn%3D0&eri=1&cust_params=env_device_type%3Ddesktop%26env_server%3Dproduction%26rdt_device_template%3Ddesktop_article%26cnt_tags%3Dfancy-bear%252Clojax%252Cmalware%252Crootkits%252Cuefi%26usr_bkt_pv%3D26%26ctx_cns_version%3D2_25_5%26vnd_prx_segments%3D300003%252C121100%252C131100%252C131103%252C210000%252C210012%252C240000%252C240002%252C240003%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252Cwmhp4i%252C2hkgm5%252Cap05we%252Cfdf1wd%252Cv8lc56%252C36vte1%252C_DV7R1eCPJLo_%26vnd_4d_ctx_topics%3DALLBRANDS_70%252CALLBRANDS_7%252CALLBRANDS_63%252CALLBRANDS_38%252CALLBRANDS_31%252CALLBRANDS_283%252CALLBRANDS_274%252CALLBRANDS_258%252CALLBRANDS_167%252CALLBRANDS_134%252CALLBRANDS_64%252CALLBRANDS_57%252CALLBRANDS_28%252CALLBRANDS_244%252CALLBRANDS_21%252CALLBRANDS_192%26vnd_4d_ctx_topic_sc%3D0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%26vnd_4d_ctx_entities%3Dmalware%252Clojax%252Clojack%252Crootkit%252Cabsolute%2520software%252Cpage%2520layout%252Cnetscout%252Crussian%252Cbombshell%252Ceset%252Ccomputrace%252Coperating%2520system%252Chard%2520drive%252Cdan%2520goodin%252Cbackdoor%252Cutc%252Carbor%2520networks%252Cantivirus%2520software%252Cflash%2520memory%252Cserial%2520peripheral%2520interface%26vnd_4d_ctx_ent_sc%3D1%252C0.9122719256493937%252C0.8490265978428302%252C0.7665621474966728%252C0.7467290233548047%252C0.7398014016825881%252C0.7069772106084045%252C0.6208620391358676%252C0.4994406086428591%252C0.47417726106104496%252C0.4658396092857796%252C0.46428387291354406%252C0.45952211023121675%252C0.4578112948985477%252C0.4506579038710421%252C0.4242203090015489%252C0.4206713878984811%252C0.3975896690316308%252C0.38131630900848573%252C0.38049651481476754%26vnd_4d_ctx_keywords%3Dmalware%252Clojax%252Cresearcher%252Clojack%252Crootkit%252Cabsolute%2520software%252Cpage%2520layout%252Ccontrol%2520server%252Cnetscout%252Crussian%252Coperation%252Cbombshell%252Cdomain%252Ceset%252Ccomputrace%252Coperating%2520system%252Cip-to-domain%2520mapping%252Chard%2520drive%252Cdan%2520goodin%252Cbackdoor%26vnd_4d_ctx_kw_sc%3D1%252C0.9122719256493937%252C0.8661514775641861%252C0.8490265978428302%252C0.7665621474966728%252C0.7467290233548047%252C0.7398014016825881%252C0.7082091276849575%252C0.7069772106084045%252C0.6208620391358676%252C0.5221908868282827%252C0.4994406086428591%252C0.48511932543486386%252C0.47417726106104496%252C0.4658396092857796%252C0.46428387291354406%252C0.4598058784275079%252C0.45952211023121675%252C0.4578112948985477%252C0.4506579038710421%26vnd_4d_pid%3Dbf9fc605-971b-4ce7-b43a-1dfd716dc8fd%26vnd_4d_xid%3Df15b9ae6-55b4-42b1-84e3-195001e6d8b0%26vnd_4d_sid%3D6eefb6d6-b5e9-4734-9051-08c964ac404b%26ctx_template%3Darticle%26ctx_page_slug%3D8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%26ctx_page_channel%3Dinformation_technology&cookie_enabled=1&bc=15&lmt=1547690464&dt=1547690464145&dlt=1547690458752&idt=5312&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C0%2C1063%2C1063&adys=0%2C0%2C100%2C141&adks=1708284783%2C2730731560%2C2218746098%2C57498633&ucis=1%7C2%7C3%7C4&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&dssz=53&icsg=17729801158656&mso=262144&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C1585x-1%7C300x-1%7C300x-1&msz=0x-1%7C1585x-1%7C300x-1%7C300x-1&blev=1&bisch=1&ga_vid=1644281048.1547690464&ga_sid=1547690464&ga_hid=1479152547&fws=4%2C4%2C4%2C4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

8fe24887d91e45f0f5a0f25fc7ffe9e6d98b8ac1b8f526ced2f880d7c7e04866

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:01:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,81141,81141,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 6381
x-xss-protection: 1; mode=block
google-lineitem-id: -2,-1,-1,4736014287
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-1,-1,138237302059
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://arstechnica.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_287.js Show response
securepubads.g.doubleclick.net/gpt/ 58 KB
22 KB 41ms
41ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

676d159347cd59711604943ecf8c34d3bfb43351bc67b4d2e163f8aac82c5c71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Jan 2019 18:15:14 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 22211
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:05 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ 0
0 7ms
6ms Other
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H/1.1 200
OK eyJpdSI6IjlhOWUwMDAwYjBmMmFjNGNiOTY2NjI1NTczNDhjYjRiMzA1NTNiYTkyZDY3NjM4MTdiZTc4YzAyZDVkZTc0YjMiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 3 KB
4 KB 182ms
135ms Image
image/webp 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.outbrainimg.com/transform/v3/eyJpdSI6IjlhOWUwMDAwYjBmMmFjNGNiOTY2NjI1NTczNDhjYjRiMzA1NTNiYTkyZDY3NjM4MTdiZTc4YzAyZDVkZTc0YjMiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-73.deploy.static.akamaitechnologies.com

Software

Resource Hash

63d0cd4d92739898fc628a6a580cce26b11223e526dd8b90170414cfd799aed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Encoding: gzip
Last-Modified: Sat, 22 Dec 2018 19:33:08 GMT
Date: Thu, 17 Jan 2019 02:01:05 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2401814
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 3514

GET
H/1.1 200
OK eyJpdSI6IjNhYTFhYWNlNzJkNzkzYTc4MjcwNGNiNzZiZDhlY2ZkNjU4Y2I4NWJjNzVkMTE2NTVlZjhiNTYzMTZiODA1ZDYiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 6 KB
7 KB 11ms
10ms Image
image/webp 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.outbrainimg.com/transform/v3/eyJpdSI6IjNhYTFhYWNlNzJkNzkzYTc4MjcwNGNiNzZiZDhlY2ZkNjU4Y2I4NWJjNzVkMTE2NTVlZjhiNTYzMTZiODA1ZDYiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-73.deploy.static.akamaitechnologies.com

Software

Resource Hash

1a0b73c2b2d381f520b430c828f1fd190b023f72940948a209d7492bc5d967de

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Encoding: gzip
Last-Modified: Tue, 25 Dec 2018 09:53:00 GMT
Date: Thu, 17 Jan 2019 02:01:05 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=1632771
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 6378

GET
H/1.1 200
OK eyJpdSI6IjdlYWRjOGNlNDI3OTM0MGJiZjJjYTU0ZmZlMWU4NTgzZDFlYTI2MGQ5MDg4YjQzNjM3N2IwNTUxYzEwNjJlOTYiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 3 KB
4 KB 9ms
9ms Image
image/webp 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjdlYWRjOGNlNDI3OTM0MGJiZjJjYTU0ZmZlMWU4NTgzZDFlYTI2MGQ5MDg4YjQzNjM3N2IwNTUxYzEwNjJlOTYiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-38-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a9eade0fcb1a461968348d2b892f7768103d7801a230b2037ee422471c2129cc

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:05 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Dec 2018 14:36:37 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=1632836
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 3436

GET
H/1.1 200
OK eyJpdSI6IjcwZDgyM2JlYWY1ODRmZmFmMWQxOTQyZTNjOWVlZjIxYTQ5YzllODA0YTJiODdhZWZhNDlhYWU5Yjg2NzdhM2UiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 8 KB
8 KB 31ms
31ms Image
image/webp 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.outbrainimg.com/transform/v3/eyJpdSI6IjcwZDgyM2JlYWY1ODRmZmFmMWQxOTQyZTNjOWVlZjIxYTQ5YzllODA0YTJiODdhZWZhNDlhYWU5Yjg2NzdhM2UiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-38-73.deploy.static.akamaitechnologies.com

Software

Resource Hash

fce896fd384c3d365c7071839ff45d195bc3a2fc4941d7ea05bb8e302037cbfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Encoding: gzip
Last-Modified: Thu, 10 Jan 2019 05:25:34 GMT
Date: Thu, 17 Jan 2019 02:01:05 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2399117
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 8256

GET
H/1.1 200
OK eyJpdSI6IjFkOGFhYmE2ZTRmZjIyODNhYjM2YjVlNjBjMjNmYjU0ODVmYTY4N2ZlNGQxZTE5NGFiZTkxYmMzZjRiZGEzMmUiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 6 KB
6 KB 9ms
8ms Image
image/webp 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjFkOGFhYmE2ZTRmZjIyODNhYjM2YjVlNjBjMjNmYjU0ODVmYTY4N2ZlNGQxZTE5NGFiZTkxYmMzZjRiZGEzMmUiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-38-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 744b1b8fa490b4ebb73e30c2683f423fe9c4ce3750e280b487157d08a576fcf6

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 27 Dec 2018 06:32:02 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2106005
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 5684

GET
H/1.1 200
OK eyJpdSI6IjQzZGRiYjI5NDAyYmNlODZmY2VlM2EyMDZiOGVlZTEwNTY4YzczYjMzNjk1ZTgyZWVkZmFiYWNkOTJkNmM3ZWIiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 5 KB
5 KB 35ms
34ms Image
image/webp 2.21.38.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjQzZGRiYjI5NDAyYmNlODZmY2VlM2EyMDZiOGVlZTEwNTY4YzczYjMzNjk1ZTgyZWVkZmFiYWNkOTJkNmM3ZWIiLCJ3IjoxNDAsImgiOjEwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.38.73 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-38-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8f7f1c5675bae280aaee4bfa68423b35ce1b889805d4d579ab6452f86ed60b4b

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Jan 2019 18:28:21 GMT
Vary: Accept-Encoding
Content-Type: image/webp
Cache-Control: max-age=2359444
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 5284

GET
H/1.1 200
OK ptrack-v1.2.0-engagedtime-slots.js Show response
d1z2jf7jlzjs58.cloudfront.net/code/ 39 KB
15 KB 9ms
9ms Script
application/x-javascript 143.204.98.215
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/code/ptrack-v1.2.0-engagedtime-slots.js
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.215 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-215.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: f77676385ed899908297ac3d793b6f79b7a342438ba59b9878678c42a8a7ffa1

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: public
Date: Thu, 03 Jan 2019 23:57:31 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jan 2019 22:59:57 GMT
Server: nginx
Age: 1130614
ETag: W/"5c2e93ed-9c5a"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
Cache-Control: max-age=315360000, public
Connection: keep-alive
X-Amz-Cf-Id: zq1hNPrxO0KDZwknPxAbZ3VaK55pDFvH7b8eM8WfJERPSYgM74dhNw==
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK embed-api.json Show response
player.cnevids.com/ 6 KB
3 KB 15203ms
127ms Fetch
application/json 143.204.101.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://player.cnevids.com/embed-api.json?videoId=5c3e102327955155ff000001&embedLocation=arstechnica

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.101.24 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-143-204-101-24.fra50.r.cloudfront.net

Software

nginx/1.14.1 /

Resource Hash

2a7ef1a99f21d871f35def1ea8605618879369bd4582c2e9e7145e9ae13cb26c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Cache: Miss from cloudfront
Status: 200 OK
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 1920
X-XSS-Protection: 1; mode=block
X-Request-Id: 45fdbd89-f154-4f0a-ba1f-c357c67761b1
X-Runtime: 0.006851
X-Backend-Node: 10.110.8.15
Server: nginx/1.14.1
ETag: W/"a59423273d2c5f67ef1f889c8e3bdb9b"
Vary: Origin,Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json; charset=utf-8
Via: 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Access-Control-Expose-Headers
Cache-Control: max-age=0, private, must-revalidate
X-Amz-Cf-Id: nUrj-FmPh3oS4DzECCQehZQ-CAU3Vdaq-RYlgwNFZ9UXT1_1q1R9Dw==

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame B415 235 KB
81 KB 55ms
39ms Script
text/javascript 2a00:1450:4001:80b::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

16366b1741cf043268696181284ab11c9f265961f57fea950d0e4a5971ff6666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 82691
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:06 GMT

GET
H2 200 gpt_proxy.js Show response
imasdk.googleapis.com/js/sdkloader/ 55 KB
20 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/gpt_proxy.js

Requested by

Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

39f73a2f05643a14a065864afb08632e334fe9e1eeaf28644a9c209a655a2b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 01:49:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 22:38:20 GMT
server: sffe
age: 695
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 20724
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:04:31 GMT

GET
H/1.1 200
OK player-style-fbe7f8909eaaa3ac1e73b7d3feec1e1b.css
d2c8v52ll5s99u.cloudfront.net/player/ Frame B415 72 KB
11 KB 15084ms
9ms Stylesheet
text/css 143.204.98.73
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2c8v52ll5s99u.cloudfront.net/player/player-style-fbe7f8909eaaa3ac1e73b7d3feec1e1b.css
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.73 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-73.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0f101d0b6141cb2bfb7d7d4802dac2665eac5d3aac686d21f005a2bf82b1074c

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 12 Dec 2018 20:42:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Dec 2018 19:51:59 GMT
Server: AmazonS3
Age: 3043129
ETag: "e950bc48c0de1db2d06fdd7487e34d9c"
X-Cache: Hit from cloudfront
Content-Type: text/css; charset=utf-8
Via: 1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
Cache-Control: max-age=63072000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10893
X-Amz-Cf-Id: Le8yS_gjvJUs1HpRvaWBk2KW8xIPCtZ9yaVGm8y83-7kOfFWmAEtWQ==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
H/1.1 200
OK main-12f446e3161f71f9e9d1.js Show response
d2c8v52ll5s99u.cloudfront.net/player/ Frame B415 905 KB
225 KB 13947ms
9ms Script
application/javascript 143.204.98.73
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Requested by: Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/5c3e102327955155ff000001.jsautoplay=0&muted=0&hasCompanion=0&adsDisabled=0&onReady=arsVideoModulePlayerReady81662629
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.73 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-73.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b88ab5e8f688ed274dba989dc7200c1569ebde2a80e9e0aff1df53b511203ec

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 14 Jan 2019 19:02:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jan 2019 21:31:27 GMT
Server: AmazonS3
Age: 197944
ETag: "6a93b5eb4969401968e795a3a376e86a"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
Cache-Control: max-age=63072000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 229525
X-Amz-Cf-Id: mUKopvUAE0SOxEyC0FXa2PDhRbwMhgItrL6Yxa0t41arbp4KMdSbAQ==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Response headers

Content-Type: video/mp4

GET
H2 200 Consent_A_de.js Show response
s.skimresources.com/js/GDPR/ 19 KB
7 KB 21ms
19ms Script
application/octet-stream 151.139.128.10
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/GDPR/Consent_A_de.js
Requested by: Host: s.skimresources.com
URL: https://s.skimresources.com/js/100098X1555750.skimlinks.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc346066826dab306c14586c07a816c1d9a3e42b3579b6539bef527b567dd871

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
content-encoding: gzip
last-modified: Mon, 12 Nov 2018 15:10:58 GMT
server: AmazonS3
x-amz-request-id: CD3ADFBD529FC1A8
etag: "1185ce54b2ded154865d60194a6ee168"
x-hw: 1547690466.cds020.pa1.hn,1547690466.cds013.pa1.c
content-type: application/octet-stream
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 7428
x-amz-id-2: kwtauocZiK/6lWmDXl5Aq61tHtGLFGRyOUzixqC8ZSUeAKg4TgkkJpMBoCecSxYeGGykdlBIT5s=

