urlscan.io logo urlscan.io
SecurityTrails logo

www.zdnet.com Open in urlscan Pro
2.18.233.143  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Submission: On December 24 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 30 IPs in 5 countries across 24 domains to perform 265 HTTP transactions. The main IP is 2.18.233.143, located in Ascension Island and belongs to AKAMAI-AS - Akamai Technologies, Inc., US. The main domain is www.zdnet.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on April 23rd 2019. Valid for: a year.
This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 2.18.233.143 16625 (AKAMAI-AS)
8 152.195.132.202 15133 (EDGECAST)
21 2a04:4e42:1b:... 54113 (FASTLY)
31 2a04:4e42:3::444 54113 (FASTLY)
18 172.217.21.194 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
27 2a00:1450:400... 15169 (GOOGLE)
1 35.190.38.167 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 151.101.14.110 54113 (FASTLY)
1 151.101.14.133 54113 (FASTLY)
7 2a00:1450:400... 15169 (GOOGLE)
2 162.247.242.18 23467 (NEWRELIC-...)
5 2.16.186.73 20940 (AKAMAI-ASN1)
92 23.210.250.213 16625 (AKAMAI-AS)
3 104.109.91.215 20940 (AKAMAI-ASN1)
2 4 172.217.21.198 15169 (GOOGLE)
2 13.35.253.127 16509 (AMAZON-02)
11 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2.19.38.84 20940 (AKAMAI-ASN1)
2 23.210.249.64 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
2 35.178.93.243 16509 (AMAZON-02)
2 3.8.11.1 16509 (AMAZON-02)
2 2 2a00:1450:400... 15169 (GOOGLE)
9 34.199.251.195 14618 (AMAZON-AES)
1 69.173.144.141 26667 (RUBICONPR...)
1 69.173.144.154 26667 (RUBICONPR...)
1 23.37.55.184 16625 (AKAMAI-AS)
265 30
8    2.18.233.143 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-143.deploy.static.akamaitechnologies.com
www.zdnet.com
8    152.195.132.202 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
cdn.cookielaw.org
21    2a04:4e42:1b::444 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
production-cmp.isgprivacy.cbsi.com
zdnet4.cbsistatic.com
zdnet2.cbsistatic.com
31    2a04:4e42:3::444 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
zdnet3.cbsistatic.com
zdnet1.cbsistatic.com
18    172.217.21.194 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.co.uk
27    2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com
www.googletagservices.com
googleads.g.doubleclick.net
adservice.google.de
pagead2.googlesyndication.com
1    35.190.38.167 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 167.38.190.35.bc.googleusercontent.com
urs.zdnet.com
1    2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
geolocation.onetrust.com
1    151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
js-agent.newrelic.com
1    151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
vidtech.cbsinteractive.com
7    2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
2    162.247.242.18 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net
bam.nr-data.net
5    2.16.186.73 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-73.deploy.static.akamaitechnologies.com
clipcentric-a.akamaihd.net
92    23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
cbsdfp5832910442.s.moatpixel.com
3    104.109.91.215 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-91-215.deploy.static.akamaitechnologies.com
tag.researchnow.com
4    172.217.21.198 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f198.1e100.net
ad.doubleclick.net
2    13.35.253.127 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-127.fra6.r.cloudfront.net
native.sharethrough.com
11    2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
cdn.ampproject.org
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
1    2.19.38.84 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-38-84.deploy.static.akamaitechnologies.com
ads.rubiconproject.com
2    23.210.249.64 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-249-64.deploy.static.akamaitechnologies.com
rev.cbsi.com
2    2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
2    35.178.93.243 (London, United Kingdom)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-178-93-243.eu-west-2.compute.amazonaws.com
mb.moatads.com
2    3.8.11.1 (London, United Kingdom)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-8-11-1.eu-west-2.compute.amazonaws.com
geo.moatads.com
