threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Submission: On September 27 via manual (September 27th 2019, 1:11:19 pm UTC) from US

Summary HTTP 147 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 37 IPs in 8 countries across 35 domains to perform 147 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is threatpost.com.
TLS certificate: Issued by Thawte EV RSA CA 2018 on June 17th 2019. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
6	2600:9000:20b... 2600:9000:20bb:a200:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2606:4700::68... 2606:4700::6813:c397	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
7	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
10	2600:9000:20b... 2600:9000:20bb:5e00:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2 5	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:814::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
14	151.101.114.2 151.101.114.2	54113 (FASTLY) (FASTLY - Fastly)
1 3	2.16.31.65 2.16.31.65	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:816::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2 4	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	91.228.74.138 91.228.74.138	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY - Fastly)
3	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
8 21	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
1	2a03:2880:f01... 2a03:2880:f01c:20e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY - Fastly)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER - Twitter Inc.)
7	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20b... 2600:9000:20bb:a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
13	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY - Fastly)
3 3	18.196.229.216 18.196.229.216	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
2 2	40.113.136.100 40.113.136.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
4	37.252.172.250 37.252.172.250	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2 2	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE - Google LLC)
3 3	52.49.153.216 52.49.153.216	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	52.34.54.104 52.34.54.104	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT - Bidtellect Inc.)
2	130.211.13.252 130.211.13.252	15169 (GOOGLE) (GOOGLE - Google LLC)
6 6	52.29.43.222 52.29.43.222	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	146.148.8.25 146.148.8.25	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	37.18.16.16 37.18.16.16	205675 (HYBRID-AS) (HYBRID-AS)
1	85.14.248.72 85.14.248.72	24961 (MYLOC-AS) (MYLOC-AS)
1	91.228.74.177 91.228.74.177	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
5	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY - Fastly)
2	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER - Twitter Inc.)
4 8	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
2	185.33.223.221 185.33.223.221	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
147	37

19 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:20bb:a200:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:c397 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:20bb:5e00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland) 1 redirects

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 151.101.114.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.31.65 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-16-31-65.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.138 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9a (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 151.101.14.2 (Frankfurt am Main, Germany) 8 redirects

ASN54113 (FASTLY - Fastly, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstatb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:20e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.16.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20bb:a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 151.101.14.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
convammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.196.229.216 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-229-216.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.113.136.100 (Amsterdam, Netherlands) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

px.powerlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.250 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.130 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s18-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.49.153.216 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-153-216.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.34.54.104 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-34-54-104.us-west-2.compute.amazonaws.com

www.storygize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.132.33.46 (United States)

ASN18568 (BIDTELLECT - Bidtellect Inc., US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.13.252 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 252.13.211.130.bc.googleusercontent.com

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.29.43.222 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-43-222.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.148.8.25 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 25.8.148.146.bc.googleusercontent.com

a.volvelle.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.16 (Moscow, Russian Federation) 1 redirects

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.72 (Meerbusch, Germany)

ASN24961 (MYLOC-AS, DE)

tagm.tchibo.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.177 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
opps.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.95.120.147 (United States) 4 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

taboola-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.221 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	taboola.com 8 redirects cdn.taboola.com trc.taboola.com 15.taboola.com match.taboola.com cds.taboola.com images.taboola.com vidstat.taboola.com imprammp.taboola.com convammp.taboola.com vidstatb.taboola.com wf.taboola.com opps.taboola.com	715 KB
34	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	638 KB
13	doubleclick.net 4 redirects googleads.g.doubleclick.net stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	86 KB
8	openx.net 4 redirects taboola-d.openx.net	2 KB
6	bidswitch.net 6 redirects x.bidswitch.net	2 KB
6	adnxs.com ib.adnxs.com secure.adnxs.com	5 KB
6	google.com 2 redirects www.google.com adservice.google.com	1 KB
6	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	245 KB
4	google-analytics.com 2 redirects www.google-analytics.com	35 KB
3	adsrvr.org 3 redirects match.adsrvr.org	1 KB
3	mfadsrvr.com 3 redirects rtb.mfadsrvr.com	2 KB
3	googletagservices.com www.googletagservices.com	72 KB
3	google.de adservice.google.de www.google.de	389 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
2	volvelle.tech 2 redirects a.volvelle.tech	1 KB
2	bttrack.com bttrack.com	760 B
2	storygize.net 2 redirects www.storygize.net	900 B
2	powerlinks.com 2 redirects px.powerlinks.com	804 B
2	rubiconproject.com pixel.rubiconproject.com	478 B
2	quantserve.com secure.quantserve.com pixel.quantserve.com	6 KB
2	googletagmanager.com www.googletagmanager.com	50 KB
2	cloudflare.com cdnjs.cloudflare.com	11 KB
1	twitter.com analytics.twitter.com	267 B
1	tchibo.de tagm.tchibo.de	653 B
1	hybrid.ai 1 redirects dm.hybrid.ai	570 B
1	quantcount.com rules.quantcount.com	353 B
1	t.co t.co	170 B
1	reddit.com www.reddit.com	1 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	520 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	gstatic.com www.gstatic.com	92 KB
1	wp.com i1.wp.com	65 B
1	gravatar.com 1 redirects secure.gravatar.com	400 B
1	kasperskycontenthub.com kasperskycontenthub.com	367 B
147	35

	Domain	Requested by
18	threatpost.com	threatpost.com cdn.taboola.com pagead2.googlesyndication.com
14	trc.taboola.com	8 redirects cdn.taboola.com threatpost.com
10	media.threatpost.com	threatpost.com
9	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com threatpost.com
8	taboola-d.openx.net	4 redirects
8	match.taboola.com	threatpost.com
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
6	images.taboola.com	threatpost.com
6	x.bidswitch.net	6 redirects
6	assets.threatpost.com	threatpost.com
5	cdn.taboola.com	assets.threatpost.com cdn.taboola.com threatpost.com
5	www.google.com	2 redirects threatpost.com www.gstatic.com
4	ib.adnxs.com	threatpost.com
4	www.google-analytics.com	2 redirects www.googletagmanager.com
4	pagead2.googlesyndication.com	threatpost.com pagead2.googlesyndication.com
3	wf.taboola.com	vidstat.taboola.com
3	convammp.taboola.com	threatpost.com
3	match.adsrvr.org	3 redirects
3	rtb.mfadsrvr.com	3 redirects
3	www.googletagservices.com	pagead2.googlesyndication.com assets.threatpost.com securepubads.g.doubleclick.net
3	sb.scorecardresearch.com	1 redirects cdn.taboola.com threatpost.com
2	secure.adnxs.com	vidstat.taboola.com
2	opps.taboola.com	vidstat.taboola.com
2	tpc.googlesyndication.com	securepubads.g.doubleclick.net
2	a.volvelle.tech	2 redirects
2	cds.taboola.com	threatpost.com
2	bttrack.com	threatpost.com
2	www.storygize.net	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	px.powerlinks.com	2 redirects
2	pixel.rubiconproject.com	threatpost.com
2	www.google.de	threatpost.com
2	stats.g.doubleclick.net	2 redirects
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	www.googletagmanager.com	assets.threatpost.com threatpost.com
2	cdnjs.cloudflare.com	threatpost.com assets.threatpost.com
1	analytics.twitter.com	static.ads-twitter.com
1	vidstatb.taboola.com	threatpost.com
1	imprammp.taboola.com	threatpost.com
1	pixel.quantserve.com	threatpost.com
1	tagm.tchibo.de	threatpost.com
1	dm.hybrid.ai	1 redirects
1	15.taboola.com	cdn.taboola.com
1	rules.quantcount.com	secure.quantserve.com
1	t.co	threatpost.com
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	i1.wp.com	threatpost.com
1	secure.gravatar.com	1 redirects
1	kasperskycontenthub.com	threatpost.com
147	56

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
nodejs.org
reqrypt.org
www.microsoft.com
blog.talosintelligence.com
register.gotowebinar.com
popup.taboola.com
www.holzkern.com
www.mdm.de
www.austria.info
tagm.tchibo.de
ad.doubleclick.net
trf.greatviews.de
akismet.com
t.co
indd.adobe.com
spotlight.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com Thawte EV RSA CA 2018	`2019-06-17` - `2020-06-17`	a year	crt.sh
assets.threatpost.com Amazon	`2019-04-02` - `2020-05-02`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-10` - `2020-02-16`	6 months	crt.sh
kasperskycontenthub.com Thawte RSA CA 2018	`2019-06-14` - `2020-06-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
media.threatpost.com Amazon	`2019-04-02` - `2020-05-02`	a year	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
www.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2018-10-16` - `2019-10-21`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
www.google.de GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-08-24` - `2019-10-19`	2 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2018-05-30` - `2020-09-01`	2 years	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
g2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-03` - `2019-11-19`	7 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-19` - `2021-04-13`	2 years	crt.sh
*.taboola.com DigiCert ECC Secure Server CA	`2019-09-03` - `2020-09-10`	a year	crt.sh
tagm.tchibo.de AlphaSSL CA - SHA256 - G2	`2018-10-17` - `2020-10-17`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh

This page contains 11 frames:

Primary Page: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Frame ID: E6C0209CB3B786D6841846E113BBA7F1
Requests: 116 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/show_ads_impl.js
Frame ID: 63601217D76D36698C64F2ED717CE65F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20190924/r20190131/zrt_lookup.html
Frame ID: D71039C975F2FBB895E432F1C5C9C264
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&adk=1812271804&adf=3025194257&lmt=1569589862&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2%2C6%3A2&plat=1%3A32904%2C2%3A32904%2C8%3A32904%2C9%3A32904%2C16%3A8388608%2C27%3A128%2C30%3A1081472%2C32%3A128&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1569589862735&bpp=14&bdt=568&fdt=79&idt=79&shv=r20190924&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=7247572597628&frm=20&pv=2&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&ga_fc=0&iag=0&icsg=197280&dssz=31&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3958187195697401&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=0.tpukup3petes&fsb=1&dtd=95
Frame ID: D57E5CA5EE58AC9D62547E87FB66DBFB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=Zy-zVXWdnDW6AUZkKlojAKGe&theme=standard&size=normal&cb=oeb8t3l5e9qg
Frame ID: 9B998A8C17850CFB3577BA2CA1E18330
Requests: 1 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5
Frame ID: 60B429486844178C8F2C7971748F9B80
Requests: 11 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5
Frame ID: 068BFCB3017DAEB6646CA92D1430FFFF
Requests: 11 HTTP requests in this frame

Frame: https://tagm.tchibo.de/ai.aspx?extProvID=113&extProvApi=128152&extPu=51132&extLi=NF_Vermarkterportfolio_Inhouse_2019&extSi=RON&extCr=NF_KW3619_HVK_Family-Rain_DE_1000x600&addomain=threatpost-threatpost
Frame ID: BB9B5D7589341E75FD1B7D3DD5171764
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Zy-zVXWdnDW6AUZkKlojAKGe&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=8kts94uwylcf
Frame ID: 1F97479DB9C563D5BD8EDFB1264FF0F5
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=66301605&ttype=0&cirid=EB56C54E7A827583071557837903&cicmp=2040445&cijs=1&dast=V7v0wCFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmMFsMB7vFZDgbLKfgMGWnyWU5qAWypsnld4MVmk6Hz3WvFx0tL4fp8Pec7hq_2y86-l2fh93keettbsHH81bYbC6P6WVyS5xvud_ksnz-XrfIaXtZfi676a12mH0Py8uvGA13m81eDgAAAAAPAFDn-RA_gAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGAAHyeMaAFAcDOe6W192o8P1edn9AQDwEAACADCgQAJQ8JBWApDhunUCAAAAAAAAAMDy____HzMw71oqA_Ah0ndj0APw4APwIAQAAJA1FJCmXuvdmfJPVHBYxAgAAAAAkqnN42hSJ1QWVQAABOlWAFcAAAFtctiii1m6gxJvYQAAAAJjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTYhozC0tiKWAV-0XEABg7RcQAIBN3QAA3gLggo6gFYPB6gJidgAAAAB3_____3ogNlltZrbJYDecbVYLh8Ow3E2Gi8FgNzEORrbJZHvuRXSr3Rcul30OU3aaXJaDWiBrmlx--03YYrSaTDbL4Wy5mAyGo-FotD-BGw1wgobDwWI3WOwWi-FkMRkNloMFCsRgghMyHG0mq9FutZssh5PRaLaZbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqzmE0mi9loudsMlpPRYDgZDhGmZqbZxGPzrQWjhW0tmtk2bolrY3FrFrbhcOPa-GamkVv0-phOw91w5rJtUTBgaC-Ci3QiOlpeDtPh7zm9RUfLy2E6_D2ni1iiOVmkE9llX5usNjPbZLAbzjarhcNhWO4mw8VgsJsYByPbZLJvzUyzicfmWwtGC9taNLNt3BLXxuLWLGzD4ca18c1MI7fo9TGdhrvhzGXbN1az5Wq4HM4m-8ZqtlwNl8PZZN-hM3xXn7NRWi2XPDapRBpcjGVOg8JlsHh_EtNi2p0dPL_f0alSXTTGhuybUJgNHoNBEUsEp4t0InoZTxexRPK0SCca18ji2WwWG8dg5VuuHIvJbOYYDlcu18wxWa08FrFEabpIJ3rR0e_6POwmz1tvcws-nrfCZnN5TC-TW-J8y_0ml-Xz97pFTtvL8nPZTW-1w-x7WF5-xWi422wm6j82xGg0183misFyrhmsEgAAAAAAAADAEubMmwAAAACcBrNZzCar5QJIPIzvYqsS7GmcFVYWN35cQUfLy2E6_D2nt-hoeTlMh7_ndGUAiQdx!&excid=22&tst=1&docw=0
Frame ID: 8716F81B9AE5CFB812CC4D7B9EEF889E
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsszWt1UufeLcPnaFD_beR9EE70e9HBzi4TXmZMuL2_XSyj_-vRQdIGX3PN5sl2wDqSJR8IgJX3e0jW6zxRZSTbq0YmVWTWBFxrsIqHjRgnczNLqChfjG5ys_mucUMXyWhFDHwW7p5efgdco-s81Rd68yNsp6g2c0IFbleNYQ0wTyEx8ecSq3hpzhqELasRQb4Pv1mirF3vLQekeGbqFsvRYA0WjDCjjpgcaM9unnPz8UcDCAXzBRXX6uQyCzm-iCGav6YzHuKdQcJboyERtwjpao9YNOcAGYQQ&sai=AMfl-YRbfT-YY2mcOrPKTPyCWAOeVsrCzRu0PWyonVOlrteVuBQwRiNX_MKu10Gwuz6-kj9TSs8Och_LKXP7JPY88Xk_vmoVt-eF1auGqait&sig=Cg0ArKJSzDT6jtetAf6aEAE&urlfix=1&adurl=
Frame ID: A808D9499B40828424514A140F0B38F9
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

147
Requests

96 %
HTTPS

37 %
IPv6

35
Domains

56
Subdomains

37
IPs

8
Countries

1963 kB
Transfer

8329 kB
Size

5
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://nodejs.org/en/
Title: Node.js

Search URL Search Domain Scan URL

URL: https://reqrypt.org/windivert.html
Title: WinDivert

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/
Title: blog post

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2019/09/divergent-analysis.html
Title: blog post

Search URL Search Domain Scan URL

URL: https://register.gotowebinar.com/register/9029717654543174147?source=ART
Title: Threatpost webinar

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=threatpost-threatpost&utm_medium=referral&utm_content=thumbnails-a:Below%20Article%20Thumbnails:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://www.holzkern.com/de/?utm_source=taboola&utm_medium=threatpost-threatpost&utm_campaign=2611294
Title: Holzkern

Search URL Search Domain Scan URL

URL: https://www.mdm.de/dop?sku=1423170117&lot=d20&wk=1830604&campaign=Dis/taboola/nkg&utm_source=taboola&utm_medium=display&utm_campaign=nkg&utm_source=taboola&utm_medium=referral
Title: MDM Deutsche Münze

Search URL Search Domain Scan URL

URL: https://www.austria.info/de/aktivitaten/radfahren/rad-urlaub-in-osterreich/mountainbiken/bikepark-petzen?utm_source=taboola&utm_medium=threatpost-threatpost&utm_campaign=BER1902002_tk_rad_mtb_r0721&utm_content=r0721-A
Title: austria.info