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ Frame C18A 0
0 8ms
7ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-31/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 1737
date: Mon, 14 Jan 2019 19:45:59 GMT
expires: Tue, 14 Jan 2020 19:45:59 GMT
last-modified: Thu, 01 Nov 2018 14:23:58 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, immutable, max-age=31536000
age: 195306
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:809::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5053e3649a40c20ecca309843e7a085226246462cc33cc738981424ece35e7ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 17:31:21 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 27230
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:06 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ Frame 9E6A 0
0 9ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-31/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 1737
date: Mon, 14 Jan 2019 19:45:59 GMT
expires: Tue, 14 Jan 2020 19:45:59 GMT
last-modified: Thu, 01 Nov 2018 14:23:58 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, immutable, max-age=31536000
age: 195306
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H2 200 creative.js Show response
static.polarcdn.com/creative/ Frame 1B57 283 KB
108 KB 56ms
12ms Script
application/javascript 2606:4700::6813:f87e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://static.polarcdn.com/creative/creative.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6813:f87e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1e6dddd31217b62eb74a2a6eae10342dc94444526ced4c9af0e1f19a8e21eda

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
cf-cache-status: HIT
status: 200
content-length: 110106
via: 1.1 varnish
timing-allow-origin: *
x-varnish: 414479778 414479004
last-modified: Mon, 07 Jan 2019 20:38:26 GMT
server: cloudflare
cache-control: max-age=10800
etag: W/"5c33b8c2-46d72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: CF-IPCountry
cf-ipcountry: DE
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 49a53b6339129706-FRA
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Thu, 17 Jan 2019 03:06:02 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1B57 76 KB
28 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:809::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:809::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

040e9e3496a5997449e4a4a77457ba01d5d985ec6993876c00d0b14af4741a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 17:31:21 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 28564
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:05 GMT

GET
H/1.1 200
OK moatad.js Show response
z.moatads.com/condenastdfp9588492144/ Frame 1B57 288 KB
89 KB 62ms
15ms Script
application/x-javascript 23.211.3.55
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/condenastdfp9588492144/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.211.3.55 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-211-3-55.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 8a3915dfce651c0b5d2bae79e623ffdd547aae9cdff674f2c15e0d0e408abb07

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Dec 2018 19:13:04 GMT
Server: AmazonS3
x-amz-request-id: 4A555C5AB0A714A8
ETag: "4cf4a93fef885b53db7e5ee5ad43df3b"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63346
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 91028
x-amz-id-2: kGbMjiH3nQOV35UNVQY+u7qsjOtIMgYM74XOJ+xp1GCJGI1Oa3chIkcisTbzF57fNoG4/RbHwuo=

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1B57 0
282 B 43ms
43ms Image
image/gif 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBigBAjIxcc-J3NZjMGcdgMnFI7dUuK_JDNG7BFTJjSQbEBB6E3DNwncqzlgsFYUUaQOa4HrJ7LkoXvliJaA9iayFK3-0tBZdsBFNoj_kVvwaYCoTbOn8Ku4Ngzaa8LIddlZEMoxFwoN-BXkPC4CLmDeU3G8UoJeOtYDWn197suNxx2ad6G4qqldUKiVCFZeZlcnKfd7qYOSBJuTlEV8iyBt96LSYPMZ3fYdKMY4BbW83QZDA6phA0Mw8C4j9l9NWAK-5pQHNiC6yI2URnUbJR7713AC5ehoccw3lBbA&sai=AMfl-YTQuxFmGZszkuIuXxh6o_-uwd5NkKHYd9S5HpsRwyVNYaD1RKY-1_n-um3cNQMtcD35RYS8H2BPR1ebkG0DWZbd-39LSEw1WTXKx0j0&sig=Cg0ArKJSzIDVIRCwnoZDEAE&urlfix=1&adurl=

Requested by

Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:06 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 304ms
101ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A05.709Z&_t=slot_rendered&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4800&pSw=1600&pSh=1200&uID=e514eb24-539c-4770-874d-71211d6a316e&uNw=1&uUq=1&pID=e3545f9b-7645-4215-b330-e3161dcf7ff2&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30028.7&image_count=20&image_surface=600574&server=production&vp_height=1200&vp_width=1585&created=2050.4999980330467&staged=2072.4999979138374&pageload_to_staged=2072.4999979138374&channel=information_technology&ctx_template=article&id=1547690460347ariuju4kmf31qgk6wop0ehgt8ey9pu&instance=0&name=out_of_page_0&out_of_page=true&position_fold=atf&position_xy=0x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=out_of_page&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1390.0000005960464&inViewport=2076.299998909235&pageLoad_to_in_viewport=1393.800001591444&isRefresh=true&requested=3078.1999975442886&pageLoad_to_requested=3078.1999975442886&CNS_init_to_requested=2395.7000002264977&rendered=7412.599999457598&creative_type=sized&is_empty=true&request_to_rendered=4334.400001913309&is_first_rendered=true&pageLoad_to_rendered=7412.599999457598&CNS_init_to_rendered=6730.100002139807&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:06 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 293ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A05.725Z&_t=slot_rendered&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4800&pSw=1600&pSh=1200&uID=e514eb24-539c-4770-874d-71211d6a316e&pID=e3545f9b-7645-4215-b330-e3161dcf7ff2&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30028.7&image_count=20&image_surface=600574&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&is_first_Request=true&requested=3061.499997973442&pageLoad_to_requested=3061.499997973442&CNS_init_to_requested=2379.000000655651&rendered=7429.099999368191&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=970x250&request_to_rendered=4367.600001394749&pageLoad_to_rendered=7429.099999368191&CNS_init_to_rendered=6746.6000020504&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:07 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 306ms
103ms Image
image/gif 52.2.117.76
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A05.744Z&_t=slot_rendered&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4800&pSw=1600&pSh=1200&uID=e514eb24-539c-4770-874d-71211d6a316e&pID=e3545f9b-7645-4215-b330-e3161dcf7ff2&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30028.7&image_count=20&image_surface=600574&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=3068.9999982714653&pageLoad_to_requested=3068.9999982714653&CNS_init_to_requested=2386.5000009536743&rendered=7447.000000625849&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=300x600&request_to_rendered=4378.0000023543835&pageLoad_to_rendered=7447.000000625849&CNS_init_to_rendered=6764.500003308058&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.117.76 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-2-117-76.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:07 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 299ms
104ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A05.753Z&_t=slot_rendered&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=4800&pSw=1600&pSh=1200&uID=e514eb24-539c-4770-874d-71211d6a316e&pID=e3545f9b-7645-4215-b330-e3161dcf7ff2&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=30028.7&image_count=20&image_surface=600574&server=production&vp_height=1200&vp_width=1585&created=2050.000000745058&staged=2068.70000064373&pageload_to_staged=2068.70000064373&channel=information_technology&ctx_template=article&id=native_xrail300x140_frame&instance=0&name=native_xrail_0&position_fold=atf&position_xy=641x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=native_xrail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1386.2000033259392&inViewport=2072.299998253584&pageLoad_to_in_viewport=1389.800000935793&isRefresh=true&requested=3073.8999992609024&pageLoad_to_requested=3073.8999992609024&CNS_init_to_requested=2391.4000019431114&rendered=7457.100000232458&advertiser_id=1454517775&creative_id=138237302059&creative_type=sized&line_item_id=4736014287&order_id=2338761482&rendered_size=300x140&request_to_rendered=4383.200000971556&pageLoad_to_rendered=7457.100000232458&CNS_init_to_rendered=6774.600002914667&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:07 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H2 200 wt Show response
polarcdn-pentos.com/ Frame 1B57 3 B
592 B 154ms
84ms XHR
application/octet-stream 104.18.219.82
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-pentos.com/wt?e=1&n=3&p=UNKNOWN&s=1&u=f6d3b4a3-228b-41cb-993c-e7482a43f118&v=2%2Fc7fea11&w=1.122.0&y=w&z=v1.6.25&pas=asa-web&pag2=%2F3379%2Fconde.ars%2Frail%2Finformation-technology%2Farticle%2F2&pai=18d8b&d=arstechnica.com&l=&pajs=&pepm=gdpr-eu&pepc=n&mepc=1&cu=c4ec0b159187efeb9f596a7d2c7ce7b1&t=arx&parcid=544fa&parid=9f8d3&parin=1&partm=0&par=s&maxts=0.014&pvhref=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&_=1547690465845
Requested by: Host: static.polarcdn.com
URL: https://static.polarcdn.com/creative/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.18.219.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f0e2d95e318789b840f67b7004cb30985ce2e0ef3ece7507b2b15e8441811a7

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
x-amz-request-id: 2EE616777196F05B
status: 200
content-length: 3
x-amz-id-2: uZ70s9eSUL4ZIqPTl3xTn2nhzUQDLjtwAjR3IG6Saat+EwI9iHbjSsUGhQGLa+z4GjVVgJFvZjM=
last-modified: Mon, 09 Jul 2018 17:31:51 GMT
server: cloudflare
etag: "28e4477bb454eb35226fe56082545e13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 49a53b643c989c47-AMS

GET
H2 200 wt Show response
polarcdn-pentos.com/ Frame 1B57 3 B
65 B 212ms
146ms XHR
application/octet-stream 104.18.219.82
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-pentos.com/wt?e=2&n=3&p=UNKNOWN&s=1&u=f6d3b4a3-228b-41cb-993c-e7482a43f118&v=2%2Fc7fea11&w=1.122.0&y=w&z=v1.6.25&pas=asa-web-polarpmp&pag1=conde_customcontent_market&pag2=brand_arstechnica&paenb=u&pai=18d8b&d=arstechnica.com&l=&pajs=&pepm=gdpr-eu&pepc=n&mepc=1&cu=c4ec0b159187efeb9f596a7d2c7ce7b1&t=atx&parcid=544fa&parid=438b1&parin=2&pvhref=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&_=1547690465846
Requested by: Host: static.polarcdn.com
URL: https://static.polarcdn.com/creative/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.18.219.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f0e2d95e318789b840f67b7004cb30985ce2e0ef3ece7507b2b15e8441811a7

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
x-amz-request-id: 2EE616777196F05B
status: 200
content-length: 3
x-amz-id-2: uZ70s9eSUL4ZIqPTl3xTn2nhzUQDLjtwAjR3IG6Saat+EwI9iHbjSsUGhQGLa+z4GjVVgJFvZjM=
last-modified: Mon, 09 Jul 2018 17:31:51 GMT
server: cloudflare
etag: "28e4477bb454eb35226fe56082545e13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 49a53b643c999c47-AMS

OPTIONS
H2 204 pl Show response
bw-prod.plrsrvcs.com/bid/ Frame 1B57 0
340 B 74ms
8ms XHR
text/plain 2606:4700::6812:603c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://bw-prod.plrsrvcs.com/bid/pl
Requested by: Host: static.polarcdn.com
URL: https://static.polarcdn.com/creative/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:603c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://arstechnica.com
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-openrtb-version

Response headers

date: Thu, 17 Jan 2019 02:01:05 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
status: 204
cf-ray: 49a53b642b7bc2d3-FRA
access-control-allow-headers: Content-Type, x-openrtb-version

GET
DATA 200
OK truncated
/ Frame 1B57 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4aed39a2c59c2dc38578f74577f9c3aaf797728a69687675934e92c69d30e8ed

Request headers

Response headers

Content-Type: image/png

POST
H2 200 pl Show response
bw-prod.plrsrvcs.com/bid/ Frame 1B57 2 KB
1 KB 164ms
163ms XHR
application/json 2606:4700::6812:603c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://bw-prod.plrsrvcs.com/bid/pl
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:603c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7591d2cf7f48fe9a954a065a1fe114e252311739978fce87833a0c318cb2bb69

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
x-openrtb-version: 2.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://arstechnica.com
Content-Type: application/json

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
content-encoding: gzip
x-polar-trace-id
x-polar-response-id: fba04404d83d41ac955652b38fa34ff8
status: 200
x-polar-t: 0.003
pragma: no-cache
server: cloudflare
cache-control: no-cache, no-store, must-revalidate
x-polar-misses
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CF-IPCountry
cf-ipcountry: DE
cf-ray: 49a53b648c43c2d3-FRA
expires: 0

GET
H/1.1 200
OK /
srv-2019-01-17-02.pixel.parsely.com/plogger/ 43 B
229 B 2398ms
97ms Image
image/gif 52.0.240.180
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2019-01-17-02.pixel.parsely.com/plogger/?rand=1547690466033&plid=51464913&idsite=arstechnica.com&url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22parsely_uuid%22%3A%22f5a9ed3a-0dd4-4adc-95e5-95d7b0a74fb1%22%2C%22parsely_site_uuid%22%3A%2281077ac0-5d54-478e-94f7-bbf6ec0be30e%22%7D&sid=1&surl=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&sref=&sts=1547690466030&slts=0&title=Eight+months+after+discovery%2C+unkillable+LoJax+rootkit+campaign+remains+active+%7C+Ars+Technica&date=Thu+Jan+17+2019+02%3A01%3A06+GMT%2B0000+(Coordinated+Universal+Time)&action=pageview&pvid=92677339&u=81077ac0-5d54-478e-94f7-bbf6ec0be30e
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.240.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-0-240-180.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:08 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 ijs_all_modules_9b981cd5bad3f03d6e262c4475190010.js Show response
assets.bounceexchange.com/assets/tags/versioned/ 350 KB
80 KB 3061ms
14ms Script
application/javascript 143.204.90.45
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/tags/versioned/ijs_all_modules_9b981cd5bad3f03d6e262c4475190010.js
Requested by: Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/2806/i.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.90.45 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-90-45.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d6b1ed8883872024ad00b1b1293aa5f03b3e2c3a65d6ec16469710f5fc309d80

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 15 Jan 2019 20:50:53 GMT
content-encoding: gzip
last-modified: Tue, 15 Jan 2019 18:01:33 GMT
server: AmazonS3
age: 105017
etag: "02915ec22c82e414f4253e221ad0ccac"
x-cache: Hit from cloudfront
x-amz-version-id: NEPqOKOYs3JsczJA8ylf.rM99B5zrL81
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript
content-length: 81128
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
x-amz-cf-id: NXpqmf9fiV4dT_dqgzJ4sxdHXHxSX_CVd9RlxQR0GFvttheiq4L4Bw==

GET
H2 200 wt Show response
polarcdn-pentos.com/ Frame 1B57 3 B
66 B 16ms
16ms XHR
application/octet-stream 104.18.219.82
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-pentos.com/wt?e=3&n=3&p=UNKNOWN&s=1&u=f6d3b4a3-228b-41cb-993c-e7482a43f118&v=2%2Fc7fea11&w=1.122.0&y=w&z=v1.6.25&pas=asa-web-polarpmp&pag1=conde_customcontent_market&pag2=brand_arstechnica&paenb=y&paena=a.973d7a90-2f90-48c4-9aed-6134028735f7.fba044&pai=18d8b&d=arstechnica.com&l=&pajs=&pepm=gdpr-eu&pepc=n&mepc=1&cu=c4ec0b159187efeb9f596a7d2c7ce7b1&t=arx&parcid=544fa&parid=438b1&parin=2&partm=1&par=s&maxts=0.298&pvhref=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&_=1547690465847
Requested by: Host: static.polarcdn.com
URL: https://static.polarcdn.com/creative/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.18.219.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f0e2d95e318789b840f67b7004cb30985ce2e0ef3ece7507b2b15e8441811a7

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
x-amz-request-id: 2EE616777196F05B
status: 200
content-length: 3
x-amz-id-2: uZ70s9eSUL4ZIqPTl3xTn2nhzUQDLjtwAjR3IG6Saat+EwI9iHbjSsUGhQGLa+z4GjVVgJFvZjM=
last-modified: Mon, 09 Jul 2018 17:31:51 GMT
server: cloudflare
etag: "28e4477bb454eb35226fe56082545e13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 49a53b65acf99c47-AMS