2    2a00:1450:4001:820::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
9    34.199.251.195 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-199-251-195.compute-1.amazonaws.com
tr.clipcentric.com
1    69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
optimized-by.rubiconproject.com
1    69.173.144.154 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
beacon-eu2.rubiconproject.com
1    23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
Domain Requested by
55 px.moatads.com
19 z.moatads.com www.zdnet.com
securepubads.g.doubleclick.net
z.moatads.com
18 cbsdfp5832910442.s.moatpixel.com
18 securepubads.g.doubleclick.net www.zdnet.com
securepubads.g.doubleclick.net
www.googletagservices.com
18 zdnet3.cbsistatic.com www.zdnet.com
cdn.cookielaw.org
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
13 www.googletagservices.com www.zdnet.com
securepubads.g.doubleclick.net
rev.cbsi.com
pagead2.googlesyndication.com
13 zdnet1.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
11 cdn.ampproject.org securepubads.g.doubleclick.net
10 zdnet2.cbsistatic.com www.zdnet.com
zdnet3.cbsistatic.com
zdnet2.cbsistatic.com
9 tr.clipcentric.com www.zdnet.com
9 zdnet4.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
8 cdn.cookielaw.org www.zdnet.com
cdn.cookielaw.org
8 www.zdnet.com www.zdnet.com
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.zdnet.com
5 pagead2.googlesyndication.com optimized-by.rubiconproject.com
pagead2.googlesyndication.com
5 clipcentric-a.akamaihd.net www.zdnet.com
4 googleads.g.doubleclick.net www.zdnet.com
pagead2.googlesyndication.com
4 ad.doubleclick.net 2 redirects www.zdnet.com
3 tag.researchnow.com www.zdnet.com
3 adservice.google.com securepubads.g.doubleclick.net
www.googletagservices.com
pagead2.googlesyndication.com
2 adservice.google.de www.googletagservices.com
pagead2.googlesyndication.com
2 www.google.com 2 redirects
2 geo.moatads.com z.moatads.com
2 mb.moatads.com z.moatads.com
2 fonts.gstatic.com www.googletagservices.com
2 rev.cbsi.com www.zdnet.com
2 native.sharethrough.com www.zdnet.com
2 bam.nr-data.net js-agent.newrelic.com
www.zdnet.com
2 production-cmp.isgprivacy.cbsi.com www.zdnet.com
1 eus.rubiconproject.com www.zdnet.com
1 beacon-eu2.rubiconproject.com www.zdnet.com
1 optimized-by.rubiconproject.com ads.rubiconproject.com
1 ads.rubiconproject.com www.zdnet.com
1 fonts.googleapis.com securepubads.g.doubleclick.net
1 vidtech.cbsinteractive.com zdnet2.cbsistatic.com
1 js-agent.newrelic.com www.zdnet.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 urs.zdnet.com zdnet2.cbsistatic.com
1 adservice.google.co.uk securepubads.g.doubleclick.net
265 39
Subject Issuer Validity Valid
www.cbs.com
GeoTrust RSA CA 2018		 2019-04-23 -
2020-07-22		 a year crt.sh
sa437gl.wpc.edgecastcdn.net
DigiCert SHA2 Secure Server CA		 2018-05-17 -
2020-08-19		 2 years crt.sh
*.isgprivacy.cbsi.com
DigiCert SHA2 High Assurance Server CA		 2019-10-07 -
2021-10-14		 2 years crt.sh
*.cbsistatic.com
DigiCert SHA2 High Assurance Server CA		 2019-02-22 -
2021-02-26		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.zdnet.com
DigiCert SHA2 High Assurance Server CA		 2017-12-12 -
2020-12-15		 3 years crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA		 2018-03-12 -
2020-06-14		 2 years crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-04-10 -
2020-03-21		 a year crt.sh
vidtech.cbsinteractive.com
DigiCert SHA2 High Assurance Server CA		 2018-12-13 -
2020-12-17		 2 years crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.nr-data.net
GeoTrust RSA CA 2018		 2018-01-11 -
2020-03-17		 2 years crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1		 2019-08-13 -
2020-08-12		 a year crt.sh
moatads.com
DigiCert ECC Secure Server CA		 2018-11-10 -
2020-02-09		 a year crt.sh
*.researchnow.com
DigiCert SHA2 Secure Server CA		 2019-08-16 -
2020-11-14		 a year crt.sh
*.doubleclick.net
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.sharethrough.com
Amazon		 2019-10-07 -
2020-11-07		 a year crt.sh
misc-sni.google.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-02-13 -
2021-02-17		 2 years crt.sh
*.moatads.com
DigiCert SHA2 Secure Server CA		 2019-03-12 -
2021-06-10		 2 years crt.sh
clipcentric.com
Amazon		 2019-09-08 -
2020-10-08		 a year crt.sh