Search URL Search Domain Scan URL

URL: https://tagm.tchibo.de/cl.aspx?extProvID=113&extProvApi=128152&extPu=51132&extLi=NF_Vermarkterportfolio_Inhouse_2019&extSi=RON&extCr=NF_KW3619_HVK_Family-Rain_DE_1000x600&addomain=threatpost-threatpost&url=https://www.tchibo.de/wind-wetter-wunderbar-t400107216.html?utm_medium=display-de-performance&utm_source=Taboola+CPC&utm_campaign=Tchibo_NF_Vermarkterportfolio_Inhouse_2019
Title: Tchibo

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/clk/451506878;254965706;x
Title: VELUX Deutschland

Search URL Search Domain Scan URL

URL: https://trf.greatviews.de/cl?m315=c&q=UuUhGp3Jm7uQbNkxXx5Lkkjg&pscode=01_100_42648_1020_2187_0007_00_AFsite_threatpost-threatpost_cid_249867283ID_GV00ID
Title: Parship

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%235G
Title: #5G

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23cybersecurity
Title: #cybersecurity

Search URL Search Domain Scan URL

URL: https://t.co/t4s6Tc27On
Title: https://t.co/t4s6Tc27On

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/639c3b32-90d4-40a1-9a31-2c49c7a86075
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://spotlight.threatpost.com/
Title: HackerOne Spotlight

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en
Title: Ad

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://secure.gravatar.com/avatar/fab896982b5c9974407bc14bd8b50b84?s=60&d=https%3A%2F%2Fkasperskycontenthub.com%2Fwp-content%2Fthemes%2Fkaspersky-root%2Fassets%2Fimages%2Favatar_default.jpg&r=g HTTP 302
https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1

Request Chain 28

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1569589862686&ns_c=UTF-8&cv=3.1e&c8=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost&c7=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1569589862686&ns_c=UTF-8&cv=3.1e&c8=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost&c7=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&c9=

Request Chain 54

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=329730295&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ul=en-us&de=UTF-8&dt=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YAhAAEAB~&jid=3008515&gjid=135084470&cid=2110971136.1569589863&tid=UA-35676203-21&_gid=1566650326.1569589863&_r=1&gtm=2wg9i1PM29HLF&z=1363711790 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_gid=1566650326.1569589863&gjid=135084470&_v=j79&z=1363711790 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_v=j79&z=1363711790 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_v=j79&z=1363711790&slf_rd=1&random=2449967001

Request Chain 68

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5

Request Chain 70

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D HTTP 302
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D

Request Chain 72

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&google_cver=1 HTTP 302
https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26google_cver%3D1

Request Chain 74

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c HTTP 302
https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3-b862-cf51aa106f4c

Request Chain 75

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6 HTTP 302
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc HTTP 302
https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc

Request Chain 78

https://x.bidswitch.net/sync?ssp=taboola HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola HTTP 302
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=75a02f9b-6b8d-45ba-834f-4d5f47d1e53e&ssp=taboola HTTP 302
https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=cd1aa1ed-b766-4880-9628-7d990e49b1ce HTTP 302
https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=cd1aa1ed-b766-4880-9628-7d990e49b1ce&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dcd1aa1ed-b766-4880-9628-7d990e49b1ce

Request Chain 79

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5

Request Chain 81

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D HTTP 302
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&google_cver=1 HTTP 302
https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26google_cver%3D1

Request Chain 85

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c HTTP 302
https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3-b862-cf51aa106f4c

Request Chain 86

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6 HTTP 302
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=03317fea-44cc-4b14-99b9-e1c0e5e674ec HTTP 302
https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=03317fea-44cc-4b14-99b9-e1c0e5e674ec&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D03317fea-44cc-4b14-99b9-e1c0e5e674ec

Request Chain 89

https://x.bidswitch.net/sync?ssp=taboola HTTP 302
https://dm.hybrid.ai/bidswitch-match?ssp=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=258&user_id=310dd8be371fa9a6404d&expires=30&ssp=taboola HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=258&user_id=310dd8be371fa9a6404d&expires=30&ssp=taboola HTTP 302
https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=3598fa7e-59ff-4cbb-9244-f6860a017fed HTTP 302
https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=3598fa7e-59ff-4cbb-9244-f6860a017fed&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D3598fa7e-59ff-4cbb-9244-f6860a017fed

Request Chain 128

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=329730295&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ul=en-us&de=UTF-8&dt=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aAhAAUAB~&jid=390589132&gjid=1321155147&cid=2110971136.1569589863&tid=UA-109681207-2&_gid=1981964101.1569589864&_r=1&gtm=2ou9i1&z=41212692 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_gid=1981964101.1569589864&gjid=1321155147&_v=j79&z=41212692 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_v=j79&z=41212692 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_v=j79&z=41212692&slf_rd=1&random=1876692763

Request Chain 130

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Request Chain 131

https://taboola-d.openx.net/v/1.0/av?auid=540790696&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Request Chain 132

https://taboola-d.openx.net/v/1.0/av?auid=540790696&gdpr=1 HTTP 302
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790696&gdpr=1

Request Chain 133

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1 HTTP 302
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1

Request Chain 141

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1 HTTP 302
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Request Chain 143

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1 HTTP 302
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1

Request Chain 147

https://taboola-d.openx.net/v/1.0/av?auid=540790701&gdpr=1 HTTP 302
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790701&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Request Chain 148

https://taboola-d.openx.net/v/1.0/av?auid=540790701&gdpr=1 HTTP 302
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790701&gdpr=1

147 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/ 76 KB
19 KB 481ms
188ms Document
text/html 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

74ff93b09f72be211b8e5eb18db4c01df228c3300ed075b498d8ded31421dbd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Server: nginx
Date: Fri, 27 Sep 2019 13:11:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=148733>; rel=shortlink
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 217 KB
34 KB 374ms
188ms Stylesheet
text/css 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d7ba44e03247efd9fab0368aa77fd4cc25bfd55d5b172327c48a371a12890673

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: W/"5d8a04f0-362da"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:02 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 66 KB
15 KB 52ms
7ms Stylesheet
text/css 2600:9000:20bb:a200:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-kaspersky-widgets/css/trending-authors.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=5a030000

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:20bb:a200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

44ef9b8be9758f4944226128bcbd68f44fca4b8a4d272ad3288427bbd96accb8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 12:18:49 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 4298
x-cache: Hit from cloudfront
status: 200
content-length: 15126
last-modified: Tue, 24 Sep 2019 11:58:39 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
via: 1.1 9be2d2d7560f88bdc5d5a3a94863566a.cloudfront.net (CloudFront)
x-cache-hit: MISS
x-amz-cf-pop: FRA56
x-amz-cf-id: 6ZS6MSm6fgmRRB86dC5OHqLzKANCKZ-c0tdQEsEtfVN6puenwtm-FA==
expires: Wed, 25 Sep 2019 11:59:04 GMT

GET
H2 200 postscribe.min.js Show response
cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/ 17 KB
6 KB 40ms
39ms Script
application/javascript 2606:4700::6813:c397
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js?ver=5.2.3

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c397 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 14223799
status: 200
served-in-seconds: 0.078
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:26:22 GMT
server: cloudflare
etag: W/"5afd4abe-45f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 51cdb89e9bc58c86-VIE
expires: Wed, 16 Sep 2020 13:11:02 GMT

GET
H/1.1 200
OK jquery.js Show response
threatpost.com/wp-includes/js/jquery/ 95 KB
37 KB 378ms
190ms Script
application/x-javascript 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Sep 2019 01:17:09 GMT
Server: nginx
ETag: W/"5d706215-17a69"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:02 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 133 KB
35 KB 51ms
7ms Script
application/x-javascript 2600:9000:20bb:a200:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/adrupt-options/dist/js/adrupt.ads.min.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/kaspersky-taboola-ads/assets/js/start.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=5a030000

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:20bb:a200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

60f7c04e003009ea44b161f7a8c4c76f14ae490a3937ceaaf1be52e1a7e8aa60

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 12:20:44 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 4273
x-cache: Hit from cloudfront
status: 200
content-length: 35435
last-modified: Tue, 24 Sep 2019 11:58:41 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 9be2d2d7560f88bdc5d5a3a94863566a.cloudfront.net (CloudFront)
x-cache-hit: MISS
x-amz-cf-pop: FRA56
x-amz-cf-id: WfR2lCWEzq3xpo-1qaC6ggOZy_8CGMDXkP91nW9shtbt4pFU2D8-_Q==
expires: Wed, 25 Sep 2019 11:59:04 GMT

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
367 B 480ms
95ms Script
application/javascript 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=258262811&back=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 27 Sep 2019 13:11:02 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK adrupt_style.css
threatpost.com/wp-content/plugins/adrupt-options/dist/css/ 0
331 B 281ms
94ms Stylesheet
text/css 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/adrupt-options/dist/css/adrupt_style.css
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:37 GMT
Server: nginx
ETag: "5d8a04ed-0"
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 0
Expires: Fri, 04 Oct 2019 13:11:02 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 100 KB
35 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

1c73246024e7b440f102b6f76e9ccc8a2d47648df022543d4a4a90e0bf3347df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 36195
x-xss-protection: 0
server: cafe
etag: 12488453197193356007
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2 200 Malware_Phishing_Attack.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/03/26162808/ 62 KB
62 KB 40ms
10ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/03/26162808/Malware_Phishing_Attack.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a8137dfdff8bb94b215455100bf27575aee28f6779b820e297363a8ee71708a9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 24 May 2019 05:48:04 GMT
via: 1.1 7b88ef0d81161ffd0111d52a2de2bd25.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jul 2018 02:25:52 GMT
server: AmazonS3
age: 10912978
etag: "8d606e28d4ae2436aaca44cea330839a"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA56
accept-ranges: bytes
content-length: 63415
x-amz-cf-id: 0cGpFVAS6q9YB_CgaKsrd3pj2Y5jdqmnRBEgtyhZXh471btpKioKag==
expires: Wed, 03 Jul 2019 02:25:51 GMT

GET
H2

404

avatar_default.jpg
i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/
Redirect Chain

https://secure.gravatar.com/avatar/fab896982b5c9974407bc14bd8b50b84?s=60&d=https%3A%2F%2Fkasperskycontenthub.com%2Fwp-content%2Fthemes%2Fkaspersky-root%2Fassets%2Fimages%2Favatar_default.jpg&r=g
https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1

65 B
65 B

30ms
17ms

Image
text/html

192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: i1.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 404
x-nc: EXPIRED fra 4
date: Fri, 27 Sep 2019 13:11:02 GMT
server: nginx
content-type: text/html; charset=utf-8

Redirect headers

x-nc: HIT vie 2
date: Fri, 27 Sep 2019 13:11:02 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
source-age: 1903789
status: 302
content-type: text/html; charset=utf-8
location: https://i1.wp.com/kasperskycontenthub.com/wp-content/themes/kaspersky-root/assets/images/avatar_default.jpg?ssl=1
cache-control: max-age=300
link: <https://www.gravatar.com/avatar/fab896982b5c9974407bc14bd8b50b84?s=60&d=https%3A%2F%2Fkasperskycontenthub.com%2Fwp-content%2Fthemes%2Fkaspersky-root%2Fassets%2Fimages%2Favatar_default.jpg&r=g>; rel="canonical"
content-length: 0
expires: Fri, 27 Sep 2019 13:16:02 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 8ms
8ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 08 Sep 2019 02:37:10 GMT
via: 1.1 f0dda47e8f83bee88cb60d3d2e3fa5e5.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 1679633
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA56
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: h36EEErMM7B9q_UcjlAqjgEtqYgQk1uRanK7NLQ8SJbv6HeHRE8gdQ==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 malware-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/12/11133718/ 24 KB
24 KB 8ms
7ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/12/11133718/malware-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7d9828ae6f573226c7d20873071b6c10f7c2064c667759f1df6b0440abc3483

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 05 May 2019 05:27:48 GMT
via: 1.1 f131f7f70cfd3a8b96a854e1f446f33b.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Tue, 11 Dec 2018 18:37:21 GMT
server: AmazonS3
age: 12555795
etag: "a561ef1e26e4cd78797e8a21cff7d6c5"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA56
accept-ranges: bytes
content-length: 24191
x-amz-cf-id: HgWJ7ebCOhav2ytlYEskWKpeBIEcqYB7dQUVtEnHPCYb1GDAG4luGA==
expires: Wed, 11 Dec 2019 18:37:18 GMT

GET
H2 200 hire-vets-malware-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/25095429/ 23 KB
23 KB 8ms
8ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/25095429/hire-vets-malware-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7bcd4a0e8e89d0029b5f7f75699ab37fc5a05e2bc6607b1b39e0df8796fb0348

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Sep 2019 14:52:18 GMT
via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Wed, 25 Sep 2019 13:54:32 GMT
server: AmazonS3
age: 166725
etag: "4d4814ee1dc6828fbdc78edf576623d3"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1, FRA56
accept-ranges: bytes
content-length: 23489
x-amz-cf-id: TOvO-5ya6L8RMOjrDWwqNEgDsesa8pjmXyexg4ECMb7cbtb08cHMsA==
expires: Thu, 24 Sep 2020 13:54:29 GMT

GET
H2 200 zebrocy-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/24094506/ 31 KB
31 KB 7ms
7ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/24094506/zebrocy-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 743a9da6b3e5df46d2d85ac70bbace49ac4410f6d7e5122b2ceacc813ce508e4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Sep 2019 15:11:01 GMT
via: 1.1 e56e6732f380db727425bac2d6158761.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Tue, 24 Sep 2019 13:45:10 GMT
server: AmazonS3
age: 252002
etag: "589ee5df62680179d4414b6afbe45f52"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA56
accept-ranges: bytes
content-length: 31524
x-amz-cf-id: n6jgpFXKui6T6dJUcmUS34Wmc8QfF6cfa3TZjETktRJ9CNa1LRkJuw==
expires: Wed, 23 Sep 2020 13:45:06 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 729 B
557 B 16ms
16ms Script
text/javascript 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

33b9cfa85ac4128db561c2f1a037e68b359c57a05d41a5ec51315d805e1a06ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 465
x-xss-protection: 1; mode=block
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2 200 threat-intelligence-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2019/09/25182707/ 4 KB
4 KB 9ms
9ms Image
image/png 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/25182707/threat-intelligence-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d877b654697728723f01959ffbf74d70842fe9cf331f721be5701b61c217638

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 26 Sep 2019 12:02:17 GMT
via: 1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Wed, 25 Sep 2019 22:27:10 GMT
server: AmazonS3
age: 90526
etag: "f55ce318620c1cf746202293c984dac2"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56
accept-ranges: bytes
content-length: 4070
x-amz-cf-id: oD4UI3UOzyBWl4YpL2cssQXGhG1IX0xNKQaPDGzILxXD-_V9U-k6SQ==
expires: Thu, 24 Sep 2020 22:27:07 GMT

GET
H2 200 social_engineering-1-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/18142900/ 2 KB
3 KB 8ms
8ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/18142900/social_engineering-1-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 51b7a583b42d20f16fa2755abe0e8fd716b3ec9378ec42500b0d894927598326

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 18 Sep 2019 18:31:13 GMT
via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Wed, 18 Sep 2019 18:29:03 GMT
server: AmazonS3
age: 758390
etag: "a68c4b60ee4a35aab5ae3ce6df6a5d55"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA56
accept-ranges: bytes
content-length: 2120
x-amz-cf-id: rszxRBvbBJqqVKyVxFE7TIdsGtZF7YmaoTqzYtl0XhGcHh9b7zxEeg==
expires: Thu, 17 Sep 2020 18:29:00 GMT

GET
H2 200 insider-threat-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/10155113/ 1 KB
2 KB 9ms
9ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/10155113/insider-threat-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 535f401ad4d0562612b8bcadc5edb6c194cb6a275f3915511f9d023cfc69fe2a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Sep 2019 20:14:28 GMT
via: 1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Tue, 10 Sep 2019 19:51:16 GMT
server: AmazonS3
age: 1443395
etag: "ec77dc87aa47f7ebe4f8e56810e98baa"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA56
accept-ranges: bytes
content-length: 1256
x-amz-cf-id: 5h-1j3lZEDATVq4oscQKQXLbvFFw8c7MrBX5BqCP9B5gnPD3Ih_kfw==
expires: Wed, 09 Sep 2020 19:51:13 GMT