GET
H2 200 ce0099ea764e43ea9b39fc639d7439eb Show response
polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/creative/ Frame 1B57 15 KB
4 KB 64ms
63ms XHR
application/json 2606:4700::6810:50ad
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-terrax.com/nativeads/v1.4.0/json/hostname/arstechnica.com/creative/ce0099ea764e43ea9b39fc639d7439eb?order=beab4c93b7f947efae37dcd1a72ab199
Requested by: Host: static.polarcdn.com
URL: https://static.polarcdn.com/creative/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:50ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2894b4f3a0b3fcf96aaa5180da3bbbd56f0a1db525b7f60355a378c5c5b23d6

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Jan 2019 02:01:06 GMT
content-encoding: gzip
server: cloudflare
status: 200
etag: W/"dce226b7d0c1ffd04d442ae0fd12f6f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Country
cache-control: max-age=900
x-country: DE
cf-ray: 49a53b659c08c2c9-FRA

GET
H2 200 wt Show response
polarcdn-pentos.com/ Frame 1B57 3 B
66 B 16ms
16ms XHR
application/octet-stream 104.18.219.82
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://polarcdn-pentos.com/wt?e=4&n=3&p=NA-ARSTECH-11238837&s=1&u=f6d3b4a3-228b-41cb-993c-e7482a43f118&v=2%2Fc7fea11&w=1.122.0&y=w&z=v1.6.25&pas=asa-web-polarpmp&pag1=conde_customcontent_market&pag2=brand_arstechnica&paenb=y&paena=a.973d7a90-2f90-48c4-9aed-6134028735f7.fba044&paenli=37818413e54f41409b5fa4e97bfa1c23&paenlip=8d868d89362744d1b004644d401b4f3f&paeno=beab4c93b7f947efae37dcd1a72ab199&paenop=08310269369645b3a36219c1bf42baac&paes=fd9a1a7c3cf24f9fb674bbc3a4ebe163&pai=18d8b&d=arstechnica.com&l=Key-native_xrail+%5BXrail%5D&pajs=body&pepm=gdpr-eu&pepc=n&mepc=1&pecy=DE&c=bb63eedcc19945e1a21ae7d59845ad7d&pacexp=47f4bef57c0b4d0e9e10e7ac09765e3b&t=i&pasp=6fe1dded4b5f4d1a8a01dfa8492cbdab&pvhref=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&_=1547690465848
Requested by: Host: static.polarcdn.com
URL: https://static.polarcdn.com/creative/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.18.219.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f0e2d95e318789b840f67b7004cb30985ce2e0ef3ece7507b2b15e8441811a7

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
x-amz-request-id: 2EE616777196F05B
status: 200
content-length: 3
x-amz-id-2: uZ70s9eSUL4ZIqPTl3xTn2nhzUQDLjtwAjR3IG6Saat+EwI9iHbjSsUGhQGLa+z4GjVVgJFvZjM=
last-modified: Mon, 09 Jul 2018 17:31:51 GMT
server: cloudflare
etag: "28e4477bb454eb35226fe56082545e13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 49a53b662d1b9c47-AMS

GET
H2 200 5bedd3ea524942ba3c8ff4ff
polarcdn-terrax.com/image/v1.0.0/bin/ 7 KB
7 KB 30ms
11ms Image
image/jpeg 2606:4700::6810:52ad
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://polarcdn-terrax.com/image/v1.0.0/bin/5bedd3ea524942ba3c8ff4ff?v=e47d0&w=300
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:52ad , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 534349ffc49c146020b2bc9a8530192d7c3e3ca2d15d823bd55f18ee70a5669a

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
via: 1.1 varnish
cf-cache-status: HIT
cf-ray: 49a53b6648362354-FRA
status: 200
access-control-max-age: 432000
content-length: 6984
x-varnish: 2202505644 2202498320
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=432000
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK publishertag.js Show response
static.criteo.net/js/ld/ 81 KB
25 KB 1375ms
93ms Script
text/javascript 74.119.119.131
Criteo Corp.

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 74.119.119.131 Palo Alto, United States, ASN19750 (AS-CRITEO - Criteo Corp., US),
Reverse DNS
Software: nginx /
Resource Hash: 2567ec168123f197809327b3a7ed0f5797d841c9de36afa37db4c3698f6d23c6

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Server: nginx
ETag: W/"5c1224f0-1450f"
Transfer-Encoding: chunked
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400, public
Connection: keep-alive
Timing-Allow-Origin: *
Expires: Fri, 18 Jan 2019 02:01:08 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
512 B 31ms
30ms XHR
application/json 54.77.151.154
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=183973
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.151.154 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-77-151-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b9b7cc6fc13641839641f20c0eb2e884557adc4bd4339b1852c95b9352ecfc45

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 17 Jan 2019 02:01:06 GMT
x-aspnet-version: 4.0.30319
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://arstechnica.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sat, 16 Feb 2019 02:01:06 GMT

GET
H2 200 ids Show response
mid.rkdms.com/ 0
398 B 225ms
224ms XHR
application/json 143.204.101.51
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://mid.rkdms.com/ids?ptk=17c1789b-e660-493b-aa74-3c8fb990dc5f&pubid=CONDENAST
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.51 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-51.fra50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

GET
H2 202 identity Show response
api.rlcdn.com/api/ 0
50 B 316ms
98ms XHR
text/plain 18.213.181.62
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.181.62 Cambridge, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-213-181-62.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

status: 202
date: Thu, 17 Jan 2019 02:01:06 GMT
content-length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
3 KB 7183ms
76ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=2&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.7455718777621996
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: fee8e40fd50db4de3d0f592338b3fca5ed500de54aae40dc44796891ca5189c7

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:13 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 2100
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 7249ms
66ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=57&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.4939272932716914
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 785e4c6c6dea8d40a5e5f40abcee432d3a1446bf384941f3f0e8a49fabf4b660

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:13 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 1611
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 7296ms
47ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=55&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.03678231818090505
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 5f91a1b8ed2794709c2a3bb98a8e869c14dbee96bd409d7503b9ef1b3c115f51

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:13 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 65 B
1002 B 1166ms
117ms XHR
text/javascript 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=175689&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A7911401%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%221%22%2C%22siteID%22%3A%22175689%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%222%22%2C%22siteID%22%3A%22175690%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%223%22%2C%22siteID%22%3A%22175691%22%7D%2C%22id%22%3A%223%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%221aa317fd-4cb8-4f5f-a1fb-cdaf5332eb2c%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222019-01-17T02%3A01%3A06%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6e4b8fed6ec6c05d9db874f079aa4b61df53b849edc3c8bde1d30aef3afff978

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:07 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 85
Expires: Thu, 17 Jan 2019 02:01:07 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

15521ms
418ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:22 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:22 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

15199ms
97ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 7369ms
77ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=15&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.17324407382527407
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 0b6ec64cfb558ef466328654a8545c2e1ff4e313ebdfda6b670709ea3e03d5ea

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:13 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 1770
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 7429ms
59ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=10&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.4975422457349925
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 70de8f0b12c40787b4c4b3f84ca19d799c2ed41be1a51f98e8925b985f926bb1

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:13 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 7480ms
52ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=54&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.6221200042311072
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 1be9945e5a66ba276cebf47ba6a5b6d45034c0df39b587b5cdd4341d78934137

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:13 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 66 B
1003 B 1278ms
116ms XHR
text/javascript 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=175689&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A70942271%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2210%22%2C%22siteID%22%3A%22175698%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2211%22%2C%22siteID%22%3A%22175699%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A1050%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2212%22%2C%22siteID%22%3A%22175700%22%7D%2C%22id%22%3A%223%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%221aa317fd-4cb8-4f5f-a1fb-cdaf5332eb2c%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222019-01-17T02%3A01%3A06%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f51b8d8c5712e850e5033d13f644540ec815400eea78d8a2debab38176f84a92

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:07 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 86
Expires: Thu, 17 Jan 2019 02:01:07 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

15196ms
98ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

15196ms
98ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
339 B 60ms
31ms XHR
text/plain 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=175689&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:07 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 17 Jan 2019 02:01:07 GMT

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
339 B 97ms
37ms XHR
text/plain 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=175689&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:07 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 17 Jan 2019 02:01:07 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 1301ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A08.243Z&_t=slot_impression_viewable&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=e514eb24-539c-4770-874d-71211d6a316e&sID=a3cce8e2-778c-4e92-bc56-74a31bda30f6&pID=e3545f9b-7645-4215-b330-e3161dcf7ff2&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x308&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&is_first_Request=true&requested=3061.499997973442&pageLoad_to_requested=3061.499997973442&CNS_init_to_requested=2379.000000655651&rendered=7429.099999368191&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=970x250&request_to_rendered=4367.600001394749&pageLoad_to_rendered=7429.099999368191&CNS_init_to_rendered=6746.6000020504&is_first_impression_viewable=true&impression_Viewable=9946.49999961257&in_viewport_to_visible_change=7888.799998909235&pageLoad_to_gpt_viewable=9946.49999961257&CNS_init_to_impression_Viewable=9264.000002294779&request_to_impression_Viewable=6885.000001639128&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:09 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 1398ms
98ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A08.249Z&_t=slot_impression_viewable&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=e514eb24-539c-4770-874d-71211d6a316e&sID=a3cce8e2-778c-4e92-bc56-74a31bda30f6&pID=e3545f9b-7645-4215-b330-e3161dcf7ff2&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=3068.9999982714653&pageLoad_to_requested=3068.9999982714653&CNS_init_to_requested=2386.5000009536743&rendered=7447.000000625849&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=300x600&request_to_rendered=4378.0000023543835&pageLoad_to_rendered=7447.000000625849&CNS_init_to_rendered=6764.500003308058&impression_Viewable=9952.7000002563&in_viewport_to_visible_change=7885.099999606609&pageLoad_to_gpt_viewable=9952.7000002563&CNS_init_to_impression_Viewable=9270.200002938509&request_to_impression_Viewable=6883.700001984835&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:09 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

POST
H/1.1 204
No Content cdb Show response
bidder.criteo.com/ 0
213 B 1582ms
19ms XHR
text/plain 178.250.0.93
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=63&profileId=154&cb=21171720575
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 178.250.0.93 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://arstechnica.com
Date: Thu, 17 Jan 2019 02:01:09 GMT
Access-Control-Allow-Credentials: true
Server: Finatra
Timing-Allow-Origin: *
Vary: Origin

POST
H/1.1 204
No Content cdb Show response
bidder.criteo.com/ 0
213 B 1601ms
18ms XHR
text/plain 178.250.0.93
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=63&profileId=154&cb=59493211376
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 178.250.0.93 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://arstechnica.com
Date: Thu, 17 Jan 2019 02:01:09 GMT
Access-Control-Allow-Credentials: true
Server: Finatra
Timing-Allow-Origin: *
Vary: Origin

GET
H2 200 local_storage_frame10.min.html
assets.bounceexchange.com/assets/bounce/ Frame E7A9 0
0 8ms
8ms Document
text/html 143.204.90.45
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame10.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/tags/versioned/ijs_all_modules_9b981cd5bad3f03d6e262c4475190010.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.90.45 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-90-45.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: assets.bounceexchange.com
:scheme: https
:path: /assets/bounce/local_storage_frame10.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

status: 200
content-type: text/html
content-length: 995
date: Mon, 10 Dec 2018 18:23:32 GMT
last-modified: Thu, 06 Dec 2018 22:10:11 GMT
etag: "55fccc7bc73db2181e976f1ccec90e2c"
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: iR64T.LKj_uq4qI1dcEGfT66vRlvUKzS
accept-ranges: bytes
server: AmazonS3
age: 3224258
x-cache: Hit from cloudfront
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
x-amz-cf-id: T7Sq1DY3VhUZvxQ-oy8Ugd1F62T1t7bCd8Ud12Ukzeslm54n7f7hgQ==

GET
H/1.1 200
OK /
srv-2019-01-17-02.pixel.parsely.com/plogger/ 43 B
229 B 97ms
96ms Image
image/gif 52.0.240.180
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2019-01-17-02.pixel.parsely.com/plogger/?rand=1547690476533&plid=51464913&idsite=arstechnica.com&url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22parsely_uuid%22%3A%22f5a9ed3a-0dd4-4adc-95e5-95d7b0a74fb1%22%2C%22parsely_site_uuid%22%3A%2281077ac0-5d54-478e-94f7-bbf6ec0be30e%22%7D&sid=1&surl=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&sref=&sts=1547690476533&slts=0&date=Thu+Jan+17+2019+02%3A01%3A16+GMT%2B0000+(Coordinated+Universal+Time)&action=heartbeat&inc=5&tt=4900&pvid=92677339&u=81077ac0-5d54-478e-94f7-bbf6ec0be30e
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.240.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-0-240-180.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:16 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET 9cb2f57a-1d32-4e8a-be32-860ca366bfa8
https://arstechnica.com/ Frame B415 0
0

GET
H/1.1 200
OK sf-ui-display-medium-webfont.woff2
d2c8v52ll5s99u.cloudfront.net/assets/fonts/ Frame B415 29 KB
30 KB 403ms
371ms Font
application/font-woff2 143.204.98.182
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2c8v52ll5s99u.cloudfront.net/assets/fonts/sf-ui-display-medium-webfont.woff2
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.182 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-182.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://d2c8v52ll5s99u.cloudfront.net/player/player-style-fbe7f8909eaaa3ac1e73b7d3feec1e1b.css
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:21 GMT
Content-Encoding: gzip
X-Cache: RefreshHit from cloudfront
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 29632
Via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
Last-Modified: Mon, 26 Jun 2017 15:24:42 GMT
Server: AmazonS3
ETag: "7d18db04f980971f2a9c5026bbc34bed"
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Access-Control-Allow-Methods: GET
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=63072000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: c1NrhmmORVY4uPMbR47qVLcXfPMPGCNG0YQ88LGPEqzhH12pehwrpA==
Expires: Tue, 01 Jan 2030 00:00:00 GMT

GET
H2 200 bridge3.272.0_en.html
imasdk.googleapis.com/js/core/ Frame 1A93 0
0 7ms
6ms Document
text/html 2a00:1450:4001:80b::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.272.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.272.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 184860
date: Tue, 15 Jan 2019 23:39:00 GMT
expires: Wed, 15 Jan 2020 23:39:00 GMT
last-modified: Tue, 15 Jan 2019 23:36:56 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
age: 94940
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame B415 26 KB
10 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:814::2006
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:814::2006 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 10523
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 02:01:20 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame B415 109 B
171 B 16ms
15ms Script
application/javascript 2a00:1450:4001:821::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=arstechnica.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 17 Jan 2019 02:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame B415 51 KB
15 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 14941
x-xss-protection: 0
pragma: public
x-fb-debug: HwCCZHIea6g6MssDGZrgNer8DAcF19Jg5cdLhxeAp5Po1Ns6ZEsK/29wOz6i0AjKWqeJHmo5pXU2uBHw8SZeOQ==
date: Thu, 17 Jan 2019 02:01:20 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK comscore-min.js Show response
d2c8v52ll5s99u.cloudfront.net/player/ Frame B415 38 KB
11 KB 8ms
8ms Script
text/javascript 143.204.98.73
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d2c8v52ll5s99u.cloudfront.net/player/comscore-min.js
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.73 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-73.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 833a86642252016b29f08dd45ffd27f9e00ca237f28d8c5f0147a6e15d009377

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 01:56:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 May 2017 18:19:15 GMT
Server: AmazonS3
Age: 264
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: 2Oq9rU1YGwcKnLNMdHHmA1ku8iDWpLKvoS3OkoIYIHcRr_U-IZ4k8w==

POST
H2 200 collect
www.google-analytics.com/r/ 35 B
154 B 14ms
13ms Other
image/gif 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/r/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: https://arstechnica.com
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK infinityid Show response
infinityid.condenastdigital.com/ Frame B415 36 B
1 KB 627ms
111ms XHR
text/plain 52.1.121.7
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://infinityid.condenastdigital.com/infinityid
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.121.7 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-1-121-7.compute-1.amazonaws.com
Software: nginx/1.15.3 /
Resource Hash: ae97ec9dc80376bacaa100eb84be86973ec14efa9d94f797463b86f3efbccc42

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:20 GMT
content-encoding: gzip
Server: nginx/1.15.3
vary: origin,accept-encoding
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: https://arstechnica.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
access-control-allow-credentials: true
Connection: keep-alive
transfer-encoding: chunked