This page contains 19 frames:

Primary Page: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Frame ID: 3E67B64A44AF9D8BCF8EE2520A5A69BE
Requests: 167 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu1lw5JN12dYchotBUCqg-sFGHfYNzpolShF-OcdYaEpZtmexWYniCAIgi_lquJTrSRoKcBF563q7FVtaY5RKk1wwfk-3lptvs6ipMBO9_TpALo1DF2vf5MWk58ecW0I6hLWLiLv5OXZzrlXDGCkuy86SR_dKrrrHb4QiTUA0ZmeS5DSDeIMVAju8WcQkLdOipJb38jeE5-g4X0Au379sqAwWt2FT5DLdcLXMNQOiVpKc0ISy0zSfqU9qUIUoSmOMX6Bm5xCio3qPg8vQ&sai=AMfl-YTSaUVK7w1w9uHDluyd8u6UHDIeO5rzZdIuN9mckh1zp1aBw5Du0DgcwVbc71hDnBRcwtsypD0Mm3yyIqQpq3fwnorr7zE3fuuC7D9-&sig=Cg0ArKJSzJmNeKv1luBHEAE&urlfix=1&adurl=
Frame ID: 3C16806B034FFDF8F8383586DA03960B
Requests: 24 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstIs6N5Te774fP_3XtHlIa_dzgtE0qzoh7rjxu6E_mVx5m_S8lp2TSUc4o-KX0R0uxj59-z_Gmwm6iJrzzJawdDiJFJ_H6B9Jv9FgJeeMcJbGvzQYubLaaPTVVRU7E2MFp_CAv8npfZAZphHSXCinJGQTkW4cTi9gHYyVXl1WxfhTv46m8I9FJEjn-KSQLvOrop7sIdAw7n4DLrKX-wIdS7SeUxXERq3kcimaDJsCHyp7HPXc7HLnnKAecsgt16jy_DqcLO5YS5&sai=AMfl-YReJ7iXyW3fyA56u2EuAsYRhhyrkbzJl3oejXWQCJR6tqrCQbzPT5DJkIo0C4xGy8FGyHiD3B2cVIGtgzOeIKYO26MKkK1upNKwNcrS&sig=Cg0ArKJSzBjpca62ilDnEAE&urlfix=1&adurl=
Frame ID: 45912DACB17AAE22FA5B56AB2BC6DFF8
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssbrmvqjzSEmqWtdUt8bWjEDKDiUwzRKjmlK1Y0IA3yNUFRWnx_HPYzDSlmTHdIa2neaXUdncaW96sQ01DY2r0suZrFk4UCKbI4GjjXRi82zTAYxkj5pBdWBJARGvha8Oqzc-3ncC4lQ2-JVy6aTPczSBk0oKeDaGbxXDCezpRYerQdwwFxqVWKw3-yaDBC_-JDPkAqS7hzvMFRgkkNqod_xsTX5ux83Vdcbd6A6K01p-sRay4lvN0ydlodM2AeqJJawQYV54KK&sai=AMfl-YRGSPnQgXH0f9aorrt2WBYsSIkOVYlF3rjnKrjTDDlbnTkbzaCpZl4rglRS2Nwvw6uiKSmqnKgFnyOq5WfkWPT-CO8cornfUE8p5PUd&sig=Cg0ArKJSzBX6N0vM9WtrEAE&urlfix=1&adurl=
Frame ID: 0A355B850C88178748EB39BE4A28AD22
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZ0o1GvKpXjT9fP2NU-nKEk4e07O0AwgPemoV-OJBJw9Ur3krJIDn6Q1ujv-kBX26jgnXZjih79lrLjSim32USV56hYvm_B4ixFJUXdOv5XbsXq9O2gHap8_0dxbpMMnc7j_0eG7LwTrDUYZ_gKjs7pTTlaCzAFKavNdWPl_uiW9ShdetNWCh9ARkiAJTttYR-rXssVSvU0Fihkos78ZyT-qk-PjQW-O-6FOY11xw-sGW9qwdBJLXIsaolMUKICN2lwZDvmRsye-Zd1g&sai=AMfl-YTmtRig8nUSfQpkOm917dcr9hNr-Bu04f8tzxC9BmwZ2yzZUAsD8SrRVdQxehMVet_IKbmZ7-pIKZ08oKwU3dFHg_UHzbUHCuAKu09Y&sig=Cg0ArKJSzJWHbB_RV_O7EAE&urlfix=1&adurl=
Frame ID: E93FFBAEE5237FF2F5BAC759A42021B2
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011912050130240/amp4ads-v0.js
Frame ID: 1C29C9B2B7071040634006DDA4650AA4
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011912050130240/amp4ads-v0.js
Frame ID: 6F9A5B5D594D009BE725551359636D75
Requests: 11 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPSXdKSMyFEm-At2NCzVGSFidq4c18VKLrfGnhxr_YgBo16l0aUz5QLr2jAC39vR221vruEIBPYj-R2goBeEWv5l8FJKzyedCfqalfDE5WSWh4UArrD64FEP7-l-F5ERyM0YNx0JTzC2S82Yw4TlPnf2KQ20UtAYIReDbKIwQWp7hM9E-1u20a6Trt50jzER57x3QiyigqAxoUM0c0ZrKofiol30jpC14u5jW7FkdTcsZVzFvfRrVumxZJqIjXPhwKIZdHybge&sai=AMfl-YSyZvhyo6Vc7I1pYdTXIKO8riemSGkBGkHtLab-ZgFsmkKjJz3rh_Oyf6vYqiit8iI2wd0E_c9cEL8DC64_k8ts5WzU2uadBOtQd9IT&sig=Cg0ArKJSzKnzexa2BYy6EAE&urlfix=1&adurl=
Frame ID: 1A2BD0749F538C17173E68FD38CDFDC5
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNQ5MDmSHY2sCX-AoS8IaT3GvBjV4yJH6P_qSI-4-KheRc-G97kyqWIR94ZKbCpXsiT-a6oVjtYQWfRI6U4_ZdpIjSZAs6CoJ1vGfipgHu_DpQqqhcxHmf1nzatzeSk7bQfYQccWzshKJA9h-liuhWDskF2jMfXHI93K-R8qLhrREOo2hcdvAQvPf2NqB-h1y2VnAkUMz_EHK9tvmsqba3AjHFjseCfHlIuwfU8qLCOodkdzur0zE5cIcio9m6VY1LTwI&sai=AMfl-YRZn14yzNp7mkBxMRvyyKN-knlxCXhL4p2w2csB94O7h5DnOyeFr6jt7gByjR1soueRe6yvXEo4xv6pAvmiEzsRVeA5J2n0nUG0II7S&sig=Cg0ArKJSzCGpVH5dz_eMEAE&urlfix=1&adurl=
Frame ID: 7B1689F9EEE966477017BAE95890DC4F
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAvuF6GSq8q7zikC4VgsrTjCZgye6-Ar5pOIFX7S5aKCNJfAvlboXcf5Bh5eOL6W_6f4jYTQzwJ2GAlW8O19fHDGg0_Ld0eJnIMdZSsOQYAz9Mfp5E9V10IXXUsFokTnjYXNAQsfTafM2hAe31-l-beDOfj6mt6IqoNKO6u2Cpz6ACF9SG2Lv74SQt3KS5RJsLhn7yRfbJOOC7p_FyFRZY-wvCcGnixATdyOG3P90enaGADLo3hikVcpj-pJjw9vD_Mj4EBdlq&sai=AMfl-YTfYXqmGPwwaDhs7HlwGTcexj8_78R9pp_Sx_j9pIqNPp0HkOCqp5Q84VEFW962CGmBwKYxUOagB0m7CQi7DgOamXQDdy4oNCdotTox&sig=Cg0ArKJSzDVOyg1HVcL0EAE&urlfix=1&adurl=
Frame ID: 49AE212469754609DBFC2D3B98B55399
Requests: 12 HTTP requests in this frame