GET
H2 200 gamification2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/08/30125154/ 1016 B
1 KB 7ms
7ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/08/30125154/gamification2-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 93ebb1d614fa1e33c91a00ee803c268fcf812be0282ac38660f29a192109dc86

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 19 Sep 2019 01:09:41 GMT
via: 1.1 3df8c233328fbbb4fd91eb496d73f2d8.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Fri, 30 Aug 2019 16:52:12 GMT
server: AmazonS3
age: 734482
etag: "6d043114652213eb6ff41200f8d61f22"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, FRA56
accept-ranges: bytes
content-length: 1016
x-amz-cf-id: aRlKDA5WNkLiHTuRD0BJUyqi9xw3TFJ7BzIsV4uMC4Pw6UfkpJJRtQ==
expires: Sat, 29 Aug 2020 16:52:09 GMT

GET
H2 200 APT-2018-Year-in-review2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/12/21144206/ 1 KB
2 KB 7ms
7ms Image
image/jpeg 2600:9000:20bb:5e00:0:5c46:4f40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/12/21144206/APT-2018-Year-in-review2-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:5e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 37e0b3254ad68efdf322594ed7da51aeefa2cb191047d847fc5a0c4556647f13

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 15:37:13 GMT
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront), 1.1 3664cc1fd21a07e55327a9c256fa758a.cloudfront.net (CloudFront)
last-modified: Fri, 21 Dec 2018 19:42:09 GMT
server: AmazonS3
age: 2496829
etag: "5a629b5793d0b36a5ac91bb06a95ddf2"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA56
accept-ranges: bytes
content-length: 1477
x-amz-cf-id: iv0oC87ieyQ3XKM0ejBZS6il6Bd6EKECX8DpSoaZKmwSSBaCXS6k7w==
expires: Sat, 21 Dec 2019 19:42:06 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 11ms
8ms Script
application/x-javascript 2600:9000:20bb:a200:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=5a030000

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:20bb:a200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

a9f6c03ce6f4d1654f29f2136651e883198d509cb2e26af1c24b1f87b6ccae13

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 26 Sep 2019 11:59:15 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 3133
x-cache: Hit from cloudfront
status: 200
content-length: 935
last-modified: Tue, 24 Sep 2019 11:58:39 GMT
server: nginx
x-cache-hit: MISS
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 9be2d2d7560f88bdc5d5a3a94863566a.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA56
x-amz-cf-id: Gs9p8cs6yLHuSaa0TIsNju5NzOg_pCxOwaZWbE3qYUaF-LsfcKqG1Q==
expires: Fri, 27 Sep 2019 11:59:15 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 26 KB
9 KB 12ms
12ms Script
application/x-javascript 2600:9000:20bb:a200:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/gravityforms.min.js&ver=5a030000

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:20bb:a200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

a783d2ad42c380bc896219c080fa845d1e9f2e77483558103aeb296b95b85701

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 12:18:49 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 4298
x-cache: Hit from cloudfront
status: 200
content-length: 8382
last-modified: Tue, 24 Sep 2019 11:58:39 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 9be2d2d7560f88bdc5d5a3a94863566a.cloudfront.net (CloudFront)
x-cache-hit: MISS
x-amz-cf-pop: FRA56
x-amz-cf-id: wA6Goq6z4_3xS63mFqtGk9m2QXLE-RHnCjOr1B8qX7WBZ_O6v-3_xw==
expires: Fri, 27 Sep 2019 11:59:15 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 13 KB
5 KB 7ms
7ms Script
application/x-javascript 2600:9000:20bb:a200:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-taboola-ads/assets/js/end.js,wp-includes/js/wp-embed.min.js,wp-content/plugins/gravityforms/js/conditional_logic.min.js,wp-content/plugins/gravityforms/js/placeholders.jquery.min.js,wp-content/plugins/akismet/_inc/form.js&ver=5a030000

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:20bb:a200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

e697ae92648ccad15ada450ecbd959853b72bb5b977112896334a50ddfc1c0b4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 12:20:44 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 4253
x-cache: Hit from cloudfront
status: 200
content-length: 4760
last-modified: Tue, 24 Sep 2019 11:58:40 GMT
server: nginx
cache-control: max-age=86400
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
via: 1.1 9be2d2d7560f88bdc5d5a3a94863566a.cloudfront.net (CloudFront)
x-cache-hit: MISS
x-amz-cf-pop: FRA56
x-amz-cf-id: MqJ1W_5Q7rQeJgUlfAAJ-IdUCnX5UIpWbv3URJRMWIoGUiunViGZlQ==
expires: Thu, 26 Sep 2019 11:59:11 GMT

GET
H2 200 postscribe.min.js Show response
cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/ 17 KB
5 KB 20ms
20ms Script
application/javascript 2606:4700::6813:c397
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js?adrupt.js

Requested by

Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/adrupt-options/dist/js/adrupt.ads.min.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/kaspersky-taboola-ads/assets/js/start.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=5a030000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c397 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 14223799
status: 200
served-in-seconds: 0.078
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:26:22 GMT
server: cloudflare
etag: W/"5afd4abe-45f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 51cdb8a11e188c86-VIE
expires: Wed, 16 Sep 2020 13:11:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 69 KB
27 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:814::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109681207-2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

680cad69593b3305366473c7d15c90a64352c989e2104b308528679b4890b5d5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: br
last-modified: Fri, 27 Sep 2019 12:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27156
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/threatpost--network/ 91 KB
19 KB 7ms
6ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/threatpost--network/loader.js
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/adrupt-options/dist/js/adrupt.ads.min.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/kaspersky-taboola-ads/assets/js/start.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=5a030000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e62361e724bdc7a5523e4545747e5a671ea84d0564ec47d10d9239dcea6ea959

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: ZmThiOUJD2Vu_HsKbZENMavooDFs8hq5
content-encoding: gzip
etag: "34bf6bdfec0f523c9d61d2724f7d097a"
age: 49
x-cache: HIT
status: 200
content-length: 19094
x-amz-id-2: mEVU01LoO9hLj1uHcnXV7VHE2i+7DUINWEcaEubnZUiDiOwwEftbxsCMOUDSFqKwRADB0o+vyrw=
x-served-by: cache-hhn4069-HHN
last-modified: Thu, 26 Sep 2019 07:52:06 GMT
server: AmazonS3
x-timer: S1569589863.589054,VS0,VE1
date: Fri, 27 Sep 2019 13:11:02 GMT
vary: Accept-Encoding
x-amz-request-id: 1E17DEBCA6B2C584
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 94
x-cache-hits: 1

GET
H2 200 impl.20190925-18-RELEASE.js Show response
cdn.taboola.com/libtrc/ 394 KB
112 KB 8ms
7ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/threatpost--network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63f4f82cf06f230550429133b1cdc57ece980f534134bc947aabbdedb58fb612

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: SiLG3pEQU6AY0ArwqwI0wvQeEAy0aIWv
content-encoding: gzip
etag: "0c930f5c532c1b3d0170c86cf0775ece"
age: 109
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 113920
x-amz-id-2: V4una1S+38WYeNuHoiBdU3gt669D9Z2n6URcyBomnryoVYEx+bFtqJN0mm9jqJ7Drv0+zG8q9uY=
x-served-by: cache-hhn4069-HHN
last-modified: Wed, 25 Sep 2019 16:15:26 GMT
server: AmazonS3
x-timer: S1569589863.605482,VS0,VE0
date: Fri, 27 Sep 2019 13:11:02 GMT
vary: Accept-Encoding
x-amz-request-id: DF35975E7341403B
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 49
x-cache-hits: 799

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 11ms
11ms Script
application/x-javascript 2.16.31.65
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/threatpost--network/loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.31.65 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-16-31-65.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 27 Sep 2019 13:11:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 902
Expires: Sat, 28 Sep 2019 13:11:02 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1569589862686&ns_c=UTF-8&cv=3.1e&c8=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost...
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1569589862686&ns_c=UTF-8&cv=3.1e&c8=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpos...

0
248 B

9ms
8ms

Image
text/plain

2.16.31.65
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1569589862686&ns_c=UTF-8&cv=3.1e&c8=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost&c7=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&c9=
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.31.65 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-16-31-65.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:02 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1569589862686&ns_c=UTF-8&cv=3.1e&c8=Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%20%7C%20Threatpost&c7=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&c9=
Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:02 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 68 KB
23 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:814::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d5fe5b7c6ae7249e2eb8cbdc9c66b78919d237a628feaea0156a07013fdf67c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: br
last-modified: Fri, 27 Sep 2019 12:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 23398
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 11 KB
4 KB 678ms
96ms Other
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Sec-Fetch-Mode: same-origin
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: W/"5d8a04f0-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 263ms
94ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: "5d8a04f0-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Sat, 26 Sep 2020 13:11:02 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 11 KB
4 KB 655ms
95ms Other
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Sec-Fetch-Mode: same-origin
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: W/"5d8a04f0-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 16ms
15ms Script
application/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/ 227 KB
84 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

d7625641666eb0d30c70ca6fa1cac3b0705486578733a364c9eff073045ae084

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 85560
x-xss-protection: 0
server: cafe
etag: 13535242702471442266
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 751ms
188ms Image
image/png 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:39 GMT
Server: nginx
ETag: "5d8a04ef-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 344ms
189ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: "5d8a04f0-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Sat, 26 Sep 2020 13:11:02 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 358ms
187ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: "5d8a04f0-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Sat, 26 Sep 2020 13:11:02 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 373ms
189ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:41 GMT
Server: nginx
ETag: "5d8a04f1-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Sat, 26 Sep 2020 13:11:02 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 370ms
186ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: "5d8a04f0-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Sat, 26 Sep 2020 13:11:02 GMT

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/ Frame 6360 227 KB
84 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

d7625641666eb0d30c70ca6fa1cac3b0705486578733a364c9eff073045ae084

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 85560
x-xss-protection: 0
server: cafe
etag: 13535242702471442266
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190924/r20190131/ Frame D710 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20190924/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20190924/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Tue, 24 Sep 2019 14:02:11 GMT
expires: Tue, 08 Oct 2019 14:02:11 GMT
content-type: text/html; charset=UTF-8
etag: 2890223722171781336
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 7315
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 256131
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 252ms
95ms Font
font/woff2 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:02 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: "5d8a04f0-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 23468
Expires: Sat, 26 Sep 2020 13:11:02 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Zy-zVXWdnDW6AUZkKlojAKGe/ 262 KB
92 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Zy-zVXWdnDW6AUZkKlojAKGe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ee4b6ac81622a15d376488d3a25228b90de031ac08f84dd9e1c4d2918c4a751a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 23 Sep 2019 18:22:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 21 Sep 2019 00:09:51 GMT
server: sffe
age: 326905
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 94031
x-xss-protection: 0
expires: Tue, 22 Sep 2020 18:22:37 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 548ms
94ms Image
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Sep 2019 11:58:39 GMT
Server: nginx
ETag: W/"5d8a04ef-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 281ms
94ms Image
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Sep 2019 11:58:40 GMT
Server: nginx
ETag: W/"5d8a04f0-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 284ms
95ms Image
image/svg+xml 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 Sep 2019 11:58:39 GMT
Server: nginx
ETag: W/"5d8a04ef-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 283ms
94ms Image
image/png 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1569326320
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:39 GMT
Server: nginx
ETag: "5d8a04ef-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 2704
date: Fri, 27 Sep 2019 12:25:58 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Fri, 27 Sep 2019 14:25:58 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 12 KB
6 KB 39ms
14ms Script
application/x-javascript 91.228.74.138
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.138 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: 404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 27 Sep 2019 13:11:02 GMT
Content-Encoding: gzip
Last-Modified: Fri, 27-Sep-2019 13:11:02 GMT
Server: QS
ETag: M0-e2b9884a
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5456
Expires: Fri, 04 Oct 2019 13:11:02 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 6ms
5ms Script
application/javascript 151.101.112.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
age: 17899
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4065-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1569589863.809712,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame D57E 0
0 81ms
81ms Document
text/html 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&adk=1812271804&adf=3025194257&lmt=1569589862&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2%2C6%3A2&plat=1%3A32904%2C2%3A32904%2C8%3A32904%2C9%3A32904%2C16%3A8388608%2C27%3A128%2C30%3A1081472%2C32%3A128&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1569589862735&bpp=14&bdt=568&fdt=79&idt=79&shv=r20190924&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=7247572597628&frm=20&pv=2&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&ga_fc=0&iag=0&icsg=197280&dssz=31&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3958187195697401&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=0.tpukup3petes&fsb=1&dtd=95

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7500593236707325&output=html&adk=1812271804&adf=3025194257&lmt=1569589862&plaf=1%3A2%2C2%3A2%2C3%3A2%2C4%3A2%2C5%3A2%2C6%3A2&plat=1%3A32904%2C2%3A32904%2C8%3A32904%2C9%3A32904%2C16%3A8388608%2C27%3A128%2C30%3A1081472%2C32%3A128&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1569589862735&bpp=14&bdt=568&fdt=79&idt=79&shv=r20190924&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=7247572597628&frm=20&pv=2&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&ga_fc=0&iag=0&icsg=197280&dssz=31&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3958187195697401&rx=0&eae=2&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=0.tpukup3petes&fsb=1&dtd=95
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 27 Sep 2019 13:11:02 GMT
server: cafe
content-length: 44
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Sep-2019 13:26:02 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Fri, 27 Sep 2019 13:11:02 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 77 KB
29 KB 26ms
14ms Script
text/javascript 2a00:1450:4001:816::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

218087ed3854e672a6627b47c86b3a97e1dad722daa9f509fe522b33b01302a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1569237451959804"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29169
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=329730295&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ul=en-u...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_gid=1566650326.1569589863&gjid=135084470&_v=j79&z=1363711790
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_v=j79&z=1363711790
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_v=j79&z=1363711790&slf_rd=1&random=2449967001

42 B
109 B

30ms
30ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_v=j79&z=1363711790&slf_rd=1&random=2449967001

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:03 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110971136.1569589863&jid=3008515&_v=j79&z=1363711790&slf_rd=1&random=2449967001
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/threatpost-threatpost/trc/3/ 11 KB
5 KB 146ms
144ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/threatpost-threatpost/trc/3/json?tim=15%3A11%3A02.854&lti=deflated&data=%7B%22id%22%3A723%2C%22ii%22%3A%22%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1569589862852%2C%22cv%22%3A%2220190925-18-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1585%2C%22dh%22%3A3863%2C%22nsid%22%3A%22threatpost--network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Apub%3Dthreatpost--network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A2426.546875%2C%22mw%22%3A700%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: 3940c0a5605e181ecb8c44f2880752a0006e7a3557811dd61cda397a219eebec

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
server: nginx
x-timer: S1569589863.858296,VS0,VE140
status: 200
x-served-by: cache-fra19172-FRA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 44 KB
14 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:816::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d80e5839d198279a97915c6ca1069c537210b27ab7327b12aca428639134e0c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "291 / 952 of 1000 / last-modified: 1569527018"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14244
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 27ms
11ms Font
font/woff2 2600:9000:20bb:a200:2:9275:3d40:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:a200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-kaspersky-widgets/css/trending-authors.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=5a030000
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 00:22:42 GMT
via: 1.1 e430a35037c484cf19f375480cabfca3.cloudfront.net (CloudFront)
age: 2897299
x-cache: Hit from cloudfront
status: 200
content-length: 77160
pragma: public
last-modified: Fri, 23 Aug 2019 05:16:18 GMT
server: nginx
etag: "5d5f76a2-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA56
accept-ranges: bytes
x-amz-cf-id: tuFTn3BIlCaM4PiarCM7M7o3EC1s89RjEp9YJj4aoz4SJlJxjEWOAg==
expires: Mon, 24 Aug 2020 00:22:42 GMT