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame B415 48 B
48 B 99ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2019-01-17T02%3A01%3A20.170Z&_c=&_t=Player%20Requested&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:20 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame B415 48 B
48 B 102ms
100ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2019-01-17T02%3A01%3A20.239Z&_c=initial&_t=gptData&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&dim1=%7B%22adBlocked%22%3Afalse%2C%22adUnits%22%3A%5B%223379%2Fconde.ars%2Fhero%2Finformation-technology%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Frail%2Finformation-technology%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Frail%2Finformation-technology%2Farticle%2F2%22%2C%223379%2Fconde.ars%2Finterstitial%2Finformation-technology%2Farticle%2F1%22%2C%223379%2Fconde.ars%2Fhero%2Finformation-technology%2Farticle%2F1%22%5D%2C%22embedLocation%22%3A%22arstechnica%22%2C%22error%22%3A%22%22%2C%22lineItems%22%3A%5B%5D%2C%22publicaEnabled%22%3Afalse%2C%22videoId%22%3A%225c3e102327955155ff000001%22%7D
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:20 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame B415 48 B
48 B 103ms
102ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2019-01-17T02%3A01%3A20.307Z&_c=Performance&_t=adj_player_download_time&app=playerservice&cBr=arstechnica&cCh=videos%2Fshow&cCu=http%3A%2F%2Fvideo.arstechnica.com%2Fwatch%2Fthe-art-of-glen-schofield&cId=5c3e102327955155ff000001&cKe=game%20design&cPd=2019-01-16T16%3A00%3A00%2B00%3A00&cTi=The%20artistic%20mind%20of%20Glen%20Schofield%20&mDu=340&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pWw=540&pWh=303.75&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22guid%22%3A%2279c71645-210b-3102-b722-9057f7a2f476%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Afalse%2C%22initialPlayerStartType%22%3A%22manual%22%2C%22persistent%22%3Afalse%2C%22playerDepth%22%3A3747.09375%2C%22playerType%22%3A%22video-continuous%22%2C%22precededByAd%22%3A%22No%20Ad%22%2C%22recAlgorithm%22%3Anull%2C%22recStrategy%22%3Anull%2C%22tabStatus%22%3A%22active%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3Anull%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%7D&_v=15120.200000703335&adId=
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:20 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK arstechnica_the-art-of-glen-schofield.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1547590224/ Frame B415 63 KB
64 KB 10ms
8ms Image
image/jpeg 143.204.98.2
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1547590224/arstechnica_the-art-of-glen-schofield.jpg
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: ffe6307d7b43794a961640977ef425718fe1e5bcaa49a67a1340c9597209c1ba

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 16 Jan 2019 16:12:00 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 35360
Edge-Cache-Tag: 478167326677407632418375752943002021374,504486728181076666154556403696563473843,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 64249
X-Request-Id: bf8f71e1efd37320
X-Served-By: cache-fra19122-FRA
Server: cloudinary
X-Timer: S1547655120.344052,VS0,VE620
ETag: "1d54289a7a49d52cd8df071a22758bbd"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: U8ub-xxodYglb0gF0EpLgJQ8BmJ5zZk9sTNZ_VHy3C8STitOQ8eTbQ==
X-Cache-Hits: 0

GET
H/1.1 206
Partial Content 3d644380-ddb8-495c-9b9c-7d639bbd6a2cthumbs.mp4
dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/ Frame B415 64 KB
0 64ms
9ms Media
video/mp4 143.204.101.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/3d644380-ddb8-495c-9b9c-7d639bbd6a2cthumbs.mp4
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.76 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-76.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Range: bytes=0-
chrome-proxy: frfr

Response headers

Date: Wed, 16 Jan 2019 17:29:04 GMT
Via: 1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
Last-Modified: Tue, 15 Jan 2019 20:48:09 GMT
Server: AmazonS3
Age: 30737
ETag: "c685a742dbfc1eb91328dd7f0c65ca58"
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-1382230/1382231
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1382231
X-Amz-Cf-Id: lKcjaRxxWl_3o58MuRzPwZ6jVnyb8hDI5LX7GUMydywebn9Pi9e4sA==

GET
H/1.1 206
Partial Content 3d644380-ddb8-495c-9b9c-7d639bbd6a2cthumbs.mp4
dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/ Frame B415 128 KB
0 63ms
8ms Media
video/mp4 143.204.101.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/3d644380-ddb8-495c-9b9c-7d639bbd6a2cthumbs.mp4
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.76 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-76.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Range: bytes=0-
chrome-proxy: frfr

Response headers

Date: Wed, 16 Jan 2019 17:29:04 GMT
Via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
Last-Modified: Tue, 15 Jan 2019 20:48:09 GMT
Server: AmazonS3
Age: 30737
ETag: "c685a742dbfc1eb91328dd7f0c65ca58"
X-Cache: Hit from cloudfront
Content-Type: video/mp4
Content-Range: bytes 0-1382230/1382231
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1382231
X-Amz-Cf-Id: zLWY0zOXTakGrdgQ_YFmaM8H4jWVhKEMb_tZmt6a79ikYSfXA3KHag==

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame B415 48 B
48 B 112ms
111ms Image
image/gif 54.165.0.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2019-01-17T02%3A01%3A20.344Z&_c=Player%20Event&_t=Player%20Loaded&app=playerservice&cBr=arstechnica&cCh=videos%2Fshow&cCu=http%3A%2F%2Fvideo.arstechnica.com%2Fwatch%2Fthe-art-of-glen-schofield&cId=5c3e102327955155ff000001&cKe=game%20design&cPd=2019-01-16T16%3A00%3A00%2B00%3A00&cTi=The%20artistic%20mind%20of%20Glen%20Schofield%20&mDu=340&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pWw=540&pWh=303.75&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22guid%22%3A%2279c71645-210b-3102-b722-9057f7a2f476%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Afalse%2C%22initialPlayerStartType%22%3A%22manual%22%2C%22persistent%22%3Afalse%2C%22playerDepth%22%3A3747.09375%2C%22playerType%22%3A%22video-continuous%22%2C%22precededByAd%22%3A%22No%20Ad%22%2C%22recAlgorithm%22%3Anull%2C%22recStrategy%22%3Anull%2C%22tabStatus%22%3A%22active%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3Anull%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%7D&adId=
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.0.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-0-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:20 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET 051f6a31-d717-451b-ba10-3292c34e0fdf
https://arstechnica.com/ Frame B415 0
0

GET
H/1.1 200
OK 3d644380-ddb8-495c-9b9c-7d639bbd6a2cmanifest-ios.m3u8 Show response
dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/ Frame B415 918 B
1 KB 45ms
8ms XHR
application/x-mpegurl 143.204.101.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/3d644380-ddb8-495c-9b9c-7d639bbd6a2cmanifest-ios.m3u8?videoIndex=0&requester=oo
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.76 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-76.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 02d91d93a55591098dfdc98e196cc0f9be5427aa3a651352d9ff19e3f32f1dd8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Wed, 16 Jan 2019 17:29:02 GMT
Via: 1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)
Vary: Origin
Age: 30739
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 918
Last-Modified: Tue, 15 Jan 2019 20:47:21 GMT
Server: AmazonS3
ETag: "1d7523d509ffaa936efa2bb6ee84e7b7"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
X-Amz-Cf-Id: WvKgMxMUHN9dpRPDkC6cW80k99qtR7RvS-N42KQNvA0mwI8Qz3Zdbg==

GET
H2 200 1663130473914833 Show response
connect.facebook.net/signals/config/ Frame B415 181 KB
43 KB 16ms
5ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1663130473914833?v=2.8.37&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

72ffe60f8a5745396d0706afcb6a2438154e0c3a496211e03a9e9761fcf87c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 44187
x-xss-protection: 0
pragma: public
x-fb-debug: +S/pjJiqApoFeh1w2ufiss9B7C0RugdUJydbA9ApqWdosw6vL3Ld4oQn+2iZEcu4QgFkmau5+E6OtLKfVtmEmQ==
date: Thu, 17 Jan 2019 02:01:20 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1547590224/arstechnica_the-art-of-glen-schofield.jpg
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.10 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-10.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: ffe6307d7b43794a961640977ef425718fe1e5bcaa49a67a1340c9597209c1ba

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Wed, 16 Jan 2019 16:12:00 GMT
Via: 1.1 varnish, 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)
Age: 35360
Edge-Cache-Tag: 478167326677407632418375752943002021374,504486728181076666154556403696563473843,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 64249
X-Request-Id: bf8f71e1efd37320
X-Served-By: cache-fra19122-FRA
Server: cloudinary
X-Timer: S1547655120.344052,VS0,VE620
ETag: "1d54289a7a49d52cd8df071a22758bbd"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: bjlkglLBMZY1oJtpzhYrS4pMzmPdJFOPu0lo_GNz76OaXFnQwNhM2Q==
X-Cache-Hits: 0

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_arstechnica.png,fl_progressive,g_face,h_450,q_80,w_800/v1547590224/arstechnica_the-art-of-glen-schofield.jpg
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.98.2 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-98-2.fra50.r.cloudfront.net
Software: cloudinary /
Resource Hash: ffe6307d7b43794a961640977ef425718fe1e5bcaa49a67a1340c9597209c1ba

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 16 Jan 2019 16:12:00 GMT
Via: 1.1 varnish, 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
Age: 35360
Edge-Cache-Tag: 478167326677407632418375752943002021374,504486728181076666154556403696563473843,bd072c9835b885d44d7447102f8695ad
Status: 200 OK
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 64249
X-Request-Id: bf8f71e1efd37320
X-Served-By: cache-fra19122-FRA
Server: cloudinary
X-Timer: S1547655120.344052,VS0,VE620
ETag: "1d54289a7a49d52cd8df071a22758bbd"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Amz-Cf-Id: okVI7vnJMt8ov0ny9PGRH7SbtkQgrXjc5Qk0RtHo-Pwl3RH5C824CA==
X-Cache-Hits: 0

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame B415 4 KB
2 KB 328ms
35ms XHR
text/xml 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?sz=640x480|480x70&iu=/3379/conde.ars/player/biz-andamp-it&ciu_szs=300x60&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&cust_params=env_device_type%3Ddesktop%26env_server%3Dproduction%26rdt_device_template%3Ddesktop_article%26cnt_tags%3Dfancy-bear%252Clojax%252Cmalware%252Crootkits%252Cuefi%26usr_bkt_pv%3D26%26ctx_cns_version%3D2_25_5%26vnd_prx_segments%3D300003%252C121100%252C131100%252C131103%252C210000%252C210012%252C240000%252C240002%252C240003%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252Cwmhp4i%252C2hkgm5%252Cap05we%252Cfdf1wd%252Cv8lc56%252C36vte1%252C_DV7R1eCPJLo_%26vnd_ars_data%3D%26vnd_4d_ctx_topics%3DALLBRANDS_70%252CALLBRANDS_7%252CALLBRANDS_63%252CALLBRANDS_38%252CALLBRANDS_31%252CALLBRANDS_283%252CALLBRANDS_274%252CALLBRANDS_258%252CALLBRANDS_167%252CALLBRANDS_134%252CALLBRANDS_64%252CALLBRANDS_57%252CALLBRANDS_28%252CALLBRANDS_244%252CALLBRANDS_21%252CALLBRANDS_192%26vnd_4d_ctx_topic_sc%3D0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%26vnd_4d_ctx_entities%3Dmalware%252Clojax%252Clojack%252Crootkit%252Cabsolute%2520software%252Cpage%2520layout%252Cnetscout%252Crussian%252Cbombshell%252Ceset%252Ccomputrace%252Coperating%2520system%252Chard%2520drive%252Cdan%2520goodin%252Cbackdoor%252Cutc%252Carbor%2520networks%252Cantivirus%2520software%252Cflash%2520memory%252Cserial%2520peripheral%2520interface%26vnd_4d_ctx_ent_sc%3D1%252C0.9122719256493937%252C0.8490265978428302%252C0.7665621474966728%252C0.7467290233548047%252C0.7398014016825881%252C0.7069772106084045%252C0.6208620391358676%252C0.4994406086428591%252C0.47417726106104496%252C0.4658396092857796%252C0.46428387291354406%252C0.45952211023121675%252C0.4578112948985477%252C0.4506579038710421%252C0.4242203090015489%252C0.4206713878984811%252C0.3975896690316308%252C0.38131630900848573%252C0.38049651481476754%26vnd_4d_ctx_keywords%3Dmalware%252Clojax%252Cresearcher%252Clojack%252Crootkit%252Cabsolute%2520software%252Cpage%2520layout%252Ccontrol%2520server%252Cnetscout%252Crussian%252Coperation%252Cbombshell%252Cdomain%252Ceset%252Ccomputrace%252Coperating%2520system%252Cip-to-domain%2520mapping%252Chard%2520drive%252Cdan%2520goodin%252Cbackdoor%26vnd_4d_ctx_kw_sc%3D1%252C0.9122719256493937%252C0.8661514775641861%252C0.8490265978428302%252C0.7665621474966728%252C0.7467290233548047%252C0.7398014016825881%252C0.7082091276849575%252C0.7069772106084045%252C0.6208620391358676%252C0.5221908868282827%252C0.4994406086428591%252C0.48511932543486386%252C0.47417726106104496%252C0.4658396092857796%252C0.46428387291354406%252C0.4598058784275079%252C0.45952211023121675%252C0.4578112948985477%252C0.4506579038710421%26vnd_4d_pid%3Dbf9fc605-971b-4ce7-b43a-1dfd716dc8fd%26vnd_4d_xid%3Df15b9ae6-55b4-42b1-84e3-195001e6d8b0%26vnd_4d_sid%3D6eefb6d6-b5e9-4734-9051-08c964ac404b%26ctx_template%3Darticle%26ctx_page_slug%3D8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%26ctx_page_channel%3Dinformation_technology%26ctx_line_items%3D%26height%3D304%26muted%3D1%26width%3D540&correlator=4451079646673189&description_url=https%3A%2F%2Fthescene.com%2Fwatch%2Farstechnica%2Fthe-art-of-glen-schofield&vid=5c3e102327955155ff000001&cmsid=1495&ppid=

Requested by

Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

146e2f712aab8ea7c71c80c1003d5d2cccaabcb01006b2aadf38be9e84188765

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1620
x-xss-protection: 1; mode=block
google-lineitem-id: 0
pragma: no-cache
server: cafe
google-creative-id: 0
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://arstechnica.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 3d644380-ddb8-495c-9b9c-7d639bbd6a2cfile-1422k-128-48000-768.m3u8 Show response
dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/ Frame B415 5 KB
927 B 13ms
9ms XHR
application/x-mpegurl 143.204.101.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/3d644380-ddb8-495c-9b9c-7d639bbd6a2cfile-1422k-128-48000-768.m3u8?requester=oo
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.76 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-76.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b6dd54d88ed66f0081394e6aad184171b2ddd76d563d4489091b0cefa39af051

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Wed, 16 Jan 2019 17:29:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jan 2019 20:49:18 GMT
Server: AmazonS3
Age: 30738
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: FwOnSTKiCFYeSXGo8OcjPGYe2FFJB3DlwF7h_IFC3Ej-_QjATNyghA==
Via: 1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)

GET 3e6545cd-b84a-4734-be04-996bbfd4118b
https://arstechnica.com/ Frame B415 0
0

GET
H/1.1 200
OK 3d644380-ddb8-495c-9b9c-7d639bbd6a2cfile-1422k-128-48000-768-00001.ts Show response
dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/ Frame B415 979 KB
966 KB 8ms
8ms XHR
application/x-mpegurl 143.204.101.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dp8hsntg6do36.cloudfront.net/5c3e102327955155ff000001/3d644380-ddb8-495c-9b9c-7d639bbd6a2cfile-1422k-128-48000-768-00001.ts?requester=oo
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.76 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-76.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 16f4930183afaac14ff6e0bb9bd00d0371cdd251438a7b9044729a87e56bea14