Frame: https://z.moatads.com/fallback/ad.js
Frame ID: 23CA56775276DB939DC6DAED74E4DF44
Requests: 2 HTTP requests in this frame

Frame: https://z.moatads.com/fallback/ad.js
Frame ID: 3D5F8A057F6015F6E74D54CD5B79BE59
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3E1CBA106DEF87D719438448005785A3
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: DE8FB8E9EB6646B468BC96D2CCD9AAAB
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20191205/r20190131/zrt_lookup.html
Frame ID: 11B78E19AB5836F19F0E844FFABC8E3D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=uk
Frame ID: AC7761AF471334487643418FEA2CA2D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1991679624331369&output=html&h=90&slotname=3084619100&adk=2606246846&adf=52413253&w=728&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1577183854072&bpp=16&bdt=719&fdt=59&idt=59&shv=r20191205&cbv=r20190131&saldr=sa&correlator=8380280534437&frm=23&ife=4&pv=2&ga_vid=704004758.1577183854&ga_sid=1577183854&ga_hid=1223889316&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=5432&biw=1585&bih=1200&isw=728&ish=90&ifk=3071934195&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=3851907101642893&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.knzf8fd1qoub&btvi=1&fsb=1&dtd=70
Frame ID: 5C4034035CD1D7C17D748BCF8FF94EC3
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss4LiBk1ULSuM53mmDOOlgdWdcNnnSpLJPzv76X9MXDFAYk6JIMyejh2u7F7P2krTOdj8z45E6e11gr49mZjlHTEbJT0cUz9EWYD_8hnCoW0XRvWkZ6xgjoP__cSuchnM5QgdCorLGsRqhrjB072djN_Qrtw4WbX2E1ZOW519evh9_dq9MzoVSGP88vbp-maPTtOscakjFHb9H8zDZZrAjTttUztoIVGLaXIvg62978wVXbnpXb5_zTrJFqsf-zCzyTvVTTOcR4&sig=Cg0ArKJSzDonimX_spbNEAE&urlfix=1&adurl=
Frame ID: 9079712F0DEF2C6FEF2B00E9C9CA81D6
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssr8_zyjksUTZUTAlVtxwUlK-B4EJu4mEkYZkWT5s3xymQdng6qBeHLd1PcR_BYkfcqT4EAojAHRp6MIUkt34E-kcpiFv9j9WB0nSoY5Jo1JxfDOLBG85dmW-SZ92k5nMQBzK3as1MwKnbzyHxlrnUUyN6CO1RiaC2I3SCD2XfbcE7bwTgxQB1TjyaUeKPdf3s46rVIBSrl-swl7M_8epvGZYzL36PrordDfofZYprJCvMCK2Kk2mSyEbnTwL30DbMjC8dLUkTB&sig=Cg0ArKJSzP-qQVttwJwGEAE&urlfix=1&adurl=
Frame ID: 056895BD11E05C938B6D6AE869D7E213
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

265
Requests

100 %
HTTPS

33 %
IPv6

24
Domains

39
Subdomains

30
IPs

5
Countries

4222 kB
Transfer

11672 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92
  • https://ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/B23395875.258480865;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/B23395875.258480865;dc_pre=CKroz9qLzuYCFQ6-dwodv7gKoA;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Request Chain 139
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 140
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 148
  • https://ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/B22814289.249203913;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/B22814289.249203913;dc_pre=CKu05NqLzuYCFQn2dwoddrkG0Q;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