GET
H/1.1 200
OK photo-newsletter.jpg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 83 KB
83 KB 376ms
188ms Image
image/jpeg 35.173.160.135
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/photo-newsletter.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Fri, 27 Sep 2019 13:11:03 GMT
Last-Modified: Tue, 24 Sep 2019 11:58:41 GMT
Server: nginx
ETag: "5d8a04f1-14c88"
Content-Type: image/jpeg
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 85128
Expires: Fri, 04 Oct 2019 13:11:03 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 9B99 0
0 48ms
48ms Document
text/html 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=Zy-zVXWdnDW6AUZkKlojAKGe&theme=standard&size=normal&cb=oeb8t3l5e9qg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Zy-zVXWdnDW6AUZkKlojAKGe/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TForNjCK9d18CTkdZPVDqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=Zy-zVXWdnDW6AUZkKlojAKGe&theme=standard&size=normal&cb=oeb8t3l5e9qg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Sep 2019 13:11:02 GMT
content-security-policy: script-src 'report-sample' 'nonce-TForNjCK9d18CTkdZPVDqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9241
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 / Show response
graph.facebook.com/ 101 B
520 B 52ms
37ms XHR
application/json 2a03:2880:f01c:20e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

bdf2b400964c0ab9b5c5ced9d4fa97dd0181b5ab5d27ac99e1b97771c7060dac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

strict-transport-security: max-age=15552000; preload
etag: "a8f24c4d6f8deef8c39fbbe9ca871215d14e9166"
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
x-fb-rev: 1001227355
content-length: 101
pragma: no-cache
x-fb-debug: 6yetWHAjjKpy1Ed0xcesf5c3MZLLalm79eI4MdYHHGBfzmlea8aPnV/cIyNWfxE/w+EYQQ2XAZrrXb+Rl8+3kA==
x-fb-trace-id: EYsjdDq8x4X
date: Fri, 27 Sep 2019 13:11:02 GMT
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: ASbjBsfspg8qlwtuIm8fpqW
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.10
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 138ms
110ms Script
text/html 2a05:f500:10:101::b93f:9101
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&format=jsonp&callback=jQuery112403258723257531402_1569589862562&_=1569589862563
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 102 B
1 KB 592ms
579ms XHR
application/json 151.101.113.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
content-length: 102
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4052-HHN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1569589863.955911,VS0,VE574
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 adsct
t.co/i/ 43 B
170 B 115ms
115ms Image
image/gif 104.244.42.5
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 109
pragma: no-cache
last-modified: Fri, 27 Sep 2019 13:11:03 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 24ef725a72bf6543cea27d71fd5fa443
x-transaction: 003ccf1300aa168d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 pubads_impl_2019091901.js Show response
securepubads.g.doubleclick.net/gpt/ 156 KB
58 KB 27ms
14ms Script
text/javascript 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

sffe /

Resource Hash

c77635c1d346c5471d294f59d0c4ef11f71c21f94e82087cbd99984c9aaa3cda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Sep 2019 13:07:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 58568
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:02 GMT

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
353 B 169ms
155ms Script
application/x-javascript 2600:9000:20bb:a00:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20bb:a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:09:00 GMT
via: 1.1 7a04ed7b69e0edefa91e397390fa9ad0.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 127
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: FRA56
accept-ranges: bytes
content-length: 3
x-amz-cf-id: t32RppSHJoUxtOQIQNFcIt_Pnmg68MrripdRkIgHHw4ZNA74GuCP9Q==

GET
H2 200 tb Show response
15.taboola.com/ 21 KB
21 KB 37ms
19ms Script
text/html 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=threatpost-threatpost&unitType=59&tbloc=&pageType=text&pstn=Slider%20-%20Video&uuip=&cisrf=&cirf=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&encoded=1&uid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&variant=-100|1&callback=TRC.videoTagCallbacks.videoCallback1&cb=1569589863024&tagid=&cntry=DE&platform=1&sesid=6253f62078635aaa097281007b80d622&itemid=/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733&viewid=1569589862852&geolat=&geoing=&deviceifa=&appid=&sd=v2_6253f62078635aaa097281007b80d622_5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6_1569589862_1569589862_CNawjgYQ459IGMTD4pbXLSABKAEwODib4wlAgooQSJjEF1Cl7BBYAGAA&ri=c5db3331c10e79e1126f188ee5f125ec&appname=&cdb=&gdprApplies=&rid=&sii=-2834448088705825387
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: 325b531693e02751ed5813cf66d9591e14804657efb228ea305b335356d2286a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589863.046398,VS0,VE13
machineid: 1415
x-cache: MISS
content-type: text/html;charset=ISO-8859-1
status: 200
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19157-FRA

GET
H2 200 userx.20190925-18-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 22 KB
8 KB 6ms
5ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20190925-18-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/threatpost--network/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0eac1ff22bb875d24a2bf43334a1eb91f5a003513545c0aac8f476fb0d66f6b9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: JHhBmeN7fmzvqujbDkst68hJLPnO3TGK
content-encoding: gzip
etag: "7f0e6d37826dfb0c481ba9c167a7101a"
age: 62
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 7737
x-amz-id-2: lP9ivZi3tK9ietHCWdsCcvA6ZP5XWHSX1Cyt4g2L2TtH9uhv58freioSOC0FLGP7ZQrOngzyt8g=
x-served-by: cache-hhn4069-HHN
last-modified: Wed, 25 Sep 2019 16:15:52 GMT
server: AmazonS3
x-timer: S1569589863.027762,VS0,VE0
date: Fri, 27 Sep 2019 13:11:03 GMT
vary: Accept-Encoding
x-amz-request-id: 92C27F7E59773669
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 36
x-cache-hits: 162

GET
H2

204

rtb-h
trc.taboola.com/sg/mediaforcebidder-network/1/ Frame 60B4
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5

0
56 B

14ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.173605,VS0,VE9
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19172-FRA

Redirect headers

Location: //trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5
Date: Fri, 27 Sep 2019 13:11:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 60B4 0
239 B 39ms
14ms Image
image/gif 69.173.144.165
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

GET
H2

200

/
trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame 60B4
Redirect Chain

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D

45 B
95 B

25ms
25ms

Image
image/gif

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.211352,VS0,VE20
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19172-FRA

Redirect headers

Location: https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D
Date: Fri, 27 Sep 2019 13:11:03 GMT
Server: nginx
Connection: close
Etag: "-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk="
Content-Length: 0

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame 60B4 43 B
690 B 22ms
5ms Image
image/gif 37.252.172.250
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:05 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.13:80
AN-X-Request-Uuid: b14a6fa5-4598-4ca9-a3f7-7283ff3eb9e7
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rtb-h
match.taboola.com/sg/google-network/1/ Frame 60B4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&google_cver=1
https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26goo...

0
53 B

16ms
14ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26google_cver%3D1
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589863.179315,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.106210,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26google_cver%3D1
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame 60B4 43 B
691 B 16ms
5ms Image
image/gif 37.252.172.250
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:05 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.115:80
AN-X-Request-Uuid: 1bac8d57-a448-47c1-a276-45eee74aec13
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rtb-h
match.taboola.com/sg/thetradedesk-network/1/ Frame 60B4
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c
https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3...

0
52 B

14ms
14ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3-b862-cf51aa106f4c
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589863.227492,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.212480,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3-b862-cf51aa106f4c
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

rtb-h
match.taboola.com/sg/storygize-network/1/ Frame 60B4
Redirect Chain

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc
https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D4be1bc8b-7715-4ff5-ac...

0
53 B

20ms
20ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589864.749484,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589864.722380,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D4be1bc8b-7715-4ff5-ac93-6d7aefc0f3fc
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 60B4 35 B
380 B 384ms
97ms Image
image/gif 192.132.33.46
Bidtellect Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT - Bidtellect Inc., US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-ServerName: Track002-dc3
Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:02 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 200
OK /
cds.taboola.com/ Frame 60B4 0
293 B 292ms
106ms Image
text/plain 130.211.13.252
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&_r=5761581
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 130.211.13.252 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 252.13.211.130.bc.googleusercontent.com
Software: nginx/1.12.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 27 Sep 2019 13:11:03 GMT
Via: 1.1 varnish
Server: nginx/1.12.2
X-Timer: S1569589863.316083,VS0,VE11
X-Served-By: cache-dca17721-DCA
X-Cache: MISS
x-envoy-upstream-service-time: 1
Connection: close
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
H2

200

rtb-h
match.taboola.com/sg/bidswitch-network/1/ Frame 60B4
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola
https://x.bidswitch.net/ul_cb/sync?ssp=taboola
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=75a02f9b-6b8d-45ba-834f-4d5f47d1e53e&ssp=taboola
https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=cd1aa1ed-b766-4880-9628-7d990e49b1ce
https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=cd1aa1ed-b766-4880-9628-7d990e49b1ce&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dcd1aa1ed-b766-4880-96...

0
53 B

16ms
15ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=cd1aa1ed-b766-4880-9628-7d990e49b1ce&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dcd1aa1ed-b766-4880-9628-7d990e49b1ce
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589863.455296,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.429887,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=cd1aa1ed-b766-4880-9628-7d990e49b1ce&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dcd1aa1ed-b766-4880-9628-7d990e49b1ce
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

204

rtb-h
trc.taboola.com/sg/mediaforcebidder-network/1/ Frame 068B
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5

0
50 B

14ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.245855,VS0,VE9
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19172-FRA

Redirect headers

Location: //trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=289eeef2-3fd2-4325-ba85-3a882a94dff5
Date: Fri, 27 Sep 2019 13:11:03 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 068B 0
239 B 11ms
11ms Image
image/gif 69.173.144.165
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

GET
H2

200

/
trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame 068B
Redirect Chain

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D

45 B
95 B

16ms
15ms

Image
image/gif

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.294449,VS0,VE10
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19172-FRA

Redirect headers

Location: https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk%3D
Date: Fri, 27 Sep 2019 13:11:03 GMT
Server: nginx
Connection: close
Etag: "-7fAAQTveq9S1NNDhbWjv4wQJR-HbJun4H44Z7_6czk="
Content-Length: 0

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame 068B 43 B
690 B 8ms
7ms Image
image/gif 37.252.172.250
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:05 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.87:80
AN-X-Request-Uuid: fb6c1110-fb2c-4f87-8e6d-2860ddfe384e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rtb-h
match.taboola.com/sg/google-network/1/ Frame 068B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&google_cver=1
https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26goo...

0
53 B

14ms
14ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26google_cver%3D1
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589863.299306,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.284313,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEDJ_M4W8dNsV1SdLtwGWhaU&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3DCAESEDJ_M4W8dNsV1SdLtwGWhaU%26google_cver%3D1
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame 068B 43 B
691 B 6ms
5ms Image
image/gif 37.252.172.250
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.250 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:05 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 538.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.183:80
AN-X-Request-Uuid: a9ea1738-841e-404c-a3e0-03e6ca09be39
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rtb-h
match.taboola.com/sg/thetradedesk-network/1/ Frame 068B
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c
https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3...

0
52 B

15ms
15ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3-b862-cf51aa106f4c
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589863.412591,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.397784,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=ae6fbba0-d457-47e3-b862-cf51aa106f4c&tbid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&query=taboola_hm%3Dae6fbba0-d457-47e3-b862-cf51aa106f4c
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

rtb-h
match.taboola.com/sg/storygize-network/1/ Frame 068B
Redirect Chain

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=03317fea-44cc-4b14-99b9-e1c0e5e674ec
https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=03317fea-44cc-4b14-99b9-e1c0e5e674ec&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D03317fea-44cc-4b14-99...

0
77 B

97ms
96ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=03317fea-44cc-4b14-99b9-e1c0e5e674ec&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D03317fea-44cc-4b14-99b9-e1c0e5e674ec
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589864.914888,VS0,VE91
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589864.899329,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=03317fea-44cc-4b14-99b9-e1c0e5e674ec&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D03317fea-44cc-4b14-99b9-e1c0e5e674ec
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 068B 35 B
380 B 189ms
98ms Image
image/gif 192.132.33.46
Bidtellect Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT - Bidtellect Inc., US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:02 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 200
OK /
cds.taboola.com/ Frame 068B 0
293 B 1304ms
1118ms Image
text/plain 130.211.13.252
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6&_r=5761581
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 130.211.13.252 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 252.13.211.130.bc.googleusercontent.com
Software: nginx/1.12.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 27 Sep 2019 13:11:04 GMT
Via: 1.1 varnish
Server: nginx/1.12.2
X-Timer: S1569589865.660141,VS0,VE23
X-Served-By: cache-dca17730-DCA
X-Cache: MISS
x-envoy-upstream-service-time: 0
Connection: close
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
H2

200

rtb-h
match.taboola.com/sg/bidswitch-network/1/ Frame 068B
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola
https://dm.hybrid.ai/bidswitch-match?ssp=taboola
https://x.bidswitch.net/sync?dsp_id=258&user_id=310dd8be371fa9a6404d&expires=30&ssp=taboola
https://x.bidswitch.net/ul_cb/sync?dsp_id=258&user_id=310dd8be371fa9a6404d&expires=30&ssp=taboola
https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=3598fa7e-59ff-4cbb-9244-f6860a017fed
https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=3598fa7e-59ff-4cbb-9244-f6860a017fed&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D3598fa7e-59ff-4cbb-92...

0
53 B

14ms
14ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=3598fa7e-59ff-4cbb-9244-f6860a017fed&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D3598fa7e-59ff-4cbb-9244-f6860a017fed
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589864.784861,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

Redirect headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589864.748806,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=3598fa7e-59ff-4cbb-9244-f6860a017fed&tbid=a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7&query=taboola_hm%3D3598fa7e-59ff-4cbb-9244-f6860a017fed
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H/1.1 200
OK ai.aspx
tagm.tchibo.de/ Frame BB9B 43 B
653 B 56ms
15ms Image
image/gif 85.14.248.72
MYLOC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tagm.tchibo.de/ai.aspx?extProvID=113&extProvApi=128152&extPu=51132&extLi=NF_Vermarkterportfolio_Inhouse_2019&extSi=RON&extCr=NF_KW3619_HVK_Family-Rain_DE_1000x600&addomain=threatpost-threatpost
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.14.248.72 Meerbusch, Germany, ASN24961 (MYLOC-AS, DE),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:03 GMT
X-ET-Code: 0
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://tagm.tchibo.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Cache-Control: private
Last-Modified: Fr, 27 Sep 2019 01:11:03 GMT
X-ET-Camp: 821
Connection: close
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 available Show response
trc.taboola.com/threatpost-threatpost/log/3/ 0
96 B 15ms
14ms XHR
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/threatpost-threatpost/log/3/available?route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569589863.048406,VS0,VE9
x-served-by: cache-fra19172-FRA
status: 204
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 fba51bb05d61f7b5bd2dccea7974fc06.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 29 KB
30 KB 11ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fba51bb05d61f7b5bd2dccea7974fc06.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 9169f1e3791ba9800fdb2fa6a11263265eec65250276379853a4defff8a93d76

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1786233
edge-cache-tag: 348804038446051631827163646681023465915,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200, 200 OK
x-cache: HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fba51bb05d61f7b5bd2dccea7974fc06.jpg
content-length: 29747
x-request-id: c8fbf1e9e7a2aa32
x-served-by: cache-fra19150-FRA, cache-fra19172-FRA
last-modified: Wed, 14 Aug 2019 18:14:23 GMT
server: cloudinary
x-timer: S1569589863.479311,VS0,VE0
etag: "c1a0c0e7dde442c5bd1412d51d818759"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 2