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Wed, 16 Jan 2019 17:29:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jan 2019 20:49:15 GMT
Server: AmazonS3
Age: 30736
Vary: Accept-Encoding,Origin
Access-Control-Allow-Methods: GET, HEAD
Content-Type: application/x-mpegURL
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: l9maieuSRM3RlZzOrHwUTyyLPEkyIsoZNrgIrt_JBm5D2EIMk1mGmw==
Via: 1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)

POST
H2 200 collect
www.google-analytics.com/ 35 B
110 B 14ms
14ms Other
image/gif 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: https://arstechnica.com
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK moatvideo.js Show response
z.moatads.com/condenastjsvideocontent160527792519/ Frame B415 279 KB
86 KB 16ms
15ms Script
application/x-javascript 23.211.3.55
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/condenastjsvideocontent160527792519/moatvideo.js
Requested by: Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.211.3.55 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-211-3-55.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f19ddc0a5d033eb5e9a5ed29e19e2a61ed26e952482010b0cc2e8e82aebe23ea

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:20 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Dec 2018 19:10:01 GMT
Server: AmazonS3
x-amz-request-id: B2EF389A4979A1BF
ETag: "310fd7d11912d31d6fc28b21ac85c76f"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=63258
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87995
x-amz-id-2: 8m2G8z7Ge19UcQULhs90azEIsUPq4aHYpMpdp3bei1+xQzBN1up2Zkr/ldWftYrZzyO0bZqQ+3c=

GET
H/1.1 200
OK track
capture.condenastdigital.com/ Frame B415 48 B
48 B 104ms
104ms Image
image/gif 54.165.0.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_o=cne&_ts=2019-01-17T02%3A01%3A20.755Z&_c=Video%20Ad&_t=Ad%20Call%20Made&app=playerservice&cBr=arstechnica&cCh=videos%2Fshow&cCu=http%3A%2F%2Fvideo.arstechnica.com%2Fwatch%2Fthe-art-of-glen-schofield&cId=5c3e102327955155ff000001&cKe=game%20design&cPd=2019-01-16T16%3A00%3A00%2B00%3A00&cTi=The%20artistic%20mind%20of%20Glen%20Schofield%20&cTy=%2F3379%2Fconde.ars%2Fplayer%2Fbiz-andamp-it&mDu=340&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pWw=540&pWh=303.75&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22guid%22%3A%2279c71645-210b-3102-b722-9057f7a2f476%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Afalse%2C%22initialPlayerStartType%22%3A%22manual%22%2C%22persistent%22%3Afalse%2C%22playerDepth%22%3A3747.09375%2C%22playerType%22%3A%22video-continuous%22%2C%22precededByAd%22%3A%22No%20Ad%22%2C%22recAlgorithm%22%3Anull%2C%22recStrategy%22%3Anull%2C%22tabStatus%22%3A%22active%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3A%22OUT_OF_VIEWPORT%22%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%7D&videoViews=1&adId=
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.0.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-0-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:20 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK pixel.gif
px.moatads.com/ 43 B
409 B 62ms
7ms Image
image/gif 2.21.38.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=CONDEVIDEOCONTENT1&hp=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=8&f=0&j=&o=3&t=1547690480810&de=491459799195&m=0&ar=bf6c409-clean&q=6&cb=0&cu=1547690480810&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=The%20artistic%20mind%20of%20Glen%20Schofield%20%3A%2F3379%2Fconde.ars%2Fplayer%2Fbiz-andamp-it%3Aundefined%3Aundefined&qs=1&bo=arstechnica.com&bd=arstechnica.com&zMoatOrigSlicer1=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&zMoatOrigSlicer2=N%2FA&gw=condenastjsvideocontent160527792519&fd=1&ac=1&it=500&fs=157622&na=158576074&cs=0
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.38.40 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-38-40.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:20 GMT
Last-Modified: Fri, 20 May 2016 15:16:00 GMT
Server: Apache
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Thu, 17 Jan 2019 02:01:20 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 104ms
103ms Image
image/gif 54.165.0.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A20.860Z&_t=pageview&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=2f287837-3352-4795-bad4-f32ef3f25d3d&uNw=1&uUq=1&pID=8161521c-6583-473d-a41f-4e2bb794bf4e&uDt=desktop&_o=ars-technica&_c=general&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.0.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-0-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:20 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H2

302

ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=...

0
-1 B

106ms
106ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=...

0
-1 B

96ms
96ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=...

0
-1 B

106ms
106ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ 495 B
633 B 175ms
174ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Ac966b916-19fb-11e9-9e56-d89d67323314;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._phDu2gY1
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: a139d04541d4213312eaae295500729199739d83e8d141a106a9c23f8c5aa293

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 495
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ 494 B
608 B 190ms
186ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Ac9668748-19fb-11e9-b0e9-a0d3c106cafc;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._H0eRwLjH
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 19b0dbca47b589c3ff335d93374843b53d7d69561aa03d95304b5daa25edd08f

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 494
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ 494 B
608 B 184ms
183ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Ac966c9a6-19fb-11e9-a8bb-40a8f026dda0;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466547;callback=window.headertag.AolHtb.adResponseCallbacks._cENgkpkl
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ad4f57832e56a33d39055fcde35e1ade36284b47184a51d549a1a9f8e8ea1ddf

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:21 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 494
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ 495 B
609 B 186ms
186ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690481;cmd=bid;cors=yes;v=2;misc=1547690466543;callback=window.headertag.AolHtb.adResponseCallbacks._RWpT5jpG
Requested by: Host: arstechnica.com
URL: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: e0db2dd98491dee8a1ee900edb473d162360cb59f3ad28fa8c37dbdd3ad5e2db

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:22 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 495
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK cs.js Show response
sb.scorecardresearch.com/c2/6035094/ 0
400 B 39ms
24ms Script
application/x-javascript 104.111.214.103
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/c2/6035094/cs.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXNPCQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-214-103.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:22 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Apr 2011 23:11:26 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e:1349196464"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=259200
Connection: keep-alive
Content-Length: 20
Expires: Sun, 20 Jan 2019 02:01:22 GMT

GET
H/1.1 200
OK Cookie set dest4.html
condenast.demdex.net/ Frame 0943 0
0 154ms
31ms Document
text/html 54.194.108.5
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://condenast.demdex.net/dest4.html?d_nsid=0
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/s-code-contents-566dcf5046f148f38d0aa32bf73df40db7ae7768.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.108.5 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-194-108-5.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: condenast.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=70215003560483394702275844302745863640
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 09 Jan 2019 14:48:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=70215003560483394702275844302745863640;Path=/;Domain=.demdex.net;Expires=Tue, 16-Jul-2019 02:01:23 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: YriTrdbUSAM=
Content-Length: 2415
Connection: keep-alive

GET
H/1.1 200
OK event Show response
condenast.demdex.net/ 5 KB
2 KB 137ms
34ms Script
application/javascript 54.246.133.167
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://condenast.demdex.net/event?d_nsid=0&d_ld=_ts%3D1547690482894&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690482894
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/6372cf21ef88ee60bc2977a4898dcb5c7945a212/s-code-contents-566dcf5046f148f38d0aa32bf73df40db7ae7768.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.133.167 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-246-133-167.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3b1fb312cae82878022fdfb6b031633c658058905318b024eff64f68c0366c0e

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v014-073678e01.edge-irl1.demdex.com 5.46.1.20190109131638 7ms
Pragma: no-cache
Content-Encoding: gzip
X-TID: n1rHs33oRB4=
Vary: Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: application/javascript;charset=utf-8
Content-Length: 1388
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 103ms
102ms Image
image/gif 54.165.0.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A26.368Z&_t=timespent&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&uNw=1&uUq=1&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=general&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&_v=5000&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.0.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-0-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:26 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 47 B
344 B 144ms
37ms XHR
text/javascript 52.94.220.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pid=4143510855051547690459510&cb=7575175010491547690486375&ws=1600x1200&v=7.24.00&t=2000&slots=%5B%7B%22sd%22%3A%22cns_ads_1547690460343G7J6MeUjeOD9oVv0JKKHjej1tnGClp_post_nav_0_container%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%7D%5D&pj=%7B%22apse%22%3A%7B%22chunkRequests%22%3Afalse%2C%22shouldSampleLatency%22%3Afalse%7D%7D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.220.16 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: d327bcae9071911d94646abed2541f4ab006899af28531a48e2e27c5b2a85d15

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 47

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 87ms
86ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=2&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.6891284922624292
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 4fb69fb01d48adf4c32307121f5209573752b7874a135e8fec37ab4c79461f62

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 1607
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 67ms
66ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=57&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.9981036582935101
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 36896c8f5134884ee0de4e6b0cd9f102ab6325f2821db6e7a001a8b2150f1f80

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=8
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 56ms
55ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=55&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.25272880525558805
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: eac42924074c06964f9541250a2b362e2b167e4562de32d5dbaee8da580d76e3

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 66 B
1001 B 139ms
138ms XHR
text/javascript 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=175689&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A10101465%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%221%22%2C%22siteID%22%3A%22175689%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%222%22%2C%22siteID%22%3A%22175690%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%223%22%2C%22siteID%22%3A%22175691%22%7D%2C%22id%22%3A%223%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%221aa317fd-4cb8-4f5f-a1fb-cdaf5332eb2c%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222019-01-17T02%3A01%3A06%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 09f703aecadd1a963bcae2f362dde114510dc48880df390aefa8157d8bb4fd98

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 84
Expires: Thu, 17 Jan 2019 02:01:26 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

106ms
106ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

106ms
105ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 204
No Content cdb Show response
bidder.criteo.com/ 0
213 B 57ms
20ms XHR
text/plain 178.250.0.93
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=63&profileId=154&cb=47754001933
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 178.250.0.93 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://arstechnica.com
Date: Thu, 17 Jan 2019 02:01:26 GMT
Access-Control-Allow-Credentials: true
Server: Finatra
Timing-Allow-Origin: *
Vary: Origin

GET
H/1.1 200
OK bid Show response
aax.amazon-adsystem.com/e/dtb/ 46 B
343 B 140ms
38ms XHR
text/javascript 52.94.220.16
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pid=4143510855051547690459510&cb=971583794581547690486380&ws=1600x1200&v=7.24.00&t=2000&slots=%5B%7B%22sd%22%3A%22cns_ads_1547690460345CCrqqBWDXd6CkesBHV6dwMuirbbnWI_siderail_0_container%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%7D%5D&pj=%7B%22apse%22%3A%7B%22chunkRequests%22%3Afalse%2C%22shouldSampleLatency%22%3Afalse%7D%7D&cfgv=0&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.220.16 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Server /
Resource Hash: 331dd7f90169d8a69d8e9edde4f98b9c0c1bf33165ac0174c05bfd5610409dc1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: Server
Vary: User-Agent
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://arstechnica.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 46

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 65 B
1002 B 182ms
143ms XHR
text/javascript 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?v=7.2&s=175689&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A1181639%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2210%22%2C%22siteID%22%3A%22175698%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2211%22%2C%22siteID%22%3A%22175699%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A1050%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2212%22%2C%22siteID%22%3A%22175700%22%7D%2C%22id%22%3A%223%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%221aa317fd-4cb8-4f5f-a1fb-cdaf5332eb2c%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222019-01-17T02%3A01%3A06%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1c70d7a20ed118689ce55f3a7d5f0b51467d1615ee8c7c458a2a014ebb4881e3

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 85
Expires: Thu, 17 Jan 2019 02:01:26 GMT

POST
H/1.1 204
No Content cdb Show response
bidder.criteo.com/ 0
213 B 75ms
20ms XHR
text/plain 178.250.0.93
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=63&profileId=154&cb=1869827479
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 178.250.0.93 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://arstechnica.com
Date: Thu, 17 Jan 2019 02:01:25 GMT
Access-Control-Allow-Credentials: true
Server: Finatra
Timing-Allow-Origin: *
Vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
3 KB 77ms
77ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=15&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.6272263253326411
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 7d312e14b58809a40b6d327797e359492a3b89b0a5f9cf8371ef8f5c1388c1bd

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 2099
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 79ms
79ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=10&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.011281365448930991
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 89e2cc2a3dc030d7134cb808c42006af78fe6e6ddef7b4f337c120e5ad34e746

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 1769
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 79ms
79ms XHR
application/json 213.19.162.71
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&size_id=54&p_pos=btf&rp_floor=0.01&rf=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&p_screen_res=1600x1200&site_id=196712&zone_id=960274&kw=rp.fastlane&tk_flint=custom&rand=0.2557794506921369
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.71 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 7c6c6751802f59c4b5a6f8771390321c38d72d74ba333d45d1ba991dd5dda0f1

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=0, max=10
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

105ms
105ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks....

0
-1 B

95ms
95ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=...

0
-1 B

96ms
95ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=...

0
-1 B

106ms
105ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=...

0
-1 B

96ms
96ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;cfp=1;rndc=1547690485;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks....
https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=...

0
-1 B

106ms
106ms

XHR

152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
access-control-allow-origin: https://arstechnica.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ 495 B
609 B 191ms
191ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704186/0/-1/ADTECH;apid=1Acc38da2a-19fb-11e9-85a5-a0d3c106a3c0;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._MR8cClnU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 9b0bf8649edf5c5f829557758665344474c112468d5a20a8f7c19636ab002812

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 495
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ 495 B
609 B 187ms
186ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704187/0/-1/ADTECH;apid=1Acc39d4e8-19fb-11e9-a4e8-9cb65496f194;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._Fus5GH5W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: f61995826fa2fb24723e7c46bb567a3b50d60497f6425acb2057e0c130fd6d4e

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 495
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ 494 B
608 B 186ms
185ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704190/0/-1/ADTECH;apid=1Acc39b5b2-19fb-11e9-bd31-a0d3c101f238;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486379;callback=window.headertag.AolHtb.adResponseCallbacks._whhjn8Lb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 9efe74d82071080cdd9a7f06dda12c2ce522f09646f8ec680aa6c2c3ccd6f89c

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 494
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ 495 B
609 B 163ms
162ms XHR
text/javascript 152.195.15.114
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10920.1/4704180/0/-1/ADTECH;apid=1Acc3a7ac4-19fb-11e9-b285-2c44fd889f68;cfp=1;rndc=1547690486;cmd=bid;cors=yes;v=2;misc=1547690486384;callback=window.headertag.AolHtb.adResponseCallbacks._kbB329YK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 152.195.15.114 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: da369a8671d6c45225b5ebf4e77a23ed5134554bd274ef6384581ff44b688078

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Jan 2019 02:01:26 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://arstechnica.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: text/javascript
content-length: 495
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 103ms
102ms Image
image/gif 54.165.0.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A26.770Z&_t=slot_collected&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&sID=5422a090-991b-48bc-9316-164b156f5bdf&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=3068.9999982714653&pageLoad_to_requested=3068.9999982714653&CNS_init_to_requested=2386.5000009536743&rendered=7447.000000625849&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=300x600&request_to_rendered=4378.0000023543835&pageLoad_to_rendered=7447.000000625849&CNS_init_to_rendered=6764.500003308058&impression_Viewable=9952.7000002563&in_viewport_to_visible_change=7885.099999606609&pageLoad_to_gpt_viewable=9952.7000002563&CNS_init_to_impression_Viewable=9270.200002938509&request_to_impression_Viewable=6883.700001984835&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.0.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-0-24.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:26 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 100ms
100ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A26.775Z&_t=slot_requested&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&sID=5422a090-991b-48bc-9316-164b156f5bdf&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=28478.59999909997&pageLoad_to_requested=28478.59999909997&CNS_init_to_requested=27796.10000178218&rendered=7447.000000625849&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=300x600&request_to_rendered=4378.0000023543835&pageLoad_to_rendered=7447.000000625849&CNS_init_to_rendered=6764.500003308058&impression_Viewable=9952.7000002563&in_viewport_to_visible_change=7885.099999606609&pageLoad_to_gpt_viewable=9952.7000002563&CNS_init_to_impression_Viewable=9270.200002938509&request_to_impression_Viewable=6883.700001984835&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:26 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 98ms
98ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A26.785Z&_t=slot_collected&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&sID=5422a090-991b-48bc-9316-164b156f5bdf&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x308&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&is_first_Request=true&requested=3061.499997973442&pageLoad_to_requested=3061.499997973442&CNS_init_to_requested=2379.000000655651&rendered=7429.099999368191&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=970x250&request_to_rendered=4367.600001394749&pageLoad_to_rendered=7429.099999368191&CNS_init_to_rendered=6746.6000020504&is_first_impression_viewable=true&impression_Viewable=9946.49999961257&in_viewport_to_visible_change=7888.799998909235&pageLoad_to_gpt_viewable=9946.49999961257&CNS_init_to_impression_Viewable=9264.000002294779&request_to_impression_Viewable=6885.000001639128&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:26 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 97ms
97ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A26.790Z&_t=slot_requested&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&sID=5422a090-991b-48bc-9316-164b156f5bdf&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x308&request_number=1&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&requested=28493.699997663498&pageLoad_to_requested=28493.699997663498&CNS_init_to_requested=27811.200000345707&rendered=7429.099999368191&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=970x250&request_to_rendered=4367.600001394749&pageLoad_to_rendered=7429.099999368191&CNS_init_to_rendered=6746.6000020504&is_first_impression_viewable=true&impression_Viewable=9946.49999961257&in_viewport_to_visible_change=7888.799998909235&pageLoad_to_gpt_viewable=9946.49999961257&CNS_init_to_impression_Viewable=9264.000002294779&request_to_impression_Viewable=6885.000001639128&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:26 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
339 B 56ms
36ms XHR
text/plain 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=175689&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 17 Jan 2019 02:01:26 GMT