265 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/ 		485 KB
111 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e1217573334153832a852ee5049d8c3019127c23035b448780c1bb8e92a14969
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.zdnet.com
:scheme
https
:path
/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
server
nginx
content-type
text/html; charset=UTF-8
cache-control
max-age=5400, private
x-tx-id
fe06b013-7076-41de-933c-dfa18e9507b2
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
expires
Tue, 24 Dec 2019 12:07:31 GMT
last-modified
Tue, 24 Dec 2019 10:37:31 GMT
content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://www.zdnet.com
content-encoding
gzip
accept-ranges
bytes
x-akamai-transformed
9 - 0 pmb=mTOE,2
date
Tue, 24 Dec 2019 10:37:31 GMT
set-cookie
fly_device=desktop; expires=Tue, 31-Dec-2019 10:37:31 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "gb"}; expires=Tue, 31-Dec-2019 10:37:31 GMT; path=/; domain=.zdnet.com; secure fly_preferred_edition=uk; path=/; domain=.zdnet.com; secure fly_default_edition=uk; path=/; domain=.zdnet.com; secure ak_bmsc=C29022FB947963D30782284505E9206D0210BA84120C00006BEA015ED1CA1564~pl1Ji0lqrfyjlrwSnFpI6MGlTgylAdB103AUXd0Aj+Lu86xBuqX3mO4aKGZ+NcUo4Br+EV4VFN3PESzoHxTCdC3UGRJ6bj/l7T5iN+34AH4i75zOO6n6IG7Yr9kdJB1rYCXiXYuiYXMsleHUn0iu9BWsaAn6zm8Rw8hoAdH3orkyiRROoRCRHGVn7V6dilNxB9Tk+HPVfBzcTe25H6y0FbJ5jZUWpLdLa19EkQnzBb7QI=; expires=Tue, 24 Dec 2019 12:37:31 GMT; max-age=7200; path=/; domain=.zdnet.com; HttpOnly bm_mi=56F38AABEA46E540A6E354CC57C300DB~ZHbg5fKnZ2xSDBYBC7YQ4kvaOB4C9U+QWB0kiZB4gVGEf/wrJG5KKtmbKqTetCZBBLL/pKv5ELFM03kKirby+rUTY4r/7Ndfiq/CvLkeUkT9nDCCxgj1/LjWmDRNSaQw58P1edtjVKUFJB+Z+CWcYi7GPenXzUdrWrH8mcM8rVlKld8Ji5YM/oYiomQoOUf58Z7MKcFy1MPkC7WXDlH4Bw4ohZCkD6byLdURTkZvXwUZoXzGosUwZy4dsUcgDTFaADF/BJBS2XFBU3LD0qWmg548kRW3JvQeJay/FFD8T9PPoeBFVgaKPyEBR+uK4f16; Domain=.zdnet.com; Path=/; Max-Age=0; HttpOnly
vary
Accept-Encoding, User-Agent
strict-transport-security
max-age=63072000; includeSubDomains; preload
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		8 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8C8F) /
Resource Hash
c2bdfd6b334593875cb7e009a4ae681f003edf8118a0ae5bb7568216ece5d1d2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
N+X1Ey3qPn/rRLT3KAw9zQ==
x-cache
HIT
status
200
content-length
2682
x-ms-lease-status
unlocked
last-modified
Mon, 23 Dec 2019 19:59:26 GMT
server
ECAcc (lha/8C8F)
etag
0x8D787E29D009069
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8f9cf9e4-a01e-0050-6a34-bac7ee000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
optanon.js
production-cmp.isgprivacy.cbsi.com/dist/ 		33 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://production-cmp.isgprivacy.cbsi.com/dist/optanon.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
179f3cc83c64c6613775e012c8bcbb2b1b562418e843e60b5e2448c6a870d651
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3427
via
1.1 varnish
x-cache
HIT
status
200
strict-transport-security
max-age=31536000; includeSubDomains
content-length
9587
x-xss-protection
1; mode=block
x-served-by
cache-hhn4067-HHN
x-amz-id-2
kwxxKtr9tDKA1XcPGU8FC+jIAVu/7gITiz2C3sxmEDoMhpyIQDyI6tZTo4U/q8h7bLHj4CRlcCw=
last-modified
Wed, 18 Dec 2019 16:35:07 GMT
x-timer
S1577183852.063583,VS0,VE0
x-frame-options
SAMEORIGIN
etag
"a64fe4d6f014686fdcd5cb1504d81ebc-1"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
accept-ranges
bytes
x-cache-hits
269
bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c.json
cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c.json
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8D83) /
Resource Hash
10c01f96805811a6b3ebd50e5f206404156f9d0b044755c0fbee8618bb5e1cf1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
H0dCP0CtRbCd/Wo2M5qx7A==
x-cache
HIT
status
200
content-length
2084
x-ms-lease-status
unlocked
last-modified
Tue, 17 Dec 2019 06:27:58 GMT
server
ECAcc (lha/8D83)
etag
0x8D782BA4244E1D9
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
cc2ce7db-801e-002a-4642-baada3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
moatheader.js
z.moatads.com/cbsprebidheader506831276743/ 		0
0
main-154661365f-rev.css
zdnet3.cbsistatic.com/fly/1912-fly/css/core/ 		342 KB
62 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ca977fdfa32b5304b22635faa808e8170d0c463505999196c03c6329fb84172b
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316788
status
200
cneonction
close
strict-transport-security
max-age=31536000
content-length
63509
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:32:40 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd13c8-559a6"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:43 GMT
controls-78dbc3e612-rev.css
zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-78dbc3e612-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
78e780a5f2d37b9e42ce78c9a6b875117cd42d3a540b10f670cfb97db2213c8f
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316788
status
200
strict-transport-security
max-age=31536000
content-length
3687
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:32:55 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd13d7-4408"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:43 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8C8F) /
Resource Hash
c2bdfd6b334593875cb7e009a4ae681f003edf8118a0ae5bb7568216ece5d1d2