GET
H2 200 6b593e2ffde4cedb82ead9cdda4874a6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 27 KB
27 KB 16ms
11ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6b593e2ffde4cedb82ead9cdda4874a6.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 817f436b124438b59f73d675d72bd7c0c577355d897f7641c10927c201ad5c5d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 2583085
edge-cache-tag: 305152236192023021475335661507387379863,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200, 200 OK
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6b593e2ffde4cedb82ead9cdda4874a6.jpg
content-length: 27259
x-request-id: 10f57ba4a6182385
x-served-by: cache-fra19183-FRA, cache-fra19172-FRA
last-modified: Thu, 22 Aug 2019 08:36:43 GMT
server: cloudinary
x-timer: S1569589863.479332,VS0,VE1
etag: "9e0cf60edab3bbacbefb7fd3cea552b5"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 7885a95b8987ba4c639e6b9d2697eb67.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 39 KB
39 KB 8ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7885a95b8987ba4c639e6b9d2697eb67.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 9cbea3b33414cc05705f0e6e1959662a6398340bc7a53391f38b70958d2f404d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 823534
edge-cache-tag: 357848854807509048912671528212747995455,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Thu, 19 Sep 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7885a95b8987ba4c639e6b9d2697eb67.jpg
content-length: 39457
x-served-by: cache-fra19138-FRA, cache-fra19172-FRA
last-modified: Mon, 19 Aug 2019 00:22:59 GMT
server: cloudinary
x-timer: S1569589863.479225,VS0,VE1
etag: "27078cf1a4fe9b441c09fdfe29739740"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 e7aec04b615b87a05ac13d5634df054f.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 22 KB
22 KB 8ms
7ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e7aec04b615b87a05ac13d5634df054f.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: bffc7815dc11726c4d63e338ffc77426efedd2cc253fd538b44ff7c170807d8c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 205611
edge-cache-tag: 370132665989139729732431648171721408107,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Sat, 05 Oct 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e7aec04b615b87a05ac13d5634df054f.jpg
content-length: 22431
x-served-by: cache-fra19127-FRA, cache-fra19172-FRA
last-modified: Wed, 04 Sep 2019 16:29:18 GMT
server: cloudinary
x-timer: S1569589863.487505,VS0,VE0
etag: "1355f4206eadbb80434214975c6755aa"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 a32935524b1e2be5243c1ce130df04f6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 19 KB
20 KB 6ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a32935524b1e2be5243c1ce130df04f6.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 6e23be70b21c7317df7a3f98abc4213d5aec1a84b2a344ae9e472e1f7b5fe2e9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 867743
edge-cache-tag: 532642700611062714629670245208877127270,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Fri, 18 Oct 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a32935524b1e2be5243c1ce130df04f6.jpg
content-length: 19734
x-served-by: cache-fra19151-FRA, cache-fra19172-FRA
last-modified: Tue, 17 Sep 2019 12:08:07 GMT
server: cloudinary
x-timer: S1569589863.487784,VS0,VE0
etag: "38aa74817bc1619f56b817316ec17725"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 37

GET
H2 200 cb086933cc2da1ad77ec5e9ed2e71a56.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 8ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb086933cc2da1ad77ec5e9ed2e71a56.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 1d23ee48be2ced238ad9b456fe1000ba06fce77a0cb759ab877453b0d559ded6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1860401
edge-cache-tag: 597466860424052205094521325713342200539,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Tue, 10 Sep 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb086933cc2da1ad77ec5e9ed2e71a56.jpg
content-length: 12440
x-served-by: cache-fra19144-FRA, cache-fra19172-FRA
last-modified: Sat, 10 Aug 2019 06:11:33 GMT
server: cloudinary
x-timer: S1569589863.491897,VS0,VE1
etag: "eb8fd560b67a47ab126df9ed6430fc3e"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
606 B 7ms
5ms Image
image/png 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 20570
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: grODyaFUyHwi27S6u2hd746yPHwUf+y1im5Wn93DxT7wozhn8KMFUP712WAAG3eD1t2rnF4k3Bs=
x-served-by: cache-hhn4069-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1569589863.496153,VS0,VE0
date: Fri, 27 Sep 2019 13:11:03 GMT
x-amz-request-id: 29D722C296265892
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 36
x-cache-hits: 50222

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 1F97 0
0 29ms
29ms Document
text/html 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Zy-zVXWdnDW6AUZkKlojAKGe&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=8kts94uwylcf

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Zy-zVXWdnDW6AUZkKlojAKGe/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FIymZiMAt9s2qFq8siD9+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=Zy-zVXWdnDW6AUZkKlojAKGe&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=8kts94uwylcf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 27 Sep 2019 13:11:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-FIymZiMAt9s2qFq8siD9+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1134
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 creative_js.js Show response
vidstat.taboola.com/vpaid/units/14_12_0/creatives/ 4 KB
2 KB 8ms
6ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/14_12_0/creatives/creative_js.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20190925-18-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 10eba73b3641332bde05fa8d6223e7017ac5207673602247c35f358ea89e3092

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront), 1.1 varnish
age: 1745607
x-amz-meta-mtime: 1499351521
x-cache: Hit from cloudfront, HIT
status: 200
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 1827
x-served-by: cache-hhn4069-HHN
last-modified: Wed, 06 Sep 2017 08:46:00 GMT
server: AmazonS3
x-timer: S1569589863.498237,VS0,VE0
etag: "0df6cb700db4e2c8b3b7dcb734e91cb0"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 7gUcLzi9Khb5x-2SymG6R2mlKzrS3XKJ2sLgDHJDdcYZJ_oPKcTwKw==
x-cache-hits: 2058409

GET
H/1.1 200
OK pixel;r=476619734;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F;fpan=1;fpa=P0-826010540-1569589863214;ns=0;ce=1;qjs=1...
pixel.quantserve.com/ 35 B
494 B 99ms
7ms Image
image/gif 91.228.74.177
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.quantserve.com/pixel;r=476619734;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F;fpan=1;fpa=P0-826010540-1569589863214;ns=0;ce=1;qjs=1;qv=4c19192-20180628134937;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1569589863214;tzo=-120;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2018%2F03%2F26162808%2FMalwa%2Ctype.article%2Ctitle.Thousands%20of%20PCs%20Affected%20by%20Nodersok%2FDivergent%20Malware%2Cdescription.Fileless%20threat%20leverages%20widely%20used%20Node%252Ejs%20framework%20and%20WinDivert%20packet-cap%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F1
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.177 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:03 GMT
Server: QS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 st
imprammp.taboola.com/ Frame 8716 0
0 17ms
15ms Document
text/html 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cipid=66301605&ttype=0&cirid=EB56C54E7A827583071557837903&cicmp=2040445&cijs=1&dast=V7v0wCFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmMFsMB7vFZDgbLKfgMGWnyWU5qAWypsnld4MVmk6Hz3WvFx0tL4fp8Pec7hq_2y86-l2fh93keettbsHH81bYbC6P6WVyS5xvud_ksnz-XrfIaXtZfi676a12mH0Py8uvGA13m81eDgAAAAAPAFDn-RA_gAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGAAHyeMaAFAcDOe6W192o8P1edn9AQDwEAACADCgQAJQ8JBWApDhunUCAAAAAAAAAMDy____HzMw71oqA_Ah0ndj0APw4APwIAQAAJA1FJCmXuvdmfJPVHBYxAgAAAAAkqnN42hSJ1QWVQAABOlWAFcAAAFtctiii1m6gxJvYQAAAAJjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTYhozC0tiKWAV-0XEABg7RcQAIBN3QAA3gLggo6gFYPB6gJidgAAAAB3_____3ogNlltZrbJYDecbVYLh8Ow3E2Gi8FgNzEORrbJZHvuRXSr3Rcul30OU3aaXJaDWiBrmlx--03YYrSaTDbL4Wy5mAyGo-FotD-BGw1wgobDwWI3WOwWi-FkMRkNloMFCsRgghMyHG0mq9FutZssh5PRaLaZbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqzmE0mi9loudsMlpPRYDgZDhGmZqbZxGPzrQWjhW0tmtk2bolrY3FrFrbhcOPa-GamkVv0-phOw91w5rJtUTBgaC-Ci3QiOlpeDtPh7zm9RUfLy2E6_D2ni1iiOVmkE9llX5usNjPbZLAbzjarhcNhWO4mw8VgsJsYByPbZLJvzUyzicfmWwtGC9taNLNt3BLXxuLWLGzD4ca18c1MI7fo9TGdhrvhzGXbN1az5Wq4HM4m-8ZqtlwNl8PZZN-hM3xXn7NRWi2XPDapRBpcjGVOg8JlsHh_EtNi2p0dPL_f0alSXTTGhuybUJgNHoNBEUsEp4t0InoZTxexRPK0SCca18ji2WwWG8dg5VuuHIvJbOYYDlcu18wxWa08FrFEabpIJ3rR0e_6POwmz1tvcws-nrfCZnN5TC-TW-J8y_0ml-Xz97pFTtvL8nPZTW-1w-x7WF5-xWi422wm6j82xGg0183misFyrhmsEgAAAAAAAADAEubMmwAAAACcBrNZzCar5QJIPIzvYqsS7GmcFVYWN35cQUfLy2E6_D2nt-hoeTlMh7_ndGUAiQdx!&excid=22&tst=1&docw=0
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cipid=66301605&ttype=0&cirid=EB56C54E7A827583071557837903&cicmp=2040445&cijs=1&dast=V7v0wCFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmMFsMB7vFZDgbLKfgMGWnyWU5qAWypsnld4MVmk6Hz3WvFx0tL4fp8Pec7hq_2y86-l2fh93keettbsHH81bYbC6P6WVyS5xvud_ksnz-XrfIaXtZfi676a12mH0Py8uvGA13m81eDgAAAAAPAFDn-RA_gAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGAAHyeMaAFAcDOe6W192o8P1edn9AQDwEAACADCgQAJQ8JBWApDhunUCAAAAAAAAAMDy____HzMw71oqA_Ah0ndj0APw4APwIAQAAJA1FJCmXuvdmfJPVHBYxAgAAAAAkqnN42hSJ1QWVQAABOlWAFcAAAFtctiii1m6gxJvYQAAAAJjC_Sw-P1mh13jd7sMAAAAAAAAAMDs_-wfTYhozC0tiKWAV-0XEABg7RcQAIBN3QAA3gLggo6gFYPB6gJidgAAAAB3_____3ogNlltZrbJYDecbVYLh8Ow3E2Gi8FgNzEORrbJZHvuRXSr3Rcul30OU3aaXJaDWiBrmlx--03YYrSaTDbL4Wy5mAyGo-FotD-BGw1wgobDwWI3WOwWi-FkMRkNloMFCsRgghMyHG0mq9FutZssh5PRaLaZbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqzmE0mi9loudsMlpPRYDgZDhGmZqbZxGPzrQWjhW0tmtk2bolrY3FrFrbhcOPa-GamkVv0-phOw91w5rJtUTBgaC-Ci3QiOlpeDtPh7zm9RUfLy2E6_D2ni1iiOVmkE9llX5usNjPbZLAbzjarhcNhWO4mw8VgsJsYByPbZLJvzUyzicfmWwtGC9taNLNt3BLXxuLWLGzD4ca18c1MI7fo9TGdhrvhzGXbN1az5Wq4HM4m-8ZqtlwNl8PZZN-hM3xXn7NRWi2XPDapRBpcjGVOg8JlsHh_EtNi2p0dPL_f0alSXTTGhuybUJgNHoNBEUsEp4t0InoZTxexRPK0SCca18ji2WwWG8dg5VuuHIvJbOYYDlcu18wxWa08FrFEabpIJ3rR0e_6POwmz1tvcws-nrfCZnN5TC-TW-J8y_0ml-Xz97pFTtvL8nPZTW-1w-x7WF5-xWi422wm6j82xGg0183misFyrhmsEgAAAAAAAADAEubMmwAAAACcBrNZzCar5QJIPIzvYqsS7GmcFVYWN35cQUfLy2E6_D2nt-hoeTlMh7_ndGUAiQdx!&excid=22&tst=1&docw=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
accept-encoding: gzip, deflate, br
cookie: t_gid=5f46bcf7-04a6-4f6c-b5cb-3a688c5c7f4d-tuct4878fe6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Response headers

status: 200
server: nginx/1.13.12
content-type: text/html;charset=ISO-8859-1
accept-ranges: bytes
date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
x-served-by: cache-fra19157-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1569589864.512000,VS0,VE9

GET
H2 200 cmTagSLIDER_INSTREAM.js Show response
vidstat.taboola.com/vpaid/units/23_14_8/infra/ 719 KB
173 KB 6ms
5ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/23_14_8/infra/cmTagSLIDER_INSTREAM.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/14_12_0/creatives/creative_js.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e00975ae92bda80f193c0c6f3382398f37021b69980df5137d2b35c349cc680

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront), 1.1 varnish
age: 168972
x-amz-meta-mtime: 1569419520
x-cache: Miss from cloudfront, HIT
x-amz-meta-ctime: 1569419578
status: 200
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 176730
x-served-by: cache-hhn4069-HHN
last-modified: Wed, 25 Sep 2019 13:53:00 GMT
server: AmazonS3
x-timer: S1569589864.509683,VS0,VE0
etag: "40b5cf7f3071a2cb5649edbabdf6b6b0"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 7OBWUl8-Xo4_C5LC6m4Kg64zArwqglFJEVoPCB49IKcbR0ycHTg8Kw==
x-cache-hits: 45075

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/23_14_8/assets/css/ 34 KB
6 KB 11ms
10ms Stylesheet
text/css 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/23_14_8/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/14_12_0/creatives/creative_js.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3dba93f65c632536a0fcba4dff71f82f7d6ae88b3a2814d82a1b1876558d79c1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 e0064d0a2437e206ed082e1fa1cdae61.cloudfront.net (CloudFront), 1.1 varnish
age: 168972
x-amz-meta-mtime: 1569419518
x-cache: Hit from cloudfront, HIT
x-amz-meta-ctime: 1569419531
status: 200
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 6240
x-served-by: cache-hhn4069-HHN
last-modified: Wed, 25 Sep 2019 13:52:13 GMT
server: AmazonS3
x-timer: S1569589864.510300,VS0,VE0
etag: "1112e8ccb1e3ed0d2e59d31564a5dfae"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: Gfe4OoW1fTo6qjoHaUQZMbetXIAzYDHVe1e9UBaJk0oJINg7Wv7v2w==
x-cache-hits: 358051

GET
H2 200 content14_10_18m.js Show response
vidstat.taboola.com/ 37 KB
8 KB 6ms
6ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/content14_10_18m.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/23_14_8/infra/cmTagSLIDER_INSTREAM.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 e0064d0a2437e206ed082e1fa1cdae61.cloudfront.net (CloudFront), 1.1 varnish
age: 1747005
x-cache: Hit from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 7638
x-served-by: cache-hhn4069-HHN
last-modified: Sun, 14 Oct 2018 13:31:31 GMT
server: AmazonS3
x-timer: S1569589864.607376,VS0,VE0
etag: "d8d81221ec6e604811ce469d899c9c8b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: omj5vaGwuVO0u1DUElZ04p0xjblvLHfKzDESlIUndnM3CZOy52LCcg==
x-cache-hits: 1967150

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/ 676 KB
180 KB 7ms
7ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/23_14_8/infra/cmTagSLIDER_INSTREAM.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3cd4f1f8c496707beb1dd7a37c361bdf81deea0108a3ac762a88038c2a0982a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront), 1.1 varnish
age: 945687
x-amz-meta-mtime: 1568644056
x-cache: Miss from cloudfront, HIT
status: 200
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 184086
x-served-by: cache-hhn4069-HHN
last-modified: Mon, 16 Sep 2019 14:27:38 GMT
server: AmazonS3
x-timer: S1569589864.626638,VS0,VE0
etag: "9be5ce4ea4d2b31a618aea49fc3a5569"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: B51TVefIcBioQSPjTuEfCxx69mAqPVcXZgzzlpTBLBWVdXqdNpRtrg==
x-cache-hits: 2086412