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
339 B 55ms
36ms XHR
text/plain 2.21.37.92
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=175689&u=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/htw-condenast.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.37.92 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-37-92.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 17 Jan 2019 02:01:26 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://arstechnica.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 17 Jan 2019 02:01:26 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
5 KB 205ms
204ms XHR
text/plain 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1668255561670279&correlator=3534106821854782&output=ldjh&callback=googletag.impl.pubads.callbackProxy2&impl=fifs&adsid=NT&json_a=1&hxva=1&scor=1014209491436964&eid=21062453%2C21062723&vrg=287&tfcd=0&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=1&sfv=1-0-31&iu_parts=3379%2Cconde.ars%2Chero%2Cinformation-technology%2Carticle%2C1%2Crail&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5%2C0%2F1%2F6%2F3%2F4%2F5%2C0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=1x1%2C300x250%7C300x600%7C300x1050%2C970x250&fsbs=1%2C1%2C1&rcs=0%2C1%2C1&prev_scp=%7Cctx_slot_name%3Dsiderail_0%26amznbid%3D2%26amznp%3D2%26ctx_slot_instance%3Dsiderail_0%26ctx_slot_type%3Dsiderail%26ctx_slot_manual_rn%3D0%26ctx_slot_rn%3D1%26vnd_indx_ix_rubi_om%3D300x250_5%2C300x600_125%26vnd_indx_ix_rubi_id%3D_9ghUIuBS%2C_oAnbnbeJ%7Cctx_slot_name%3Dpost_nav_0%26amznbid%3D2%26amznp%3D2%26ctx_slot_instance%3Dpost_nav_0%26ctx_slot_type%3Dpost_nav%26ctx_slot_manual_rn%3D0%26ctx_slot_rn%3D1%26vnd_indx_ix_rubi_om%3D728x90_50%26vnd_indx_ix_rubi_id%3D_rdN12C4k&eri=1&cust_params=vnd_aam_uuid%3D%26vnd_aam_conde%3D%26env_device_type%3Ddesktop%26env_server%3Dproduction%26rdt_device_template%3Ddesktop_article%26cnt_tags%3Dfancy-bear%252Clojax%252Cmalware%252Crootkits%252Cuefi%26usr_bkt_pv%3D26%26ctx_cns_version%3D2_25_5%26vnd_prx_segments%3D300003%252C121100%252C131100%252C131103%252C210000%252C210012%252C240000%252C240002%252C240003%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252Cwmhp4i%252C2hkgm5%252Cap05we%252Cfdf1wd%252Cv8lc56%252C36vte1%252C_DV7R1eCPJLo_%26vnd_4d_ctx_topics%3DALLBRANDS_70%252CALLBRANDS_7%252CALLBRANDS_63%252CALLBRANDS_38%252CALLBRANDS_31%252CALLBRANDS_283%252CALLBRANDS_274%252CALLBRANDS_258%252CALLBRANDS_167%252CALLBRANDS_134%252CALLBRANDS_64%252CALLBRANDS_57%252CALLBRANDS_28%252CALLBRANDS_244%252CALLBRANDS_21%252CALLBRANDS_192%26vnd_4d_ctx_topic_sc%3D0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.4830147103215612%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%252C0.10263300078836662%26vnd_4d_ctx_entities%3Dmalware%252Clojax%252Clojack%252Crootkit%252Cabsolute%2520software%252Cpage%2520layout%252Cnetscout%252Crussian%252Cbombshell%252Ceset%252Ccomputrace%252Coperating%2520system%252Chard%2520drive%252Cdan%2520goodin%252Cbackdoor%252Cutc%252Carbor%2520networks%252Cantivirus%2520software%252Cflash%2520memory%252Cserial%2520peripheral%2520interface%26vnd_4d_ctx_ent_sc%3D1%252C0.9122719256493937%252C0.8490265978428302%252C0.7665621474966728%252C0.7467290233548047%252C0.7398014016825881%252C0.7069772106084045%252C0.6208620391358676%252C0.4994406086428591%252C0.47417726106104496%252C0.4658396092857796%252C0.46428387291354406%252C0.45952211023121675%252C0.4578112948985477%252C0.4506579038710421%252C0.4242203090015489%252C0.4206713878984811%252C0.3975896690316308%252C0.38131630900848573%252C0.38049651481476754%26vnd_4d_ctx_keywords%3Dmalware%252Clojax%252Cresearcher%252Clojack%252Crootkit%252Cabsolute%2520software%252Cpage%2520layout%252Ccontrol%2520server%252Cnetscout%252Crussian%252Coperation%252Cbombshell%252Cdomain%252Ceset%252Ccomputrace%252Coperating%2520system%252Cip-to-domain%2520mapping%252Chard%2520drive%252Cdan%2520goodin%252Cbackdoor%26vnd_4d_ctx_kw_sc%3D1%252C0.9122719256493937%252C0.8661514775641861%252C0.8490265978428302%252C0.7665621474966728%252C0.7467290233548047%252C0.7398014016825881%252C0.7082091276849575%252C0.7069772106084045%252C0.6208620391358676%252C0.5221908868282827%252C0.4994406086428591%252C0.48511932543486386%252C0.47417726106104496%252C0.4658396092857796%252C0.46428387291354406%252C0.4598058784275079%252C0.45952211023121675%252C0.4578112948985477%252C0.4506579038710421%26vnd_4d_pid%3Dbf9fc605-971b-4ce7-b43a-1dfd716dc8fd%26vnd_4d_xid%3Df15b9ae6-55b4-42b1-84e3-195001e6d8b0%26vnd_4d_sid%3D6eefb6d6-b5e9-4734-9051-08c964ac404b%26ctx_template%3Darticle%26ctx_page_slug%3D8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%26ctx_page_channel%3Dinformation_technology&cookie=ID%3D21073bdb9fb3e335%3AT%3D1547690464%3AS%3DALNI_MYwXM3yIxkJWlCMPIQbCOrL3IUM2A&cookie_enabled=1&bc=15&lmt=1547690486&dt=1547690486923&dlt=1547690458752&idt=5312&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C1063%2C308&adys=5122%2C350%2C0&adks=3539102633%2C2218746098%2C3950914119&ucis=9%7Ca%7Cb&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&dssz=60&icsg=283676818538496&mso=262144&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x5121%7C300x-1%7C1585x-1&msz=0x-1%7C300x-1%7C1585x-1&blev=1&bisch=1&ga_vid=1644281048.1547690464&ga_sid=1547690464&ga_hid=1479152547&fws=4%2C4%2C4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

f24945386ba938fe4494f58f670259f40c45bc87d23401553133b30b3a43f131

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Origin: https://arstechnica.com

Response headers

date: Thu, 17 Jan 2019 02:01:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,81141,77502
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 5149
x-xss-protection: 1; mode=block
google-lineitem-id: -2,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: 86175
google-creative-id: -2,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://arstechnica.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ Frame A8B9 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-31/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 1737
date: Mon, 14 Jan 2019 19:45:59 GMT
expires: Tue, 14 Jan 2020 19:45:59 GMT
last-modified: Thu, 01 Nov 2018 14:23:58 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, immutable, max-age=31536000
age: 195328
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ Frame 4B1A 0
0 8ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_287.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-31/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 1737
date: Mon, 14 Jan 2019 19:45:59 GMT
expires: Tue, 14 Jan 2020 19:45:59 GMT
last-modified: Thu, 01 Nov 2018 14:23:58 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, immutable, max-age=31536000
age: 195328
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 100ms
99ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A27.145Z&_t=slot_rendered&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&sID=5422a090-991b-48bc-9316-164b156f5bdf&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&request_number=2&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=28478.59999909997&pageLoad_to_requested=28478.59999909997&CNS_init_to_requested=27796.10000178218&rendered=28849.59999844432&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=300x600&request_to_rendered=370.9999993443489&pageLoad_to_rendered=28849.59999844432&CNS_init_to_rendered=28167.100001126528&impression_Viewable=9952.7000002563&in_viewport_to_visible_change=7885.099999606609&pageLoad_to_gpt_viewable=9952.7000002563&CNS_init_to_impression_Viewable=9270.200002938509&request_to_impression_Viewable=6883.700001984835&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:27 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 99ms
98ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A27.159Z&_t=slot_rendered&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=dddf403d-d987-4493-b911-c8498c4f3d4c&sID=5422a090-991b-48bc-9316-164b156f5bdf&pID=3b71e1f1-85d7-46dd-ade6-4da5466ed56a&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x308&request_number=2&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&requested=28493.699997663498&pageLoad_to_requested=28493.699997663498&CNS_init_to_requested=27811.200000345707&rendered=28862.799998372793&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=970x250&request_to_rendered=369.1000007092953&pageLoad_to_rendered=28862.799998372793&CNS_init_to_rendered=28180.300001055002&is_first_impression_viewable=true&impression_Viewable=9946.49999961257&in_viewport_to_visible_change=7888.799998909235&pageLoad_to_gpt_viewable=9946.49999961257&CNS_init_to_impression_Viewable=9264.000002294779&request_to_impression_Viewable=6885.000001639128&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:27 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 99ms
98ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A28.222Z&_t=slot_impression_viewable&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=349e7e80-cf07-4440-b469-e4c966d1d299&uNw=1&uUq=1&pID=f69d8e65-b60d-4cea-ab26-ebb829cda727&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2049.399998039007&staged=2061.599999666214&pageload_to_staged=2061.599999666214&channel=information_technology&ctx_template=article&id=1547690460345ccrqqbwdxd6ckesbhv6dwmuirbbnwi&instance=0&name=siderail_0&position_fold=atf&position_xy=0x0&request_number=2&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=siderail&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1379.100002348423&inViewport=2067.6000006496906&pageLoad_to_in_viewport=1385.1000033318996&isRefresh=true&requested=28478.59999909997&pageLoad_to_requested=28478.59999909997&CNS_init_to_requested=27796.10000178218&rendered=28849.59999844432&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=300x600&request_to_rendered=370.9999993443489&pageLoad_to_rendered=28849.59999844432&CNS_init_to_rendered=28167.100001126528&impression_Viewable=29925.6999976933&in_viewport_to_visible_change=27858.09999704361&pageLoad_to_gpt_viewable=29925.6999976933&CNS_init_to_impression_Viewable=29243.20000037551&request_to_impression_Viewable=1447.0999985933304&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:28 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1 200
OK track
capture.condenastdigital.com/ 48 B
48 B 99ms
98ms Image
image/gif 34.235.240.97
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capture.condenastdigital.com/track?_ts=2019-01-17T02%3A01%3A28.226Z&_t=slot_impression_viewable&cBr=Ars%20Technica&cKe=Fancy%20Bear%7Clojax%7Cmalware%7Crootkits%7Cuefi&cCh=information%20technology&cTi=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&cTy=article%7Creport&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134%2C%20ALLBRANDS_64%2C%20ALLBRANDS_57%2C%20ALLBRANDS_28%2C%20ALLBRANDS_244%2C%20ALLBRANDS_21%2C%20ALLBRANDS_192&cTpw=0.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.4830147103215612%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662%2C%200.10263300078836662&cEnt=malware%2C%20lojax%2C%20lojack%2C%20rootkit%2C%20absolute%20software%2C%20page%20layout%2C%20netscout%2C%20russian%2C%20bombshell%2C%20eset%2C%20computrace%2C%20operating%20system%2C%20hard%20drive%2C%20dan%20goodin%2C%20backdoor%2C%20utc%2C%20arbor%20networks%2C%20antivirus%20software%2C%20flash%20memory%2C%20serial%20peripheral%20interface&cEnw=1%2C%200.9122719256493937%2C%200.8490265978428302%2C%200.7665621474966728%2C%200.7467290233548047%2C%200.7398014016825881%2C%200.7069772106084045%2C%200.6208620391358676%2C%200.4994406086428591%2C%200.47417726106104496%2C%200.4658396092857796%2C%200.46428387291354406%2C%200.45952211023121675%2C%200.4578112948985477%2C%200.4506579038710421%2C%200.4242203090015489%2C%200.4206713878984811%2C%200.3975896690316308%2C%200.38131630900848573%2C%200.38049651481476754&cCu=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cCl=939&cId=1441853&cPd=2019-01-16T14%3A00%3A15.000%2B00%3A00&ccS=web&cPv=all&pHr=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRt=direct&pHp=%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&pRr=direct&pWw=1600&pWh=1200&pPw=1600&pPh=5100&pSw=1600&pSh=1200&uID=349e7e80-cf07-4440-b469-e4c966d1d299&pID=f69d8e65-b60d-4cea-ab26-ebb829cda727&uDt=desktop&dim1=v1.0.25_iframe_query&_o=ars-technica&_c=cns_ads&xID=0fb9d3bb-5115-4aff-adb5-bc89474ff6d6&content_uri=information_technology&image_avg_surface=36970.76190476191&image_count=21&image_surface=776386&server=production&vp_height=1200&vp_width=1585&created=2047.1000000834465&staged=2052.600000053644&pageload_to_staged=2052.600000053644&channel=information_technology&ctx_template=article&id=1547690460343g7j6meujeod9ovv0jkkhjej1tngclp&instance=0&name=post_nav_0&position_fold=atf&position_xy=0x308&request_number=2&tags=fancy_bear_lojax_malware_rootkits_uefi&template=article&type=post_nav&CNS_init=682.499997317791&suffix=dart&CNS_init_to_staged=1370.1000027358532&inViewport=2057.700000703335&pageLoad_to_in_viewport=1375.2000033855438&isRefresh=true&requested=28493.699997663498&pageLoad_to_requested=28493.699997663498&CNS_init_to_requested=27811.200000345707&rendered=28862.799998372793&advertiser_id=4660981638&creative_id=programmatic&creative_type=sized&line_item_id=programmatic&order_id=2443012271&rendered_size=970x250&request_to_rendered=369.1000007092953&pageLoad_to_rendered=28862.799998372793&CNS_init_to_rendered=28180.300001055002&impression_Viewable=29929.800000041723&in_viewport_to_visible_change=27872.09999933839&pageLoad_to_gpt_viewable=29929.800000041723&CNS_init_to_impression_Viewable=29247.300002723932&request_to_impression_Viewable=1436.1000023782253&ver_cns_ads=2_18_4&device=desktop&cns=2_25_5&_logType=info&cKh=malware%2Clojax%2Cresearcher%2Clojack%2Crootkit%2Cabsolute%20software%2Cpage%20layout%2Ccontrol%20server%2Cnetscout%2Crussian
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.240.97 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-235-240-97.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Jan 2019 02:01:28 GMT
Connection: keep-alive
Content-Length: 48
Content-Type: image/gif

GET
H/1.1

200
OK

firstevent Show response
condenast.demdex.net/
Redirect Chain

https://condenast.demdex.net/event?d_nsid=0&d_ld=_ts%3D1547690489494&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690489494&c_pageName=https%3A%2F%2Farstechnica.com%2Finformation-...
https://condenast.demdex.net/firstevent?d_nsid=0&d_ld=_ts%3D1547690489494&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690489494&c_pageName=https%3A%2F%2Farstechnica.com%2Finforma...