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
N+X1Ey3qPn/rRLT3KAw9zQ==
x-cache
HIT
status
200
content-length
2682
x-ms-lease-status
unlocked
last-modified
Mon, 23 Dec 2019 19:59:26 GMT
server
ECAcc (lha/8C8F)
etag
0x8D787E29D009069
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8f9cf9e4-a01e-0050-6a34-bac7ee000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
68a684637fdf242a9f0a053e94e5c23aee96754ab6a977ba2d7e2cba8cc13c34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"376 / 738 of 1000 / last-modified: 1576520981"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
15830
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:32 GMT
optanon.js
production-cmp.isgprivacy.cbsi.com/dist/ 		33 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://production-cmp.isgprivacy.cbsi.com/dist/optanon.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
179f3cc83c64c6613775e012c8bcbb2b1b562418e843e60b5e2448c6a870d651
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3428
via
1.1 varnish
x-cache
HIT
status
200
strict-transport-security
max-age=31536000; includeSubDomains
content-length
9587
x-xss-protection
1; mode=block
x-served-by
cache-hhn4033-HHN
x-amz-id-2
kwxxKtr9tDKA1XcPGU8FC+jIAVu/7gITiz2C3sxmEDoMhpyIQDyI6tZTo4U/q8h7bLHj4CRlcCw=
last-modified
Wed, 18 Dec 2019 16:35:07 GMT
x-timer
S1577183852.099630,VS0,VE0
x-frame-options
SAMEORIGIN
etag
"a64fe4d6f014686fdcd5cb1504d81ebc-1"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
X-CDN
accept-ranges
bytes
x-cache-hits
238
50b4e13a
www.zdnet.com/akam/11/ 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/akam/11/50b4e13a
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a9a723f6804ffe8fe8a32992982f630be7c335d33205c03f0ebf25a585adae0f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
last-modified
Thu, 02 May 2019 20:07:50 GMT
etag
"b1ee6ca30f638905797a1f8cdcd812d9c9fa4fb9d6210d651bdf3bf0118ba452"
vary
Accept-Encoding, User-Agent
content-type
application/javascript
status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
10462
truncated
/ 		917 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
catalin-cimpanu.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/ 		910 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/catalin-cimpanu.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ba2fa15976662b87f31dccdd53d415b927f2118760fdafc4ac21dd2c1b234ff3
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
7778525
status
200
nncoection
close
strict-transport-security
max-age=31536000
content-length
910
x-xss-protection
1; mode=block
last-modified
Mon, 03 Sep 2018 02:32:23 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 24 Sep 2020 09:53:51 GMT
lilocked-victim.png
zdnet4.cbsistatic.com/hub/i/2019/09/06/d5d57b26-a6ac-4e44-88a8-98db5c887a74/ 		41 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/2019/09/06/d5d57b26-a6ac-4e44-88a8-98db5c887a74/lilocked-victim.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
108c9792bf1a8514e6c69e10e9850a848863bebb588972b3a415bce5993ffe6d
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
38067
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"8f012eb115c6b37cd310b1643497d6d6"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
require-2.1.2.js
zdnet2.cbsistatic.com/fly/1912-fly/js/libs/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
f96f203f5605c9f56e7f6f97caf6ea84f122872ec3c5ac1f9037a1b508c706ee
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316788
status
200
strict-transport-security
max-age=31536000
content-length
6305
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:32:31 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd13bf-3f09"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:43 GMT
mag-white01.png
zdnet1.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/core/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/core/mag-white01.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316786
status
200
strict-transport-security
max-age=31536000
content-length
936
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:28:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd12da-4f1"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:45 GMT
Raleway-Bold.woff2
zdnet3.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		51 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Bold.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
9db8bd3e641dc88d54edf476a148e75e29b4e8ccd040cb340404d557578dcfbd
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
Origin
https://www.zdnet.com

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
13293919
status
200
strict-transport-security
max-age=31536000
content-length
52212
x-xss-protection
1; mode=block
last-modified
Tue, 23 Jul 2019 09:13:41 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5d36cfc5-cbf4"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jul 2020 12:03:46 GMT
Raleway-Light.woff2
zdnet3.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		50 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Light.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
6de73873dd441f953668e77030299f082e0f3e6335bf944d88d44978162e6609
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
Origin
https://www.zdnet.com

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
13883437
status
200
strict-transport-security
max-age=31536000
content-length
51608
x-xss-protection
1; mode=block
last-modified
Tue, 16 Jul 2019 08:38:39 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5d2d8d0f-c998"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jul 2020 18:06:51 GMT
Raleway-Regular.woff2
zdnet3.cbsistatic.com/bundles/zdnetcss/fonts/raleway/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/bundles/zdnetcss/fonts/raleway/Raleway-Regular.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
66ef1b7581d8ef7b82bfe2ca363a612a479d89b808e2241f68d3e8c75f4f06d4
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
Origin
https://www.zdnet.com

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
13337613
status
200
strict-transport-security
max-age=31536000
content-length
51572
x-xss-protection
1; mode=block
last-modified
Mon, 22 Jul 2019 16:01:41 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5d35dde5-c974"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jul 2020 01:11:57 GMT
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
logo.png
zdnet3.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/core/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/core/logo.png
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316786
status
200
strict-transport-security
max-age=31536000
content-length
4128
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:28:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd12da-1009"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:44 GMT
bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c.json
cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c.json
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8D83) /
Resource Hash
10c01f96805811a6b3ebd50e5f206404156f9d0b044755c0fbee8618bb5e1cf1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
H0dCP0CtRbCd/Wo2M5qx7A==
x-cache
HIT
status
200
content-length
2084
x-ms-lease-status
unlocked
last-modified
Tue, 17 Dec 2019 06:27:58 GMT
server
ECAcc (lha/8D83)
etag
0x8D782BA4244E1D9
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
cc2ce7db-801e-002a-4642-baada3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d54f94df1233ab7224af68f63fe3df27584c4c01d70b2e65bcdc774ba05c6b41

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/5.9.0/ 		325 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/5.9.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8DD0) /
Resource Hash
f7aa4714e096a10d27792f4c9f0f5a66d14c7e625d618bc2dcaa02c3b3113d0a

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
ogbvarzU0fhMH1X6yZRgBg==
x-cache
HIT
status
200
content-length
80123
x-ms-lease-status
unlocked
last-modified
Tue, 17 Dec 2019 20:41:27 GMT
server
ECAcc (lha/8DD0)
etag
0x8D783317D662F3E
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
70f5d911-c01e-00ea-683a-ba27e7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
main.default.js
zdnet3.cbsistatic.com/fly/1912-fly/js/ 		214 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
9a5d37f8875c93f05a42eba17dd0dd3529db70234feba6fb73cfc14936c3f47a
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316787
status
200
strict-transport-security
max-age=31536000
content-length
72485
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:32:33 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd13c1-35773"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:44 GMT
integrator.js
adservice.google.co.uk/adsid/ 		109 B
778 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2019121002.js
securepubads.g.doubleclick.net/gpt/ 		163 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
216fd62bccc74ef4e4d35292cd4874e7072a4fb30685afb6235d894a3ec1a2df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Dec 2019 17:29:18 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
60922
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:32 GMT
urs.js
urs.zdnet.com/sdk/ 		50 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://urs.zdnet.com/sdk/urs.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.38.167 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
167.38.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ffaeeea8b8a09eda9e1eb2f2dc2c9ae055afb7fdbd4d88f57f324f8cad1d4ac5