GET
H2 200 st
convammp.taboola.com/ 0
53 B 17ms
15ms Image
text/plain 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://convammp.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66301605&crid=5302265&dast=V7v4ECFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmsFusVrvhZrccbIbAURTWbMMarXgL4mS3Gm4Gs8VwsFtMhrPBcgoOU3aaXJaDWiBrmlx-N1ih6XT4XPd60dHycpgOf8_prvG7_aKj3_V52E2et97mFnw8b4XN5vKYXia3xPmW-00uy-fvdYuctpfl57Kb3mqH2fewvPyK0XC32ezlAAAAAPAAAHWeD_EDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAXCQPK4BAMXBcK679WU3Olyfl90fAAAPASAAAAMKJAAFD2klABmuWycAAAAAAAAAACz_____MQPzrqUyAB8ifT0ADz4AD0QFh0WMAAAAACCZ2jyOJnVCZVEFAECQbgVwBQAQ0CaHLboYBgAAIDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhIjG3NKCWAp41X4BAQDWfgEBANjUDQDgLQAu6AhaMRisLiBmBwAAAHD3____rwdik9VmZpsMdsPZZrVwOAzL3WS4GAx2E-NgZJtMtudeRLfafeFy2ecwZafJZTmoBbKmyeW334QtRqvJZLMczpaLyWA4Go5G-xO40QAnaDgcLHaDxW6xGE4Wk9FgOVigQAwmOCHD0WayGu1Wu8lyOBmNZpvJBilatZqNNoPhajaZ7Xar4WC4HI2QojWL2WSymI2Wu81gORkNhpPhEGFqZppNPDbfWjBa2NaimW3jlrg2FrdmYRsON66Nb2YauUWvj-k03A1nLtsWBQOG9iK4SCeio-XlMB3-ntNbdLS8HKbD33O6iCWak0U6kV32tclqM7NNBrvhbLNaOByG5W4yXAwGu4lxMLJNJvvWzDSbeGy-tWC0sK1FM9vGLXFtLG7NwjYcblwb38w0coteH9NpuBvOXLZ9YzVbrobL4Wyyb6xmy9VwOZxN9h06w3f1ORul1XLJY5NKpMHFWOY0KFwGi_cnMS2m3dnB8_sdnSrVRWNsyL4JhdngMRgUsURwukgnopfxdBFLJE-LdKJxjSyezWaxcQxWvuXKsZjMZo7hcOVyzRyT1cpjEUuUpot0ohcd_a7Pw27yvPU2t-DjeStsNpfH9DK5Jc633G9yWT5_r1vktL0sP5fd9FY7zL6H5eVXjIa7zWai_mNDjEZz3WyuGCznmsEqAQAAAAAAAAAsYc68CQAAAMBpMJvFbLJaLoDEw_gutirBnsZZYWVx48cVdLS8HKbD33N6i46Wl8N0-HtOVwaQeBAH!&cmcv=&pix=31589837&cb=1569589863603&uv=23148&tms=1569589863603&abt=abtc_vA!expl_vC&ft=0&unm=SLIDER_INSTREAM&debug=pn:!sqg:!torgn:1569589861683.857!ts:1569589863603&
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589864.629987,VS0,VE10
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

GET
H2 200 st
convammp.taboola.com/ 0
53 B 16ms
14ms Image
text/plain 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://convammp.taboola.com/st?cijs=convusmp&ttype=72&cisd=convusmp&cipid=66301605&crid=5302265&dast=V7v4ECFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmsFusVrvhZrccbIbAURTWbMMarXgL4mS3Gm4Gs8VwsFtMhrPBcgoOU3aaXJaDWiBrmlx-N1ih6XT4XPd60dHycpgOf8_prvG7_aKj3_V52E2et97mFnw8b4XN5vKYXia3xPmW-00uy-fvdYuctpfl57Kb3mqH2fewvPyK0XC32ezlAAAAAPAAAHWeD_EDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAXCQPK4BAMXBcK679WU3Olyfl90fAAAPASAAAAMKJAAFD2klABmuWycAAAAAAAAAACz_____MQPzrqUyAB8ifT0ADz4AD0QFh0WMAAAAACCZ2jyOJnVCZVEFAECQbgVwBQAQ0CaHLboYBgAAIDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhIjG3NKCWAp41X4BAQDWfgEBANjUDQDgLQAu6AhaMRisLiBmBwAAAHD3____rwdik9VmZpsMdsPZZrVwOAzL3WS4GAx2E-NgZJtMtudeRLfafeFy2ecwZafJZTmoBbKmyeW334QtRqvJZLMczpaLyWA4Go5G-xO40QAnaDgcLHaDxW6xGE4Wk9FgOVigQAwmOCHD0WayGu1Wu8lyOBmNZpvJBilatZqNNoPhajaZ7Xar4WC4HI2QojWL2WSymI2Wu81gORkNhpPhEGFqZppNPDbfWjBa2NaimW3jlrg2FrdmYRsON66Nb2YauUWvj-k03A1nLtsWBQOG9iK4SCeio-XlMB3-ntNbdLS8HKbD33O6iCWak0U6kV32tclqM7NNBrvhbLNaOByG5W4yXAwGu4lxMLJNJvvWzDSbeGy-tWC0sK1FM9vGLXFtLG7NwjYcblwb38w0coteH9NpuBvOXLZ9YzVbrobL4Wyyb6xmy9VwOZxN9h06w3f1ORul1XLJY5NKpMHFWOY0KFwGi_cnMS2m3dnB8_sdnSrVRWNsyL4JhdngMRgUsURwukgnopfxdBFLJE-LdKJxjSyezWaxcQxWvuXKsZjMZo7hcOVyzRyT1cpjEUuUpot0ohcd_a7Pw27yvPU2t-DjeStsNpfH9DK5Jc633G9yWT5_r1vktL0sP5fd9FY7zL6H5eVXjIa7zWai_mNDjEZz3WyuGCznmsEqAQAAAAAAAAAsYc68CQAAAMBpMJvFbLJaLoDEw_gutirBnsZZYWVx48cVdLS8HKbD33N6i46Wl8N0-HtOVwaQeBAH!&cmcv=&pix=&cb=1569589863622&uv=23148&tms=1569589863622&abt=abtc_vA!expl_vC&ft=0&unm=SLIDER_INSTREAM
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589864.629982,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

GET
H2 200 c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
cdn.taboola.com/static/c5/ 3 KB
2 KB 6ms
5ms Image
image/svg+xml 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/static/c5/c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: 3GoWmPpnzFDs5CP3.ebHbCmhALWQMuvH
content-encoding: gzip
etag: "11d8569a7da0739259e3ac0b0d666e94"
age: 35
via: 1.1 varnish
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 1502
x-amz-id-2: VqYBeKPkA8QCjxN8j0Bzrb3PvvorkQwKt9R4k5EHgYjaaVHMCHG279w2WsVjcozlp68GUkLn4RE=
x-served-by: cache-hhn4069-HHN
last-modified: Sun, 10 Jun 2018 13:23:55 GMT
server: AmazonS3
x-timer: S1569589864.650840,VS0,VE0
date: Fri, 27 Sep 2019 13:11:03 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: 06C22422B63F894B
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/svg+xml
access-control-allow-headers: *
abp: 49
x-cache-hits: 53

GET
BLOB 206
Partial Content cfa7be25-6d0b-4b0b-a3fb-d9d3609d6ead
https://threatpost.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/cfa7be25-6d0b-4b0b-a3fb-d9d3609d6ead
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Sec-Fetch-Mode: no-cors
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content 72209c9c-57d9-42a8-9af1-991b87e5edf8
https://threatpost.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/72209c9c-57d9-42a8-9af1-991b87e5edf8
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Sec-Fetch-Mode: no-cors
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 player.css
vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/assets/ 14 KB
3 KB 6ms
5ms Stylesheet
text/css 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/assets/player.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e519113583c968dd0daa3a70249fc54df7114ba2595bfe1644d2320e6d25aa5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront), 1.1 varnish
age: 945687
x-amz-meta-mtime: 1568644058
x-cache: Miss from cloudfront, HIT
status: 200
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 2419
x-served-by: cache-hhn4069-HHN
last-modified: Mon, 16 Sep 2019 14:27:39 GMT
server: AmazonS3
x-timer: S1569589864.711738,VS0,VE0
etag: "d905122fc8955e89d4478cba21f53f32"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: gd4PfrgsT0PcITyzsepHArseFjZiA53vnkR8deDSVXjJHX5ZuDSlkA==
x-cache-hits: 1865816

GET
H2 200 dsm.js Show response
vidstat.taboola.com/vpaid/ds/176/ 1 KB
753 B 6ms
6ms Script
application/octet-stream 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/ds/176/dsm.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 91ffef0e08af098862c5ee0b413103869650c929e0a65fbd29e5815e3b402609

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront), 1.1 varnish
age: 2582001
x-cache: Miss from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 499
x-served-by: cache-hhn4069-HHN
last-modified: Mon, 29 Jul 2019 13:39:31 GMT
server: AmazonS3
x-timer: S1569589864.713173,VS0,VE0
etag: "d2ab13c0468acb5251b93e254b36f876"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: 0nv2OT_XPk-IG7z9z6oZo9TBdh3JN4CIlKPHiCNZtGPiLDGtmmFw1Q==
x-cache-hits: 1963582

GET
H2 200 st
convammp.taboola.com/ 0
53 B 16ms
16ms Image
text/plain 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://convammp.taboola.com/st?cijs=convusmp&ttype=81&cisd=convusmp&cipid=66301605&crid=5302265&dast=V7v4ECFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmsFusVrvhZrccbIbAURTWbMMarXgL4mS3Gm4Gs8VwsFtMhrPBcgoOU3aaXJaDWiBrmlx-N1ih6XT4XPd60dHycpgOf8_prvG7_aKj3_V52E2et97mFnw8b4XN5vKYXia3xPmW-00uy-fvdYuctpfl57Kb3mqH2fewvPyK0XC32ezlAAAAAPAAAHWeD_EDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAXCQPK4BAMXBcK679WU3Olyfl90fAAAPASAAAAMKJAAFD2klABmuWycAAAAAAAAAACz_____MQPzrqUyAB8ifT0ADz4AD0QFh0WMAAAAACCZ2jyOJnVCZVEFAECQbgVwBQAQ0CaHLboYBgAAIDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhIjG3NKCWAp41X4BAQDWfgEBANjUDQDgLQAu6AhaMRisLiBmBwAAAHD3____rwdik9VmZpsMdsPZZrVwOAzL3WS4GAx2E-NgZJtMtudeRLfafeFy2ecwZafJZTmoBbKmyeW334QtRqvJZLMczpaLyWA4Go5G-xO40QAnaDgcLHaDxW6xGE4Wk9FgOVigQAwmOCHD0WayGu1Wu8lyOBmNZpvJBilatZqNNoPhajaZ7Xar4WC4HI2QojWL2WSymI2Wu81gORkNhpPhEGFqZppNPDbfWjBa2NaimW3jlrg2FrdmYRsON66Nb2YauUWvj-k03A1nLtsWBQOG9iK4SCeio-XlMB3-ntNbdLS8HKbD33O6iCWak0U6kV32tclqM7NNBrvhbLNaOByG5W4yXAwGu4lxMLJNJvvWzDSbeGy-tWC0sK1FM9vGLXFtLG7NwjYcblwb38w0coteH9NpuBvOXLZ9YzVbrobL4Wyyb6xmy9VwOZxN9h06w3f1ORul1XLJY5NKpMHFWOY0KFwGi_cnMS2m3dnB8_sdnSrVRWNsyL4JhdngMRgUsURwukgnopfxdBFLJE-LdKJxjSyezWaxcQxWvuXKsZjMZo7hcOVyzRyT1cpjEUuUpot0ohcd_a7Pw27yvPU2t-DjeStsNpfH9DK5Jc633G9yWT5_r1vktL0sP5fd9FY7zL6H5eVXjIa7zWai_mNDjEZz3WyuGCznmsEqAQAAAAAAAAAsYc68CQAAAMBpMJvFbLJaLoDEw_gutirBnsZZYWVx48cVdLS8HKbD33N6i46Wl8N0-HtOVwaQeBAH!&cmcv=&uv=23148&unm=SLIDER_INSTREAM&cb=1569589863703&abt=abtc_vA!expl_vC&baseReportD=taboola.com&dataCenter=am&
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589864.717839,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19157-FRA

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 206 10-tiny-travel-products-that-will-save-your-health.mp4
vidstatb.taboola.com/vid/ 3 MB
0 21ms
8ms Media
video/mp4 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstatb.taboola.com/vid/10-tiny-travel-products-that-will-save-your-health.mp4
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 ddd91cf4cd1b9310c0aee8953bc042e2.cloudfront.net (CloudFront), 1.1 varnish
age: 1078441
x-cache: Miss from cloudfront, HIT
status: 206
content-length: 4206759
x-served-by: cache-fra19172-FRA
content-range: bytes 0-4206758/4206759
last-modified: Thu, 29 Mar 2018 08:22:40 GMT
server: AmazonS3
x-timer: S1569589864.735119,VS0,VE0
etag: "58cd6d79263e5f9d809e8ed0c66132bd"
content-type: video/mp4
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2
accept-ranges: bytes
x-amz-cf-id: EXSRskSGBDvPkfQO3_X7kfkWk3j8eOkxheWk8dz4b5w7u5SakEuY0g==
x-cache-hits: 50352

GET
H2 200 desk_muted2.svg
vidstat.taboola.com/assets/video_controls/ 688 B
693 B 6ms
5ms Image
image/svg+xml 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/video_controls/desk_muted2.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b07af50f99890a6edd3601bb8cf2d7ebdb404904067925d794d1cd450e939f57

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/assets/player.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 4b35c814a2788c09b015e4cc052e552f.cloudfront.net (CloudFront), 1.1 varnish
age: 3172168
x-cache: Hit from cloudfront, HIT
status: 200
access-control-max-age: 3000
content-encoding: gzip
content-length: 376
x-served-by: cache-hhn4069-HHN
last-modified: Sun, 19 Nov 2017 12:19:28 GMT
server: AmazonS3
x-timer: S1569589864.724499,VS0,VE0
etag: "c374f9a1c65db8dd9f4b435bd1adb4ed"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA56
accept-ranges: bytes
x-amz-cf-id: qJJ-hcjE4vJH1LBNJ-A7Vtf-52RwRMAUsG8lGA4sKPB-jvwwCkUjww==
x-cache-hits: 355194

GET
H2 200 pause2.svg
vidstat.taboola.com/assets/video_controls/ 391 B
658 B 6ms
6ms Image
image/svg+xml 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/video_controls/pause2.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 437513ec64a0d4c9b838a51cf1e57bfb0d75586f35ddd91d0de1d01335fd0969

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/assets/player.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront), 1.1 varnish
age: 1687192
x-amz-meta-mtime: 1498396298
x-cache: Miss from cloudfront, HIT
status: 200
x-amz-meta-mode: 33188
content-encoding: gzip
content-length: 246
x-served-by: cache-hhn4069-HHN
last-modified: Sun, 02 Jul 2017 14:26:33 GMT
server: AmazonS3
x-timer: S1569589864.724663,VS0,VE0
etag: "0ae31cb3e45e52b441abf8cc6208a36e"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: QTHTgYGSSOYy5uLH3FfzkOjBY6YsD9l4jGRCLZHYer1PsPD_Vu0G6A==
x-cache-hits: 122945

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 6 KB
7 KB 165ms
165ms XHR
application/json 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=5302265&noaop=2&sortOrderType=0&cb=1569589863764&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1044&pt=-812829570&tz=120&viewable=true&ddast=V7v4ECFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmsFusVrvhZrccbIbAURTWbMMarXgL4mS3Gm4Gs8VwsFtMhrPBcgoOU3aaXJaDWiBrmlx-N1ih6XT4XPd60dHycpgOf8_prvG7_aKj3_V52E2et97mFnw8b4XN5vKYXia3xPmW-00uy-fvdYuctpfl57Kb3mqH2fewvPyK0XC32ezlAAAAAPAAAHWeD_EDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAXCQPK4BAMXBcK679WU3Olyfl90fAAAPASAAAAMKJAAFD2klABmuWycAAAAAAAAAACz_____MQPzrqUyAB8ifT0ADz4AD0QFh0WMAAAAACCZ2jyOJnVCZVEFAECQbgVwBQAQ0CaHLboYBgAAIDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhIjG3NKCWAp41X4BAQDWfgEBANjUDQDgLQAu6AhaMRisLiBmBwAAAHD3____rwdik9VmZpsMdsPZZrVwOAzL3WS4GAx2E-NgZJtMtudeRLfafeFy2ecwZafJZTmoBbKmyeW334QtRqvJZLMczpaLyWA4Go5G-xO40QAnaDgcLHaDxW6xGE4Wk9FgOVigQAwmOCHD0WayGu1Wu8lyOBmNZpvJBilatZqNNoPhajaZ7Xar4WC4HI2QojWL2WSymI2Wu81gORkNhpPhEGFqZppNPDbfWjBa2NaimW3jlrg2FrdmYRsON66Nb2YauUWvj-k03A1nLtsWBQOG9iK4SCeio-XlMB3-ntNbdLS8HKbD33O6iCWak0U6kV32tclqM7NNBrvhbLNaOByG5W4yXAwGu4lxMLJNJvvWzDSbeGy-tWC0sK1FM9vGLXFtLG7NwjYcblwb38w0coteH9NpuBvOXLZ9YzVbrobL4Wyyb6xmy9VwOZxN9h06w3f1ORul1XLJY5NKpMHFWOY0KFwGi_cnMS2m3dnB8_sdnSrVRWNsyL4JhdngMRgUsURwukgnopfxdBFLJE-LdKJxjSyezWaxcQxWvuXKsZjMZo7hcOVyzRyT1cpjEUuUpot0ohcd_a7Pw27yvPU2t-DjeStsNpfH9DK5Jc633G9yWT5_r1vktL0sP5fd9FY7zL6H5eVXjIa7zWai_mNDjEZz3WyuGCznmsEqAQAAAAAAAAAsYc68CQAAAMBpMJvFbLJaLoDEw_gutirBnsZZYWVx48cVdLS8HKbD33N6i46Wl8N0-HtOVwaQeBAH!&proto=2,3,5,6&dtagid=1683035&dpubid=331625&abtst=abtc_vA!expl_vC&mPre=0.033&encoded=1&pstn=1&cirf=https%3A%2F%2Fthreatpost.com&callback=&en=1&wfv=1&cdb=&gdprApplies=false&amp=0&qsz=6&ft=0&pb=0
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: 74457e37ab140ad32c71effbd371858cb86468bd0087eba95c2beb89e3dae8a7