5 KB
2 KB

35ms
35ms

Script
application/javascript

54.246.133.167
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://condenast.demdex.net/firstevent?d_nsid=0&d_ld=_ts%3D1547690489494&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690489494&c_pageName=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_channel=Biz%20%26amp%3B%20IT&c_events=event2%2Cevent28&c_eVar2=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_prop3=D%3Dv3&c_eVar3=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&c_prop4=D%3Dv4&c_eVar4=1441853&c_prop5=D%3Dv5&c_eVar5=report&c_prop6=D%3Dv6&c_eVar6=Biz%20%26amp%3B%20IT&c_prop7=D%3Dv7&c_eVar7=Biz%20%26amp%3B%20IT%2Fundefined&c_prop11=D%3Dv11&c_eVar11=9%3A01%20PM%7CWednesday&c_prop16=not%20logged%20in&c_eVar16=not%20logged%20in&c_prop17=1&c_eVar17=1&c_prop23=D%3Dv23&c_eVar23=New&c_prop32=D%3Dv32&c_eVar32=1&c_prop44=D%3Dv44&c_eVar44=null&c_prop50=fancy-bear%7Clojax%7Cmalware%7Crootkits%7Cuefi%7Ctype%3A%20report&c_prop51=D%3Dv51&c_eVar51=desktop%20layout%3A1600x1200&c_prop55=D%3Dv55&c_eVar55=Dan%20Goodin&c_prop56=D%3Dv56&c_eVar56=0.9&c_prop60=D%3Dv60&c_eVar60=939&c_prop61=D%3Dv61&c_eVar61=12h%7C0d&c_prop62=D%3Dv62&c_eVar62=2019-01-16T14%3A00%3A15%2B00%3A00&c_prop65=D%3Dv65&c_eVar65=null
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.133.167 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-246-133-167.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bc0cc9bce4e8ad1b86743abfdb021f55896196efc0362be47a500d881f37e12c

Request headers

Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v014-0f77236c6.edge-irl1.demdex.com 5.46.1.20190109131638 8ms
Pragma: no-cache
Content-Encoding: gzip
X-TID: Lhs3aS3QRg4=
Vary: Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: application/javascript;charset=utf-8
Content-Length: 1390
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
X-TID: CZ02WfEJQJ8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://condenast.demdex.net/firstevent?d_nsid=0&d_ld=_ts%3D1547690489494&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_0_1547690489494&c_pageName=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_channel=Biz%20%26amp%3B%20IT&c_events=event2%2Cevent28&c_eVar2=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&c_prop3=D%3Dv3&c_eVar3=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&c_prop4=D%3Dv4&c_eVar4=1441853&c_prop5=D%3Dv5&c_eVar5=report&c_prop6=D%3Dv6&c_eVar6=Biz%20%26amp%3B%20IT&c_prop7=D%3Dv7&c_eVar7=Biz%20%26amp%3B%20IT%2Fundefined&c_prop11=D%3Dv11&c_eVar11=9%3A01%20PM%7CWednesday&c_prop16=not%20logged%20in&c_eVar16=not%20logged%20in&c_prop17=1&c_eVar17=1&c_prop23=D%3Dv23&c_eVar23=New&c_prop32=D%3Dv32&c_eVar32=1&c_prop44=D%3Dv44&c_eVar44=null&c_prop50=fancy-bear%7Clojax%7Cmalware%7Crootkits%7Cuefi%7Ctype%3A%20report&c_prop51=D%3Dv51&c_eVar51=desktop%20layout%3A1600x1200&c_prop55=D%3Dv55&c_eVar55=Dan%20Goodin&c_prop56=D%3Dv56&c_eVar56=0.9&c_prop60=D%3Dv60&c_eVar60=939&c_prop61=D%3Dv61&c_eVar61=12h%7C0d&c_prop62=D%3Dv62&c_eVar62=2019-01-16T14%3A00%3A15%2B00%3A00&c_prop65=D%3Dv65&c_eVar65=null
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK s41633614032549
sstats.arstechnica.com/b/ss/conde-arstechnica/1/JS-1.4.1-D7QN/ 43 B
616 B 130ms
26ms Image
image/gif 63.140.41.50

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sstats.arstechnica.com/b/ss/conde-arstechnica/1/JS-1.4.1-D7QN/s41633614032549?AQB=1&ndh=1&pf=1&t=17%2F0%2F2019%202%3A1%3A29%204%200&D=D%3D&mid=86443957929264776290069808835087088856&aamlh=6&ce=UTF-8&ns=condenast&pageName=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&g=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&cc=USD&ch=Biz%20%26amp%3B%20IT&events=event2%2Cevent28&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v2=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F&l2=fancy-bear%7Clojax%7Cmalware%7Crootkits%7Cuefi%7Ctype%3A%20report&c3=D%3Dv3&v3=Eight%20months%20after%20discovery%2C%20unkillable%20LoJax%20rootkit%20campaign%20remains%20active&c4=D%3Dv4&v4=1441853&c5=D%3Dv5&v5=report&c6=D%3Dv6&v6=Biz%20%26amp%3B%20IT&c7=D%3Dv7&v7=Biz%20%26amp%3B%20IT%2Fundefined&c11=D%3Dv11&v11=9%3A01%20PM%7CWednesday&c16=not%20logged%20in&v16=not%20logged%20in&c17=1&v17=1&c23=D%3Dv23&v23=New&c32=D%3Dv32&v32=1&c44=D%3Dv44&v44=null&c50=fancy-bear%7Clojax%7Cmalware%7Crootkits%7Cuefi%7Ctype%3A%20report&c51=D%3Dv51&v51=desktop%20layout%3A1600x1200&c55=D%3Dv55&v55=Dan%20Goodin&c56=D%3Dv56&v56=0.9&c60=D%3Dv60&v60=939&c61=D%3Dv61&v61=12h%7C0d&c62=D%3Dv62&v62=2019-01-16T14%3A00%3A15%2B00%3A00&c65=D%3Dv65&v65=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.140.41.50 Lehi, United States, ASN (),

Reverse DNS

arstechnica.com.ssl.d1.sc.omtrdc.net

Software

Omniture DC/2.0.0 /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: sstats.arstechnica.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
Cookie: s_depth=1; s_vnum_m=1548979200489%26vn%3D1; sinvisit_m=true; s_ppn=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2019%2F01%2F8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active%2F; s_nr=1547690489489-New; s_cc=true
Connection: keep-alive
Cache-Control: no-cache
Referer: https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 17 Jan 2019 02:01:29 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.6.0
P3P: CP="This is not a P3P policy"
Connection: Keep-Alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 18 Jan 2019 02:01:29 GMT
Server: Omniture DC/2.0.0
xserver: www121
ETag: "3323640017379721216-5196099603295903482"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Keep-Alive: timeout=15
Expires: Wed, 16 Jan 2019 02:01:29 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sstats.arstechnica.com
URL: https://sstats.arstechnica.com/id?d_visid_ver=2.1.0&d_fieldgroup=A&mcorgid=F7093025512D2B690A490D44%40AdobeOrg&mid=86443957929264776290069808835087088856&ts=1547690459486

Domain: arstechnica.com
URL: blob:https://arstechnica.com/9cb2f57a-1d32-4e8a-be32-860ca366bfa8

Domain: arstechnica.com
URL: blob:https://arstechnica.com/051f6a31-d717-451b-ba10-3292c34e0fdf

Domain: arstechnica.com
URL: blob:https://arstechnica.com/3e6545cd-b84a-4734-be04-996bbfd4118b

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 02:14:02	Name: demdex Value: 70215003560483394702275844302745863640
.arstechnica.com/	1970-01-18 21:54:52	Name: sID Value: 0f60d32d-8ffe-4c4c-bb83-53b6e0a2a26c
arstechnica.com/	1969-12-31 23:59:59	Name: pID Value: 8161521c-6583-473d-a41f-4e2bb794bf4e
arstechnica.com/	1970-01-18 22:38:02	Name: CN_su Value: 41bbc689-66c8-47d5-bee8-afc36647b9c8
arstechnica.com/	1970-01-19 00:18:50	Name: cneplayercount Value: 1
arstechnica.com/	1969-12-31 23:59:59	Name: CN_sp Value: 2f287837-3352-4795-bad4-f32ef3f25d3d
.arstechnica.com/	1970-01-18 21:54:52	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/%22%2C%22sref%22:%22%22%2C%22sts%22:1547690476533%2C%22slts%22:0}
arstechnica.com/	1970-01-18 22:20:45	Name: CN_xid Value: 0fb9d3bb-5115-4aff-adb5-bc89474ff6d6
arstechnica.com/	1970-01-19 00:18:50	Name: cneplayervolume Value: 1
.arstechnica.com/	1970-01-18 21:54:50	Name: _gat_UA-31997-1 Value: 1
arstechnica.com/	1969-12-31 23:59:59	Name: GED_PLAYLIST_ACTIVITY Value: W3sidSI6IllFR0MiLCJ0c2wiOjE1NDc2OTA0ODIsIm52IjowLCJ1cHQiOjE1NDc2OTA0NjUsImx0IjoxNTQ3NjkwNDY1fV0.
.arstechnica.com/	1970-01-18 21:56:16	Name: _gid Value: GA1.2.1310992445.1547690480
.openx.net/	1970-01-19 06:40:26	Name: i Value: fa9373de-d2d4-4b45-8e6d-3cf7d429cabd\|1547690482
.doubleclick.net/	1970-01-19 07:16:26	Name: IDE Value: AHWqTUnwQuBCXlaZNqYqx7N3W6DKcceInW_rH5JQ0QD7JmcjkVylPM-ACxG3EeFy
.arstechnica.com/	1970-01-19 07:24:14	Name: _parsely_visitor Value: {%22id%22:%2281077ac0-5d54-478e-94f7-bbf6ec0be30e%22%2C%22session_count%22:1%2C%22last_session_ts%22:1547690476533}
.arstechnica.com/	1970-01-19 15:26:02	Name: _ga Value: GA1.2.1644281048.1547690464
arstechnica.com/	1970-01-19 00:18:50	Name: cneplayermuted Value: 1

25 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://player.cnevids.com/interlude/arstechnica.js(Line 2) Message: CNE Player: no interlude for "information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active" ("No available slot found.")
console-api	log	URL: https://c.evidon.com/sitenotice/evidon-sitenotice-tag.js(Line 1) Message: Evidon -- evidon-notice-link not found on page, cant display the consent link.
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: e is not a function
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: e is not a function
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: e is not a function
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: e is not a function
console-api	warning	URL: https://static.polarcdn.com/creative/creative.js(Line 2) Message: [MediaVoicePlugin 5ff2c8]
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	warning	URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-12f446e3161f71f9e9d1.js(Line 12) Message: TypeError: Cannot read property 'getItem' of null
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: updateCorrelator has been deprecated. Please see the Google Ad Manager help page on "Pageviews in GPT" for more information: https://support.google.com/admanager/answer/183281?hl=en
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: updateCorrelator has been deprecated. Please see the Google Ad Manager help page on "Pageviews in GPT" for more information: https://support.google.com/admanager/answer/183281?hl=en
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	log	URL: https://js-sec.indexww.com/ht/htw-condenast.js(Line 3) Message: digiTrustUser not defined
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: Cannot read property 'stage' of undefined
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: e is not a function
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_287.js(Line 1) Message: TypeError: e is not a function