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
via
1.1 google
last-modified
Thu, 07 Feb 2019 14:05:56 GMT
etag
"5c5c3b44-c7f5"
content-type
application/javascript
status
200
accept-ranges
bytes
alt-svc
clear
content-length
51189
scrolling-mpu-22779a851e-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		956 B
809 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/scrolling-mpu-22779a851e-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
4d565f67641c732365c3180ec1e37c7a987825faad3e8632de8a07a9101feedd
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
497482
status
200
strict-transport-security
max-age=31536000
content-length
491
x-xss-protection
1; mode=block
last-modified
Mon, 16 Dec 2019 17:50:05 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5df7c3cd-3bc"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Dec 2019 16:26:10 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		115 B
452 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.9.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6109d5731632d64df9eb483fcde4fb912fbe0e95eab63b7db6739f7a3f6ee757
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
strict-transport-security
max-age=0; includeSubDomains; preload
cf-ray
54a1f0c53dbdcba8-VIE
en.json
cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bac19328-3673-4434-b575-5b669b4d361d/ 		55 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bac19328-3673-4434-b575-5b669b4d361d/en.json
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8C9F) /
Resource Hash
9f61195d926688e3fab06954f3556d5652a95527155cebc7fe6ed78c86d44823

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
uMAUSaZyPTnMFanfTA/nHQ==
x-cache
HIT
status
200
content-length
10947
x-ms-lease-status
unlocked
last-modified
Tue, 17 Dec 2019 06:35:25 GMT
server
ECAcc (lha/8C9F)
etag
0x8D782BB4CA2B732
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6eb2f28b-d01e-011f-6127-ba45a3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/5.9.0/assets/ 		15 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/5.9.0/assets/otFlat.json
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8DB2) /
Resource Hash
c01d825e8f03f4125b38f630b84c7a88201c319b4f94e5a6a787cd86b89543f0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
dxOB/be8nmsxf/Kih6JKlA==
x-cache
HIT
status
200
content-length
2826
x-ms-lease-status
unlocked
last-modified
Tue, 17 Dec 2019 20:41:25 GMT
server
ECAcc (lha/8DB2)
etag
0x8D783317BF2D096
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
628e3564-001e-00b8-7e30-ba3a15000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
otPcPanel.json
cdn.cookielaw.org/scripttemplates/5.9.0/assets/ 		71 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/5.9.0/assets/otPcPanel.json
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (lha/8C86) /
Resource Hash
201df1f09a06925738bdd6b40a197399a99e15858adffe922811cd860a48384f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
content-md5
+9LRGZEt/P+m3rIQ34Roug==
x-cache
HIT
status
200
content-length
12674
x-ms-lease-status
unlocked
last-modified
Tue, 17 Dec 2019 20:41:25 GMT
server
ECAcc (lha/8C86)
etag
0x8D783317C5240CF
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
a08c7da1-701e-0070-7544-baab22000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 24 Dec 2019 14:37:32 GMT
nr-1158.min.js
js-agent.newrelic.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1158.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
005414ad9d93e4cb677b5e4f87112b0ff6d3731b414bc425bfa1bb94c99a081a