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
via: 1.1 varnish
machineid: 1411
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 6624
x-served-by: cache-hhn4050-HHN
pragma: no-cache
server: nginx/1.13.12
x-timer: S1569589864.767887,VS0,VE159
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 389 B
696 B 322ms
321ms XHR
text/plain 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2347951784780625&correlator=470889088874678&output=ldjh&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&eid=21061865%2C21062415%2C21062420%2C21062818%2C21063636%2C21064366&vrg=2019091901&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190927&iu=%2F21707124336%2Fthreatpost%2Fheader&sz=970x250&eri=1&cust_params=UrlHost%3Dthreatpost.com%26UrlPath%3D%252Fthousands-of-pcs-affected-by-nodersok-divergent-malware%252F148733%26UrlQuery%3D%26category%3Dvulnerabilities%26contentid%3D148733%26contenttags%3Dproduction%252Chomecisco-talos%252Cclickfraud%252Cdivergent%252Cjavascript%252Cmalware%252Cmicrosoft%252Cnode-js%252Cnodersok%252Cpcs%252Cwindows-defender%252C&cookie_enabled=1&bc=31&abxe=1&lmt=1569589863&dt=1569589863853&dlt=1569589862167&idt=886&frm=20&biw=1585&bih=1200&oid=3&adx=308&ady=0&adk=151559616&uci=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&dssz=45&icsg=12929466368&std=3&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&fws=0&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

2d8df061b25dc555094b390cbb699feceee7cbe95b08807374e41c1604f3ee70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 204
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019091901.js Show response
securepubads.g.doubleclick.net/gpt/ 62 KB
24 KB 14ms
14ms Script
text/javascript 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019091901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

sffe /

Resource Hash

a29b20518a3bb583278ebb330cba43e072795b7009b39f3479819d00f0833064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Sep 2019 13:07:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24151
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:03 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ 0
0 22ms
7ms Other
text/html 2a00:1450:4001:806::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 5 KB
3 KB 543ms
543ms XHR
text/plain 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2347951784780625&correlator=470889088874678&output=ldjh&callback=googletag.impl.pubads.callbackProxy2&impl=fif&adsid=NT&eid=21061865%2C21062415%2C21062420%2C21062818%2C21063636%2C21064366&vrg=2019091901&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190927&iu=%2F21707124336%2Fthreatpost%2Fmedrectangle&sz=300x250&eri=1&cust_params=UrlHost%3Dthreatpost.com%26UrlPath%3D%252Fthousands-of-pcs-affected-by-nodersok-divergent-malware%252F148733%26UrlQuery%3D%26category%3Dvulnerabilities%26contentid%3D148733%26contenttags%3Dproduction%252Chomecisco-talos%252Cclickfraud%252Cdivergent%252Cjavascript%252Cmalware%252Cmicrosoft%252Cnode-js%252Cnodersok%252Cpcs%252Cwindows-defender%252C&cookie_enabled=1&bc=31&abxe=1&lmt=1569589863&dt=1569589863864&dlt=1569589862167&idt=886&frm=20&biw=1585&bih=1200&oid=3&adx=1093&ady=407&adk=689239265&uci=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&dssz=46&icsg=12929466368&std=3&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&fws=0&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b76747048a55f3a67c563c11b285d4b2d2bc7533b0a97f2701687018326df367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2498
x-xss-protection: 0
google-lineitem-id: 4748008077
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138239688448
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 388 B
364 B 784ms
784ms XHR
text/plain 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2347951784780625&correlator=470889088874678&output=ldjh&callback=googletag.impl.pubads.callbackProxy3&impl=fif&adsid=NT&eid=21061865%2C21062415%2C21062420%2C21062818%2C21063636%2C21064366&vrg=2019091901&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190927&iu=%2F21707124336%2Fthreatpost%2Ftower&sz=300x600&eri=1&cust_params=UrlHost%3Dthreatpost.com%26UrlPath%3D%252Fthousands-of-pcs-affected-by-nodersok-divergent-malware%252F148733%26UrlQuery%3D%26category%3Dvulnerabilities%26contentid%3D148733%26contenttags%3Dproduction%252Chomecisco-talos%252Cclickfraud%252Cdivergent%252Cjavascript%252Cmalware%252Cmicrosoft%252Cnode-js%252Cnodersok%252Cpcs%252Cwindows-defender%252C&cookie_enabled=1&bc=31&abxe=1&lmt=1569589863&dt=1569589863869&dlt=1569589862167&idt=886&frm=20&biw=1585&bih=1200&oid=3&adx=1093&ady=1759&adk=2784303562&uci=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&dssz=46&icsg=12929466368&std=3&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&fws=0&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

643c3a973c5db66a9cfe6a24637b0c86c057bdcb4a19973918b841387c48d1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 203
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 391 B
362 B 778ms
778ms XHR
text/plain 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2347951784780625&correlator=470889088874678&output=ldjh&callback=googletag.impl.pubads.callbackProxy4&impl=fif&adsid=NT&eid=21061865%2C21062415%2C21062420%2C21062818%2C21063636%2C21064366&vrg=2019091901&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190927&iu=%2F21707124336%2Fthreatpost%2Finterstitial&sz=2x2&eri=1&cust_params=UrlHost%3Dthreatpost.com%26UrlPath%3D%252Fthousands-of-pcs-affected-by-nodersok-divergent-malware%252F148733%26UrlQuery%3D%26category%3Dvulnerabilities%26contentid%3D148733%26contenttags%3Dproduction%252Chomecisco-talos%252Cclickfraud%252Cdivergent%252Cjavascript%252Cmalware%252Cmicrosoft%252Cnode-js%252Cnodersok%252Cpcs%252Cwindows-defender%252C&cookie_enabled=1&bc=31&abxe=1&lmt=1569589863&dt=1569589863876&dlt=1569589862167&idt=886&frm=20&biw=1585&bih=1200&oid=3&adx=792&ady=4788&adk=1322721597&uci=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&dssz=46&icsg=12929466368&std=3&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x4789&msz=1585x2&ga_vid=2110971136.1569589863&ga_sid=1569589863&ga_hid=329730295&fws=0&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

57dce1fcf31b9b71179857d0e099ce5e74c0c76bdaeab15374f3be892d591bf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 204
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109681207-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 2705
date: Fri, 27 Sep 2019 12:25:58 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Fri, 27 Sep 2019 14:25:58 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=329730295&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F&ul=en-us&de=U...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_gid=1981964101.1569589864&gjid=1321155147&_v=j79&z=41212692
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_v=j79&z=41212692
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_v=j79&z=41212692&slf_rd=1&random=1876692763

42 B
109 B

30ms
30ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_v=j79&z=41212692&slf_rd=1&random=1876692763

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:03 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-109681207-2&cid=2110971136.1569589863&jid=390589132&_v=j79&z=41212692&slf_rd=1&random=1876692763
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
267 B 132ms
132ms Script
application/javascript 104.244.42.131
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fthousands-of-pcs-affected-by-nodersok-divergent-malware%2F148733%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 125
pragma: no-cache
last-modified: Fri, 27 Sep 2019 13:11:03 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: caa94913d25a1fc30bafab285362c2d9
x-transaction: 003fba4800928855
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET

pixel
cm.g.doubleclick.net/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

0
0

GET

pixel
cm.g.doubleclick.net/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790696&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

0
0

GET
H2

200

av Show response
taboola-d.openx.net/v/1.0/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790696&gdpr=1
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790696&gdpr=1

48 B
231 B

24ms
23ms

XHR
text/xml

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790696&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:04 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 27 Sep 2019 13:11:04 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
location: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790696&gdpr=1
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

GET
H2

200

av Show response
taboola-d.openx.net/v/1.0/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1

48 B
299 B

19ms
19ms

XHR
text/xml

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:04 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 27 Sep 2019 13:11:04 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
location: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

GET
H2 200 view Show response
securepubads.g.doubleclick.net/pcs/ Frame A808 0
296 B 17ms
16ms Fetch
image/gif 172.217.16.194
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsszWt1UufeLcPnaFD_beR9EE70e9HBzi4TXmZMuL2_XSyj_-vRQdIGX3PN5sl2wDqSJR8IgJX3e0jW6zxRZSTbq0YmVWTWBFxrsIqHjRgnczNLqChfjG5ys_mucUMXyWhFDHwW7p5efgdco-s81Rd68yNsp6g2c0IFbleNYQ0wTyEx8ecSq3hpzhqELasRQb4Pv1mirF3vLQekeGbqFsvRYA0WjDCjjpgcaM9unnPz8UcDCAXzBRXX6uQyCzm-iCGav6YzHuKdQcJboyERtwjpao9YNOcAGYQQ&sai=AMfl-YRbfT-YY2mcOrPKTPyCWAOeVsrCzRu0PWyonVOlrteVuBQwRiNX_MKu10Gwuz6-kj9TSs8Och_LKXP7JPY88Xk_vmoVt-eF1auGqait&sig=Cg0ArKJSzDT6jtetAf6aEAE&urlfix=1&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 27 Sep 2019 13:11:04 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:04 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame A808 78 KB
29 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:816::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6182dfae0694d2f06ce0ba9e18b21af30bdc62b4878767761059e6f03cba08e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 27 Sep 2019 13:11:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1569237451959804"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29692
x-xss-protection: 0
expires: Fri, 27 Sep 2019 13:11:04 GMT

GET
H2 200 imgad
tpc.googlesyndication.com/pagead/ Frame A808 42 KB
42 KB 7ms
7ms Image
image/png 2a00:1450:4001:806::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCb5anbLhABGAEyCPoSv6zmhsEt

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

adf367f2a339008d2887a87273ffc9c2b6234cde7086da803f2b07965628a439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 25 Sep 2019 16:43:38 GMT
x-content-type-options: nosniff
server: cafe
age: 160046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
status: 200
cache-control: public, max-age=604800
content-disposition: attachment; filename="image.png"
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 43234
x-xss-protection: 0
expires: Wed, 02 Oct 2019 16:43:38 GMT

GET
DATA 200
OK truncated
/ Frame A808 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85d4b866372a8f28e38b66657c5779a7c5cbb51d124fe4499b5307c2627bef61

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame A808 42 B
115 B 14ms
14ms Image
image/gif 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv0Lx-twY1k1uY1AaIbdf3hXsNJoxwsyt7aNjVEsQ2TlCuR1s458HWErfMjDhTeMmhS6dgEBf6rBAEHKLOr4IBnF8Z4G5Syjv4Z_CkraHg&sig=Cg0ArKJSzPuIZw4jR2qtEAE&adk=689239265&tt=1522&bs=1585%2C1200&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&p=157,1093,407,1393&mcvt=1011&rs=3&ht=0&tfs=1525&tls=2536&mc=1&lte=1&bas=0&bac=0&met=no&avms=nio&niot_obs=1439&niot_cbk=1441&md=2&lm=2&rst=1569589864414&rpt=25&isd=0&msd=0&ext=mvo%3D-1%26brt%3D560&oseid=3&xdi=0&ps=1585%2C4538&ss=1600%2C1200&pt=1014&bin=1&deb=1-1-2-11-24-11-41-24-0-0-0&tvt=2529&r=v&id=osdim&vs=4&za&uc=11&upc=1&tgt=DIV&cl=1&cec=1&clc=1&cac=1&cd=0x0&itpl=19&v=20190923

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 OpportunityServlet Show response
opps.taboola.com/ 1 B
97 B 23ms
22ms XHR
text/plain 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://opps.taboola.com/OpportunityServlet
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

date: Fri, 27 Sep 2019 13:11:08 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589869.767592,VS0,VE17
x-served-by: cache-hhn4065-HHN
status: 200
x-cache: MISS
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 1
x-cache-hits: 0

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 6 KB
7 KB 72ms
71ms XHR
application/json 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=5302265&noaop=2&sortOrderType=0&cb=1569589869211&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=-1&seq=2&pv=1044&pt=-812829570&tz=120&viewable=true&ddast=V7v4ECFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmsFusVrvhZrccbIbAURTWbMMarXgL4mS3Gm4Gs8VwsFtMhrPBcgoOU3aaXJaDWiBrmlx-N1ih6XT4XPd60dHycpgOf8_prvG7_aKj3_V52E2et97mFnw8b4XN5vKYXia3xPmW-00uy-fvdYuctpfl57Kb3mqH2fewvPyK0XC32ezlAAAAAPAAAHWeD_EDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAXCQPK4BAMXBcK679WU3Olyfl90fAAAPASAAAAMKJAAFD2klABmuWycAAAAAAAAAACz_____MQPzrqUyAB8ifT0ADz4AD0QFh0WMAAAAACCZ2jyOJnVCZVEFAECQbgVwBQAQ0CaHLboYBgAAIDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhIjG3NKCWAp41X4BAQDWfgEBANjUDQDgLQAu6AhaMRisLiBmBwAAAHD3____rwdik9VmZpsMdsPZZrVwOAzL3WS4GAx2E-NgZJtMtudeRLfafeFy2ecwZafJZTmoBbKmyeW334QtRqvJZLMczpaLyWA4Go5G-xO40QAnaDgcLHaDxW6xGE4Wk9FgOVigQAwmOCHD0WayGu1Wu8lyOBmNZpvJBilatZqNNoPhajaZ7Xar4WC4HI2QojWL2WSymI2Wu81gORkNhpPhEGFqZppNPDbfWjBa2NaimW3jlrg2FrdmYRsON66Nb2YauUWvj-k03A1nLtsWBQOG9iK4SCeio-XlMB3-ntNbdLS8HKbD33O6iCWak0U6kV32tclqM7NNBrvhbLNaOByG5W4yXAwGu4lxMLJNJvvWzDSbeGy-tWC0sK1FM9vGLXFtLG7NwjYcblwb38w0coteH9NpuBvOXLZ9YzVbrobL4Wyyb6xmy9VwOZxN9h06w3f1ORul1XLJY5NKpMHFWOY0KFwGi_cnMS2m3dnB8_sdnSrVRWNsyL4JhdngMRgUsURwukgnopfxdBFLJE-LdKJxjSyezWaxcQxWvuXKsZjMZo7hcOVyzRyT1cpjEUuUpot0ohcd_a7Pw27yvPU2t-DjeStsNpfH9DK5Jc633G9yWT5_r1vktL0sP5fd9FY7zL6H5eVXjIa7zWai_mNDjEZz3WyuGCznmsEqAQAAAAAAAAAsYc68CQAAAMBpMJvFbLJaLoDEw_gutirBnsZZYWVx48cVdLS8HKbD33N6i46Wl8N0-HtOVwaQeBAH!&proto=2,3,5,6&dtagid=1683035&dpubid=331625&abtst=abtc_vA!expl_vC&mPre=0.033&encoded=1&pstn=1&cirf=https%3A%2F%2Fthreatpost.com&callback=&en=1&wfv=1&cdb=&gdprApplies=false&amp=0&qsz=6&ft=0&pb=0
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: 68468d8295f93786ee4ae9c75696ffd4e5649739d4c78fcc7fa73828027456b2