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4d.condenastdigital.com
aax.amazon-adsystem.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
ak.sail-horizon.com
ampcid.google.com
ampcid.google.de
api.cnevids.com
api.rlcdn.com
api.skimlinks.mgr.consensu.org
arstechnica.com
as-sec.casalemedia.com
assets.adobedtm.com
assets.bounceexchange.com
bidder.criteo.com
bw-prod.plrsrvcs.com
c.amazon-adsystem.com
c.evidon.com
capture.condenastdigital.com
cdn.accelerator.arsdev.net
cdn.arstechnica.net
cdn.mediavoice.com
cm.everesttech.net
condenast.demdex.net
connect.facebook.net
d.turn.com
d1z2jf7jlzjs58.cloudfront.net
d2c8v52ll5s99u.cloudfront.net
dp8hsntg6do36.cloudfront.net
dpm.demdex.net
dwgyu36up6iuz.cloudfront.net
fastlane.rubiconproject.com
images.outbrainimg.com
imasdk.googleapis.com
infinityid.condenastdigital.com
js-sec.indexww.com
l.betrad.com
log.outbrainimg.com
match.adsrvr.org
mid.rkdms.com
odb.outbrain.com
p.skimresources.com
pagead2.googlesyndication.com
pixel.condenastdigital.com
pixel.quantserve.com
player.cnevids.com
plugin.mediavoice.com
polarcdn-pentos.com
polarcdn-terrax.com
pubads.g.doubleclick.net
px.moatads.com
r.skimresources.com
rules.quantcount.com
s.skimresources.com
s0.2mdn.net
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
segment-data.zqtk.net
srv-2019-01-17-02.config.parsely.com
srv-2019-01-17-02.pixel.parsely.com
sstats.arstechnica.com
static.criteo.net
static.polarcdn.com
stats.g.doubleclick.net
t.skimresources.com
tag.bounceexchange.com
tcheck.outbrainimg.com
tpc.googlesyndication.com
widgets.outbrain.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
z.moatads.com
arstechnica.com
sstats.arstechnica.com
104.111.214.103
104.18.219.82
143.204.101.24
143.204.101.27
143.204.101.51
143.204.101.74
143.204.101.76
143.204.90.45
143.204.96.211
143.204.98.10
143.204.98.182
143.204.98.2
143.204.98.215
143.204.98.73
151.101.0.239
151.101.2.2
151.139.128.10
152.195.15.114
172.217.22.2
178.250.0.93
18.195.102.90
18.195.154.247
18.213.181.62
184.31.90.127
2.19.33.231
2.21.37.220
2.21.37.83
2.21.37.92
2.21.38.40
2.21.38.73
205.234.175.175
213.19.162.71
23.211.3.55
23.67.133.23
2600:9000:20bb:dc00:6:44e3:f8c0:93a1
2606:4700::6810:50ad
2606:4700::6810:52ad
2606:4700::6812:603c
2606:4700::6813:f87e
2a00:1450:4001:806::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:814::2006
2a00:1450:4001:815::2004
2a00:1450:4001:817::200e
2a00:1450:4001:81c::2001
2a00:1450:4001:81d::2008
2a00:1450:4001:81f::200e
2a00:1450:4001:820::2002
2a00:1450:4001:821::2002
2a00:1450:4001:824::2002
2a00:1450:400c:c04::9b
2a03:2880:f01c:216:face:b00c:0:3
34.235.240.97
34.250.76.236
35.153.9.60
35.190.40.172
35.190.59.101
35.190.92.63
35.201.67.47
46.228.164.13
50.31.169.131
52.0.240.180
52.1.121.7
52.19.121.121
52.2.117.76
52.21.120.172
52.30.183.205
52.6.60.254
52.94.216.48
52.94.220.16
54.144.146.119
54.158.240.160
54.165.0.24
54.194.108.5
54.246.133.167
54.77.151.154
63.140.41.50
64.74.236.19
66.117.28.86
74.119.119.131
0186840386391fa2c0750ff7450a78e066498ba3274546a6fcf0fa9c55cd457c
02d91d93a55591098dfdc98e196cc0f9be5427aa3a651352d9ff19e3f32f1dd8
030e91b7512dbb40e9b9057f20bcf54c296a7f28c04bbcde0f2d2706dd2a3a06
039f13cdf684666dd973e2385f773385adb074039e8a832ec48e1ae35fb20c15
040e9e3496a5997449e4a4a77457ba01d5d985ec6993876c00d0b14af4741a60
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05d1b87611218711c52b6a77b972e081a5f105be29f197c3cbd50cf4e4fe3267
08ed3bf6e73a999bafb422b878fb05b87269b00a65230c9457ce75aee10b873e
09f703aecadd1a963bcae2f362dde114510dc48880df390aefa8157d8bb4fd98
0b6ec64cfb558ef466328654a8545c2e1ff4e313ebdfda6b670709ea3e03d5ea
0f101d0b6141cb2bfb7d7d4802dac2665eac5d3aac686d21f005a2bf82b1074c
1193e934b76ed372f47e23f78f8a13e99d9588e564aff866e8f700e7a0650a83
146e2f712aab8ea7c71c80c1003d5d2cccaabcb01006b2aadf38be9e84188765
16366b1741cf043268696181284ab11c9f265961f57fea950d0e4a5971ff6666
16f4930183afaac14ff6e0bb9bd00d0371cdd251438a7b9044729a87e56bea14
16f86804dd013db340fee4020a539d3e9d6e5a03d6841e431e50c428e99c26e8
18c4dfbdcbf664e92468c3a09814db7f114f9b393613e2cb077d81565d496f8d
19b0dbca47b589c3ff335d93374843b53d7d69561aa03d95304b5daa25edd08f
1a0b73c2b2d381f520b430c828f1fd190b023f72940948a209d7492bc5d967de
1be9945e5a66ba276cebf47ba6a5b6d45034c0df39b587b5cdd4341d78934137
1c70d7a20ed118689ce55f3a7d5f0b51467d1615ee8c7c458a2a014ebb4881e3
1cce57f8cec50d1c8a0e6ad9f50b8b49d4803e0ad0c08e7b0443d92181bc2987
1ddd5ed00374c63990260393f10557f09cf19b45fea3775104bde8c9a2b0513d
1f984105fa8d01eee607c197a2b918604aa4c0d608f1cbf8a0f15f6502d2318d
1f9cd4a445ba85172da6090dd7b95edf55fd9e81ddb193e0b78093c1afa84378
233c486bc0555e60b4510ec7a86ae7a5081d972db2b842628e002ee6700c48d9
235da1ee79811631e184d8e99dab2ae5195d476d1138f1f49a8645c53a1803fb
2567ec168123f197809327b3a7ed0f5797d841c9de36afa37db4c3698f6d23c6
261cb1950ae859043e5a4f65fec3e77623b71bbfa3242d72180af0dc90bd551d
2a7ef1a99f21d871f35def1ea8605618879369bd4582c2e9e7145e9ae13cb26c
2f0e2d95e318789b840f67b7004cb30985ce2e0ef3ece7507b2b15e8441811a7
331dd7f90169d8a69d8e9edde4f98b9c0c1bf33165ac0174c05bfd5610409dc1
33e3217dbe468f5f346598e2c819d6a0427738d7139b7caac21ae71e57ac3dd9
36896c8f5134884ee0de4e6b0cd9f102ab6325f2821db6e7a001a8b2150f1f80
39f73a2f05643a14a065864afb08632e334fe9e1eeaf28644a9c209a655a2b14
3b1fb312cae82878022fdfb6b031633c658058905318b024eff64f68c0366c0e
3ce7e824185893264ab44fbf8370a8f1262831c4c6c367b15f7d4f1e88fadc8c
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
41522e653d97047ee25397c7fa3aeab9c0dfcbe7033bad63b600f5cd7073e3b7
47174171706551047d2fe5421d41c10f9682647ba8127a743f3e3a0d7354193f
47ecf8e24654258186de2aabeeb592dc0c1f3d071b0f5b48622be67a9fd60c98
4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8
49282a74c6ced31e99f808232188ade8d82652004df4d664dcdb98c32563dd39
4980853759711c8e9e2779239acd62e9e802fba38371763c65ecdd016a83fdbd
4aed39a2c59c2dc38578f74577f9c3aaf797728a69687675934e92c69d30e8ed
4b51cad50779921c134fe5f8a46df29da7bdedf5f643c331d192b6057af97992
4ec4b6769730ca98db1f40b152c52bd5bec01f61f559fb92709c307750388ac8
4fb69fb01d48adf4c32307121f5209573752b7874a135e8fec37ab4c79461f62
5053e3649a40c20ecca309843e7a085226246462cc33cc738981424ece35e7ff
5315cf641e62ac7de4a82e6003cc1bd1ff09218400d8ff5286c951e25aee966b
534349ffc49c146020b2bc9a8530192d7c3e3ca2d15d823bd55f18ee70a5669a
59201950b83489808587827b4050ffe0597992825daa88c227476cdbbf8ca282
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5ab499494548829e507e9b6cd57247a6cd565e7f1bc6eb55e3da445af76f1f0c
5b88ab5e8f688ed274dba989dc7200c1569ebde2a80e9e0aff1df53b511203ec
5ddf806082eabde301c3f42cad406c3257f0836d803e1ae16edd7409a3761690
5ecbfb541946a9a9437190a21d98e1c7ab7d863837d7d038a9a1e053c649c8ba
5ecce433fdd65965f4acae00993b06c37d0f4960c18b36312efbf96471f95474
5f91a1b8ed2794709c2a3bb98a8e869c14dbee96bd409d7503b9ef1b3c115f51
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
61114ad3beea1362435588af13e633fe25ab46f3f5cb855d151f7d3961d746e8
62c7d2da9a5942053f17c9756e53b7cda414541619bd35c2b1441cd88c77f235
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
63d0cd4d92739898fc628a6a580cce26b11223e526dd8b90170414cfd799aed8
64230599a9383ecbe698e348ca55b33096869b8b8ffd6a8923918488629f325c
676d159347cd59711604943ecf8c34d3bfb43351bc67b4d2e163f8aac82c5c71
6bcd779f2259b0bb45f76be835d7e4097167a09b18f39bf4ead1e2d1b64150db
6bd131d59efb6aa6a2d98ce4af498a811c84f74148129e140ff5a76904ca9f74
6d6f482982f8f1a1814e279ff50df4ccc301533ca9655e4d080d6b90ec69d69e
6e4b8fed6ec6c05d9db874f079aa4b61df53b849edc3c8bde1d30aef3afff978
6f261533d4b74ae931965cf3609bf47bb55001e39eb7029502d96cec73c4749a
70de8f0b12c40787b4c4b3f84ca19d799c2ed41be1a51f98e8925b985f926bb1
7151495ab00af9e216a26700f87cbd461c91b119a6bb9c903cae0ae0e91f3baf
725913eab3460e2955a8ac4ec176f902c7d8d2db60757248b735cbf8698b0749
72ffe60f8a5745396d0706afcb6a2438154e0c3a496211e03a9e9761fcf87c67
7364fcbb6c5d775f07816712af8a6419db99268f72c337a4977f706dc3423bb3
744b1b8fa490b4ebb73e30c2683f423fe9c4ce3750e280b487157d08a576fcf6
7591d2cf7f48fe9a954a065a1fe114e252311739978fce87833a0c318cb2bb69
7713f8cd92d4d6de8f561a9974209f8532e11b1db64d9a20efb50cf995609db0
785e4c6c6dea8d40a5e5f40abcee432d3a1446bf384941f3f0e8a49fabf4b660
78c8c364b438f0be81f1c51627902fda95b7aebdd2c04aee28c2f72cd4390207
7c6c6751802f59c4b5a6f8771390321c38d72d74ba333d45d1ba991dd5dda0f1
7cff63e25366e60caa22f6880ef7655a373c4b2d8e7d53ecc8d6cec0d31b5ff4
7d312e14b58809a40b6d327797e359492a3b89b0a5f9cf8371ef8f5c1388c1bd
7e3b9033f4ca4eb837497a36031a4c27e6905bd8a0554f81a43faaa63981ec1f
807271433f80bb33654a84ec904035be3d2b34e505a051e3469a47fe39ccb752
823eeb34c26c31ea20a8719fa789b9f1020cff75a0d6f1d7c9d504fe416a0017
82cd1a97f81e5b63a621311be2993916eea0907b5eadd53bb6b280f4bb0f8391
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
833a86642252016b29f08dd45ffd27f9e00ca237f28d8c5f0147a6e15d009377
86096831a70c72ac0c08f5e65ae92d98330d9fd2b7511dde65ff50b8a16bfd9a
89e2cc2a3dc030d7134cb808c42006af78fe6e6ddef7b4f337c120e5ad34e746
8a3915dfce651c0b5d2bae79e623ffdd547aae9cdff674f2c15e0d0e408abb07
8a3bec1cf2bc7aa6b7950ee0cd4e325110ccae788675ea67e1c5a6bce849f6d8
8f7f1c5675bae280aaee4bfa68423b35ce1b889805d4d579ab6452f86ed60b4b
8fe24887d91e45f0f5a0f25fc7ffe9e6d98b8ac1b8f526ced2f880d7c7e04866
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
98186ed9ee6944352823743af3481b0095fa6e25ad29f23bccc50a1b67988967
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9933997608e86beaf1e7f7188a5c657cdad8ccd9d20eb7b1a46adaa83fa850ab
9a425fc348afedf03100a9a5cccb756c1a00818d57e4a2bbb1c032111f0ac454
9b0bf8649edf5c5f829557758665344474c112468d5a20a8f7c19636ab002812
9c5cf88831dd2b9b958a1503b69819bf66b56a1ef5e20f2f8a7df81a4ecf25c6
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9efe74d82071080cdd9a7f06dda12c2ce522f09646f8ec680aa6c2c3ccd6f89c
9f45ff23beda15b136534fc1bfa236b26cc727e444b026815dedcb0f9e8ac9e4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a139d04541d4213312eaae295500729199739d83e8d141a106a9c23f8c5aa293
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2894b4f3a0b3fcf96aaa5180da3bbbd56f0a1db525b7f60355a378c5c5b23d6
a9eade0fcb1a461968348d2b892f7768103d7801a230b2037ee422471c2129cc
ad4f57832e56a33d39055fcde35e1ade36284b47184a51d549a1a9f8e8ea1ddf
ae97ec9dc80376bacaa100eb84be86973ec14efa9d94f797463b86f3efbccc42
aec9de81a94ce1c153f8f578690649c002134406ad2f1c68f5f733dc6418311b
afd7f745317772a647ce57a48fbf5e8eed6ccc5f08a490f5ad0f97f69c2ddb42
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
b6dd54d88ed66f0081394e6aad184171b2ddd76d563d4489091b0cefa39af051
b6e377f3ea7a742a5abdb797684a0c7ac594b8d8a6f22c691e371718959fb3c5
b8a9da3237afc7e659dba43fcde38cdb0d5e9bb547b0d380201fe0affb89d5f8
b9b7cc6fc13641839641f20c0eb2e884557adc4bd4339b1852c95b9352ecfc45
bc0cc9bce4e8ad1b86743abfdb021f55896196efc0362be47a500d881f37e12c
c14a030b0b5ef06f710d9bbff164662d4b43c037e62f254aa6280504013caa34
c21029f21dc145723d40362da85504ee5a5bd33f5db6636beae3a01c7aba1fa2
c7eef47edac8c0673dca85d301b896da4196e5230b243168c749f07bbc4834d7
c7f2558d7005dc61e343b6abb61a63da8ace760a0fdd45cb0cc124b0de5b4c2f
c89fd7013fef2a7d6f861b111aa5266259ef2bf10633fba2cdb833ffb95d5b08
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa3854f28740fa98125ded826446ee4456379e8ad7c4ff46643347d1901506a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfcdfbf144964c03b23e6e63abfeeeb923eedda0c421f6279bad5040ef5a3dd1
d21522bb3cf6769f780c7ef0030ce5b4764e6dfbcdaf1045bd483a5c4b06745e
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3
d327bcae9071911d94646abed2541f4ab006899af28531a48e2e27c5b2a85d15
d41c559a619ae6355aef247796dc6bcfe8c5806bcda7d7107c88352f4f98f6ad
d6b1ed8883872024ad00b1b1293aa5f03b3e2c3a65d6ec16469710f5fc309d80
d6f350f62fc19bfd7091e3841649be70e806fb94c00a1f777dbed2ea8ecc9daa
d70db447120036dadf47dceee0a152a8ec743c408cc16f107e03e84aae9adfa1
d8131a24804caf3a8c7465a840863f5cbfff594f082d52bf8250ed50d810f698
da369a8671d6c45225b5ebf4e77a23ed5134554bd274ef6384581ff44b688078
dab9c2f282823b6544279f4638589fa886c4ced7688ec319f95477924b11e384
dc346066826dab306c14586c07a816c1d9a3e42b3579b6539bef527b567dd871
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd261883873740a78bac0e65e1cef85b5fcc28635db0ec6c77fdedc60dc88862
ded8aafe08adcc23835de89f62fbee0b98184f32296c7679ab5b5a358f044f63
e014974a17d0f6e6775b4fcf5e53e2b0f3570edc070104c75d34a07d8dac4cc5
e0db2dd98491dee8a1ee900edb473d162360cb59f3ad28fa8c37dbdd3ad5e2db
e1459731ddc9b4312b5f81413130606e03e46dc1d691382936e6b4682d06d173
e1e6dddd31217b62eb74a2a6eae10342dc94444526ced4c9af0e1f19a8e21eda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8065fa379843903255c4917847250cd54dc9708c98c94c9f086cec33cfe555a
e8c5a890ac0b0d498710076cfe38917b3cfdd4695ea386c0c499396e972e2e83
e9194432efb90a588b018a79e23ff27cd08ee5eef4e641e453404cf75727f47d
ea9238b0e0b45fbcc34a2f202ebcd403d4b7b71ffeb75ca6157c3e8533e4c563
eac42924074c06964f9541250a2b362e2b167e4562de32d5dbaee8da580d76e3
ed86af54b875e74d1f45f0e835237ecb7f8d1bd3f06d51c9586576ef756a372e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efdbd8582066a12cf45115f1e150d2a8de06bf6b14db3feca98b116efeb9e0bb
f19ddc0a5d033eb5e9a5ed29e19e2a61ed26e952482010b0cc2e8e82aebe23ea
f24945386ba938fe4494f58f670259f40c45bc87d23401553133b30b3a43f131
f3e97b6ec8eb0b68bf77cb4a2d510bf23d75f967a1476b5c9469be8d01aff146
f482356f61d552b7653d70d9dc728b7387bfe8e702ed2bf366b69f668cde6f9c
f51b8d8c5712e850e5033d13f644540ec815400eea78d8a2debab38176f84a92
f61995826fa2fb24723e7c46bb567a3b50d60497f6425acb2057e0c130fd6d4e
f6f46a2a5192d94d5ffc83b9e3eaaf59d2c2b66318e2bc2402445e9f7e01aeaa
f77676385ed899908297ac3d793b6f79b7a342438ba59b9878678c42a8a7ffa1
f95836cdd8c1af1d8261e8e198a4c1dd306e2b50ddc389fe820b56212a9cb17d
f9784f57729f84391b084eed9e944e048f771129d65e9b58f34095fdfba86473
fc0ceb96776505afa5d3741111785df694c7b99ae9c1407a2698a23548019151
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fce896fd384c3d365c7071839ff45d195bc3a2fc4941d7ea05bb8e302037cbfd
fd29e87f16a5748fcf192f58f79d2c91e133267210695b5424bfbcf0c611b333
fe1df624f15b85e885749a212f99e8016465c9d5049f8f39741b29b13bd06b28
fee8e40fd50db4de3d0f592338b3fca5ed500de54aae40dc44796891ca5189c7
ffe6307d7b43794a961640977ef425718fe1e5bcaa49a67a1340c9597209c1ba

arstechnica.com Open in urlscan Pro 50.31.169.131 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

255 Requests

98 %HTTPS

23 %IPv6

49 Domains

77 Subdomains

79 IPs

6 Countries

3941 kBTransfer

8719 kBSize

17 Cookies

40 Outgoing links

Redirected requests

255 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

arstechnica.com Open in urlscan Pro
50.31.169.131 Public Scan

Screenshot
Live screenshot

Full Image

255
Requests

98 %
HTTPS

23 %
IPv6

49
Domains

77
Subdomains

79
IPs

6
Countries

3941 kB
Transfer

8719 kB
Size

17
Cookies

255 HTTP transactions
16 data transactions