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

date: Fri, 27 Sep 2019 13:11:09 GMT
via: 1.1 varnish
machineid: 1410
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 6640
x-served-by: cache-hhn4050-HHN
pragma: no-cache
server: nginx/1.13.12
x-timer: S1569589869.214888,VS0,VE66
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET

pixel
cm.g.doubleclick.net/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

0
0

GET
H/1.1 200
OK ptv Show response
secure.adnxs.com/ 85 B
1 KB 54ms
25ms XHR
application/xml 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ptv?id=16414321&size=400x225&cb=R0.1569589869294&GDPR_APPLIES=1

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:11 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.41:80
AN-X-Request-Uuid: b9ef6b8c-d070-49c2-814e-275a3ccf21c0
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

av Show response
taboola-d.openx.net/v/1.0/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790697&gdpr=1
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1

48 B
231 B

21ms
21ms

XHR
text/xml

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:09 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 27 Sep 2019 13:11:09 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
location: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790697&gdpr=1
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

POST
H2 200 OpportunityServlet Show response
opps.taboola.com/ 1 B
80 B 23ms
23ms XHR
text/plain 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://opps.taboola.com/OpportunityServlet
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

date: Fri, 27 Sep 2019 13:11:13 GMT
via: 1.1 varnish
server: nginx/1.13.12
x-timer: S1569589874.766447,VS0,VE17
x-served-by: cache-hhn4065-HHN
status: 200
x-cache: MISS
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 1
x-cache-hits: 0

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 7 KB
7 KB 145ms
145ms XHR
application/json 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=5302265&noaop=2&sortOrderType=0&cb=1569589874211&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=-1&seq=3&pv=1044&pt=-812829570&tz=120&viewable=true&ddast=V7v4ECFgOMOc4m0larXgSMOc4m0larXgUAAAAGBjsHHEVhzTas0Yq3IE52q-FmsFusVrvhZrccbIbAURTWbMMarXgL4mS3Gm4Gs8VwsFtMhrPBcgoOU3aaXJaDWiBrmlx-N1ih6XT4XPd60dHycpgOf8_prvG7_aKj3_V52E2et97mFnw8b4XN5vKYXia3xPmW-00uy-fvdYuctpfl57Kb3mqH2fewvPyK0XC32ezlAAAAAPAAAHWeD_EDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAXCQPK4BAMXBcK679WU3Olyfl90fAAAPASAAAAMKJAAFD2klABmuWycAAAAAAAAAACz_____MQPzrqUyAB8ifT0ADz4AD0QFh0WMAAAAACCZ2jyOJnVCZVEFAECQbgVwBQAQ0CaHLboYBgAAIDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhIjG3NKCWAp41X4BAQDWfgEBANjUDQDgLQAu6AhaMRisLiBmBwAAAHD3____rwdik9VmZpsMdsPZZrVwOAzL3WS4GAx2E-NgZJtMtudeRLfafeFy2ecwZafJZTmoBbKmyeW334QtRqvJZLMczpaLyWA4Go5G-xO40QAnaDgcLHaDxW6xGE4Wk9FgOVigQAwmOCHD0WayGu1Wu8lyOBmNZpvJBilatZqNNoPhajaZ7Xar4WC4HI2QojWL2WSymI2Wu81gORkNhpPhEGFqZppNPDbfWjBa2NaimW3jlrg2FrdmYRsON66Nb2YauUWvj-k03A1nLtsWBQOG9iK4SCeio-XlMB3-ntNbdLS8HKbD33O6iCWak0U6kV32tclqM7NNBrvhbLNaOByG5W4yXAwGu4lxMLJNJvvWzDSbeGy-tWC0sK1FM9vGLXFtLG7NwjYcblwb38w0coteH9NpuBvOXLZ9YzVbrobL4Wyyb6xmy9VwOZxN9h06w3f1ORul1XLJY5NKpMHFWOY0KFwGi_cnMS2m3dnB8_sdnSrVRWNsyL4JhdngMRgUsURwukgnopfxdBFLJE-LdKJxjSyezWaxcQxWvuXKsZjMZo7hcOVyzRyT1cpjEUuUpot0ohcd_a7Pw27yvPU2t-DjeStsNpfH9DK5Jc633G9yWT5_r1vktL0sP5fd9FY7zL6H5eVXjIa7zWai_mNDjEZz3WyuGCznmsEqAQAAAAAAAAAsYc68CQAAAMBpMJvFbLJaLoDEw_gutirBnsZZYWVx48cVdLS8HKbD33N6i46Wl8N0-HtOVwaQeBAH!&proto=2,3,5,6&dtagid=1683035&dpubid=331625&abtst=abtc_vA!expl_vC&mPre=0.033&encoded=1&pstn=1&cirf=https%3A%2F%2Fthreatpost.com&callback=&en=1&wfv=1&cdb=&gdprApplies=false&amp=0&qsz=6&ft=0&pb=0
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.13.12 /
Resource Hash: cce2b513cc644edd88cb1789398514868f3af57383b342fa27a8d4dafef7eabf

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

date: Fri, 27 Sep 2019 13:11:14 GMT
via: 1.1 varnish
machineid: 1420
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 6676
x-served-by: cache-hhn4050-HHN
pragma: no-cache
server: nginx/1.13.12
x-timer: S1569589874.214671,VS0,VE139
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK ptv Show response
secure.adnxs.com/ 85 B
1 KB 22ms
22ms XHR
application/xml 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ptv?id=16414321&size=400x225&cb=R0.1569589874366&GDPR_APPLIES=1

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.4.4/OvaMediaPlayer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Fri, 27 Sep 2019 13:11:16 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.50:80
AN-X-Request-Uuid: cf2393c2-d316-41c8-86ff-fc1c45ca6c2b
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Content-Length: 85
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

pixel
cm.g.doubleclick.net/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790701&gdpr=1
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790701&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

0
0

GET
H2

200

av Show response
taboola-d.openx.net/v/1.0/
Redirect Chain

https://taboola-d.openx.net/v/1.0/av?auid=540790701&gdpr=1
https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790701&gdpr=1

48 B
231 B

24ms
24ms

XHR
text/xml

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790701&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Referer: https://threatpost.com/thousands-of-pcs-affected-by-nodersok-divergent-malware/148733/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 27 Sep 2019 13:11:14 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: clear
content-length: 48
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 27 Sep 2019 13:11:14 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
location: https://taboola-d.openx.net/v/1.0/av?cc=1&auid=540790701&gdpr=1
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Verdicts & Comments Add Verdict or Comment

322 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.threatpost.com/	1970-01-19 03:59:49	Name: _gat_gtag_UA_109681207_2 Value: 1
.threatpost.com/	1970-01-19 04:01:16	Name: _gid Value: GA1.2.1981964101.1569589864
.threatpost.com/	1970-01-19 21:31:01	Name: _ga Value: GA1.2.2110971136.1569589863
.taboola.com/	1970-01-19 12:45:25	Name: t_gid Value: a0a50194-9769-42a6-893f-eb3f6ec102e2-tuct4878fe7
.threatpost.com/	1970-01-19 13:24:18	Name: __qca Value: P0-826010540-1569589863214

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://pagead2.googlesyndication.com/pagead/js/r20190924/r20190131/show_ads_impl.js(Line 15) Message: getPageCorrelator undefined

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
a.volvelle.tech
adservice.google.com
adservice.google.de
analytics.twitter.com
assets.threatpost.com
bttrack.com
cdn.taboola.com
cdnjs.cloudflare.com
cds.taboola.com
cm.g.doubleclick.net
convammp.taboola.com
dm.hybrid.ai
googleads.g.doubleclick.net
graph.facebook.com
i1.wp.com
ib.adnxs.com
images.taboola.com
imprammp.taboola.com
kasperskycontenthub.com
match.adsrvr.org
match.taboola.com
media.threatpost.com
opps.taboola.com
pagead2.googlesyndication.com
pixel.quantserve.com
pixel.rubiconproject.com
px.powerlinks.com
rtb.mfadsrvr.com
rules.quantcount.com
sb.scorecardresearch.com
secure.adnxs.com
secure.gravatar.com
secure.quantserve.com
securepubads.g.doubleclick.net
static.ads-twitter.com
stats.g.doubleclick.net
t.co
taboola-d.openx.net
tagm.tchibo.de
threatpost.com
tpc.googlesyndication.com
trc.taboola.com
vidstat.taboola.com
vidstatb.taboola.com
wf.taboola.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
www.storygize.net
x.bidswitch.net
cm.g.doubleclick.net
104.244.42.131
104.244.42.5
130.211.13.252
146.148.8.25
151.101.112.157
151.101.113.140
151.101.114.2
151.101.114.49
151.101.14.2
151.101.14.49
172.217.16.194
172.217.23.130
18.196.229.216
185.33.223.221
192.0.77.2
192.132.33.46
2.16.31.65
2600:9000:20bb:5e00:0:5c46:4f40:93a1
2600:9000:20bb:a00:6:44e3:f8c0:93a1
2600:9000:20bb:a200:2:9275:3d40:93a1
2606:4700::6813:c397
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80b::200e
2a00:1450:4001:814::2008
2a00:1450:4001:816::2002
2a00:1450:4001:816::2003
2a00:1450:4001:818::2004
2a00:1450:4001:81b::2002
2a00:1450:4001:81d::2003
2a00:1450:400c:c08::9a
2a03:2880:f01c:20e:face:b00c:0:2
2a04:fa87:fffe::c000:4902
2a05:f500:10:101::b93f:9101
34.95.120.147
35.173.160.135
37.18.16.16
37.252.172.250
40.113.136.100
52.29.43.222
52.34.54.104
52.49.153.216
69.173.144.165
85.14.248.72
91.228.74.138
91.228.74.177
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0e00975ae92bda80f193c0c6f3382398f37021b69980df5137d2b35c349cc680
0eac1ff22bb875d24a2bf43334a1eb91f5a003513545c0aac8f476fb0d66f6b9
10eba73b3641332bde05fa8d6223e7017ac5207673602247c35f358ea89e3092
1c73246024e7b440f102b6f76e9ccc8a2d47648df022543d4a4a90e0bf3347df
1d23ee48be2ced238ad9b456fe1000ba06fce77a0cb759ab877453b0d559ded6
1d877b654697728723f01959ffbf74d70842fe9cf331f721be5701b61c217638
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
218087ed3854e672a6627b47c86b3a97e1dad722daa9f509fe522b33b01302a2
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d8df061b25dc555094b390cbb699feceee7cbe95b08807374e41c1604f3ee70
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
325b531693e02751ed5813cf66d9591e14804657efb228ea305b335356d2286a
33b9cfa85ac4128db561c2f1a037e68b359c57a05d41a5ec51315d805e1a06ad
37e0b3254ad68efdf322594ed7da51aeefa2cb191047d847fc5a0c4556647f13
3940c0a5605e181ecb8c44f2880752a0006e7a3557811dd61cda397a219eebec
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3dba93f65c632536a0fcba4dff71f82f7d6ae88b3a2814d82a1b1876558d79c1
3e519113583c968dd0daa3a70249fc54df7114ba2595bfe1644d2320e6d25aa5
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
437513ec64a0d4c9b838a51cf1e57bfb0d75586f35ddd91d0de1d01335fd0969
44ef9b8be9758f4944226128bcbd68f44fca4b8a4d272ad3288427bbd96accb8
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
51b7a583b42d20f16fa2755abe0e8fd716b3ec9378ec42500b0d894927598326
535f401ad4d0562612b8bcadc5edb6c194cb6a275f3915511f9d023cfc69fe2a
57dce1fcf31b9b71179857d0e099ce5e74c0c76bdaeab15374f3be892d591bf6
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
60f7c04e003009ea44b161f7a8c4c76f14ae490a3937ceaaf1be52e1a7e8aa60
6182dfae0694d2f06ce0ba9e18b21af30bdc62b4878767761059e6f03cba08e5
63f4f82cf06f230550429133b1cdc57ece980f534134bc947aabbdedb58fb612
643c3a973c5db66a9cfe6a24637b0c86c057bdcb4a19973918b841387c48d1df
680cad69593b3305366473c7d15c90a64352c989e2104b308528679b4890b5d5
68468d8295f93786ee4ae9c75696ffd4e5649739d4c78fcc7fa73828027456b2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e23be70b21c7317df7a3f98abc4213d5aec1a84b2a344ae9e472e1f7b5fe2e9
743a9da6b3e5df46d2d85ac70bbace49ac4410f6d7e5122b2ceacc813ce508e4
74457e37ab140ad32c71effbd371858cb86468bd0087eba95c2beb89e3dae8a7
74ff93b09f72be211b8e5eb18db4c01df228c3300ed075b498d8ded31421dbd4
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099
76c393f564f53c19e795307e622edc8657a603f7a816c2646385697286d11313
7bcd4a0e8e89d0029b5f7f75699ab37fc5a05e2bc6607b1b39e0df8796fb0348
7d5fe5b7c6ae7249e2eb8cbdc9c66b78919d237a628feaea0156a07013fdf67c
817f436b124438b59f73d675d72bd7c0c577355d897f7641c10927c201ad5c5d
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
85d4b866372a8f28e38b66657c5779a7c5cbb51d124fe4499b5307c2627bef61
9169f1e3791ba9800fdb2fa6a11263265eec65250276379853a4defff8a93d76
91ffef0e08af098862c5ee0b413103869650c929e0a65fbd29e5815e3b402609
93ebb1d614fa1e33c91a00ee803c268fcf812be0282ac38660f29a192109dc86
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb
9cbea3b33414cc05705f0e6e1959662a6398340bc7a53391f38b70958d2f404d
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a29b20518a3bb583278ebb330cba43e072795b7009b39f3479819d00f0833064
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f
a783d2ad42c380bc896219c080fa845d1e9f2e77483558103aeb296b95b85701
a8137dfdff8bb94b215455100bf27575aee28f6779b820e297363a8ee71708a9
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
a9f6c03ce6f4d1654f29f2136651e883198d509cb2e26af1c24b1f87b6ccae13
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adf367f2a339008d2887a87273ffc9c2b6234cde7086da803f2b07965628a439
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b07af50f99890a6edd3601bb8cf2d7ebdb404904067925d794d1cd450e939f57
b2effcb18f514a7896e737bdda537f2ef3b5bb989eb247f4ab2aa3facf1148ea
b76747048a55f3a67c563c11b285d4b2d2bc7533b0a97f2701687018326df367
bdf2b400964c0ab9b5c5ced9d4fa97dd0181b5ab5d27ac99e1b97771c7060dac
bffc7815dc11726c4d63e338ffc77426efedd2cc253fd538b44ff7c170807d8c
c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a
c77635c1d346c5471d294f59d0c4ef11f71c21f94e82087cbd99984c9aaa3cda
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cce2b513cc644edd88cb1789398514868f3af57383b342fa27a8d4dafef7eabf
d7625641666eb0d30c70ca6fa1cac3b0705486578733a364c9eff073045ae084
d7ba44e03247efd9fab0368aa77fd4cc25bfd55d5b172327c48a371a12890673
d80e5839d198279a97915c6ca1069c537210b27ab7327b12aca428639134e0c9
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cd4f1f8c496707beb1dd7a37c361bdf81deea0108a3ac762a88038c2a0982a
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e62361e724bdc7a5523e4545747e5a671ea84d0564ec47d10d9239dcea6ea959
e697ae92648ccad15ada450ecbd959853b72bb5b977112896334a50ddfc1c0b4
e7d9828ae6f573226c7d20873071b6c10f7c2064c667759f1df6b0440abc3483
ee4b6ac81622a15d376488d3a25228b90de031ac08f84dd9e1c4d2918c4a751a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

147 Requests

96 %HTTPS

37 %IPv6

35 Domains

56 Subdomains

37 IPs

8 Countries

1963 kBTransfer

8329 kBSize

5 Cookies

26 Outgoing links

Redirected requests

147 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

147
Requests

96 %
HTTPS

37 %
IPv6

35
Domains

56
Subdomains

37
IPs

8
Countries

1963 kB
Transfer

8329 kB
Size

5
Cookies

147 HTTP transactions
3 data transactions