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-amz-request-id
ACCAA6FC9CC752FB
x-cache
HIT
status
200
content-length
10068
x-amz-id-2
qb8oRyQPV5RWDkM/YaSpwqe1Tk7N9qddW/sEyzaPUyo5r36anYuFHO7Y/HryGZAiK36w5kQo38I=
x-served-by
cache-fra19138-FRA
last-modified
Wed, 18 Dec 2019 00:24:13 GMT
server
AmazonS3
x-timer
S1577183853.761551,VS0,VE0
etag
"0be8452b990e805f60431dce9e0279b2"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
5110
article-2bdb358d8b-rev.js
zdnet4.cbsistatic.com/fly/js/pages/ 		154 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/js/pages/article-2bdb358d8b-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d02d0fb15b57b14b8f4c5a2170247c15d624d66950dfe39f3c75f8a55942058b
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
323155
status
200
strict-transport-security
max-age=31536000
content-length
43855
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 16:33:35 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfcf7df-2669a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 16:51:37 GMT
CBSI-PLAYER.js
vidtech.cbsinteractive.com/uvpjs/0.42.297/ 		1 MB
281 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/0.42.297/CBSI-PLAYER.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
age
2938777
x-cache
HIT, HIT
status
200
content-length
286838
x-amz-id-2
d8jkDu6c6AhaQeQFeT5x6g552xnie/NFkTj45B/SsX6Gth+XvvCnrC79mBvMCK+mmjPRS6xXTZk=
x-served-by
cache-dca17729-DCA, cache-fra19161-FRA
last-modified
Fri, 01 Feb 2019 18:20:56 GMT
server
AmazonS3
x-timer
S1577183853.803199,VS0,VE0
etag
"eb5dd4ed3dcb7641ebbcb604d7ddb038"
vary
Accept-Encoding
x-amz-request-id
92665AED3886FB86
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1, 67773
ads
securepubads.g.doubleclick.net/gampad/ 		197 KB
30 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=842306110267999&correlator=2954443873422985&output=ldjh&impl=fifs&adsid=NT&vrg=2019121002&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20191224&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=7x7%7C5x5%2C1x1%2C728x90%7C970x66%7C970x250%2C300x250%7C300x600%7C300x1050%2C320x50%7C11x11%2C300x250%2C300x250%2C641x321%2C728x90%7C970x66%7C970x250%2C371x771&fluid=0%2C0%2C0%2C0%2Cheight%2C0%2C0%2C0%2C0%2C0&ists=256&prev_scp=pos%3Dnav%7C%7Cpos%3Dtop%7Cpos%3Dtop%7Cpos%3Dtop%26strnativekey%3D8ec3a4f3%7Cpos%3Dmiddle%7Cpos%3Dbottom%7Cpos%3Dtop%7Cpos%3Dbottom%7Cpos%3Dtop&eri=1&cust_params=buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cdata-centers%252Clinux%252Cservers%26tag%3Dransomware%252Clinux%26mfr%3Dgoogle%252Clinux-foundation%26prodtype%3Dlinux%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%26env%3Dprod%26firstpg%3D1%26vguid%3De52c7758-a320-4bba-8959-7d18ad069758%26session%3De%26subses%3D1&cookie_enabled=1&bc=31&abxe=1&lmt=1577183851&dt=1577183852728&dlt=1577183852031&idt=312&frm=20&biw=1585&bih=1200&oid=3&adxs=-12245933%2C0%2C-12245933%2C-12245933%2C208%2C-12245933%2C-12245933%2C-12245933%2C-12245933%2C-12245933&adys=-12245933%2C87%2C-12245933%2C-12245933%2C2151%2C-12245933%2C-12245933%2C-12245933%2C-12245933%2C-12245933&adks=2084717703%2C1214120928%2C1302819243%2C2450669842%2C3127576928%2C2632721793%2C1392068558%2C3410153439%2C1328156193%2C1311327584&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&dssz=49&icsg=2198503424&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x5351%7C1585x0%7C1585x0%7C370x0%7C770x11%7C370x0%7C370x250%7C770x4321%7C1210x0%7C370x0&msz=7x7%7C1585x0%7C688x105%7C300x280%7C770x11%7C300x280%7C300x280%7C641x361%7C728x130%7C371x771&ga_vid=134500907.1577183853&ga_sid=1577183853&ga_hid=1872437316&fws=132%2C4%2C132%2C132%2C4%2C132%2C132%2C132%2C132%2C132&ohw=1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
ff46f02f527d6845ad6933cf983aadde8fc88c4fe8bb3e752698c1f12b167d8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
30409
x-xss-protection
0
google-lineitem-id
5243758003,-2,5050875281,5050864523,5050413510,-1,-1,4745327422,253246569,4825966980
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138297090465,-2,138296767547,138296767763,138289884860,-1,-1,138239368367,138271463540,138247024569
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2019121002.js
securepubads.g.doubleclick.net/gpt/ 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
4c52ed8f9039265ffed7fdca0b967b2624325e6356433f437e044b0dd332cddf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Dec 2019 17:29:18 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24811
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:32 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
/
www.zdnet.com/components/breaking-news/xhr/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ffa163db836c5dfbd95a1b7ef3b769a1e680808ff2d1b4488fa9c796d159abd1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-NewRelic-ID
UQIHWFZXGwIDXFdRAAYDVw==
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
472
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Dec 2019 09:54:24 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 24 Dec 2019 10:37:32 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
8f056d42-91af-4e05-8e42-b73c3354a421
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
accept-ranges
bytes
expires
Tue, 24 Dec 2019 11:24:24 GMT
lilocked-note.png
zdnet4.cbsistatic.com/hub/i/2019/09/06/59f71a57-a27a-4125-873e-d24349fe3307/ 		74 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/2019/09/06/59f71a57-a27a-4125-873e-d24349fe3307/lilocked-note.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d8859d58cb3d699e2e5e2f35d4727c9aee81be81a38eadc070ac9cd8c86cda74
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
72897
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"339d20ee7bb82978c862125775503548"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
lillocked-tor-1.png
zdnet3.cbsistatic.com/hub/i/2019/09/06/6e800528-5298-41b9-a860-196bd13b8971/ 		16 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/2019/09/06/6e800528-5298-41b9-a860-196bd13b8971/lillocked-tor-1.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
c10bfe1ecd369e73d760429f2db94f52487c6d36f8e82255ba3cf6fbd159f221
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
13413
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"4d2356339f13e4b3d5aec55ba88a6019"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
lilocked-tor-2.png
zdnet1.cbsistatic.com/hub/i/2019/09/06/e9618732-44bb-4d9c-be4a-8364a09fa479/ 		34 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/2019/09/06/e9618732-44bb-4d9c-be4a-8364a09fa479/lilocked-tor-2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
500aa465f5664e2d6fbdb9fcbde1900d4f1ecfc924dc7073567b62e7c605d0bf
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
31465
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"6dc876e513f15999edb45e390a906ee9"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
lilocked-search.png
zdnet1.cbsistatic.com/hub/i/2019/09/06/c8b4ccf1-9a84-48c3-b42e-396b885c48e1/ 		37 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/2019/09/06/c8b4ccf1-9a84-48c3-b42e-396b885c48e1/lilocked-search.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ca3e451f3858b9bf8761640362df506b91489aeaaf5ca75acdc60ed0a90c7857
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
36280
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"16eec7a9b0948c3688f6c222430b0784"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
image-gallery-modal-70b4a7e7f7-rev.js
zdnet1.cbsistatic.com/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/components/image-gallery-modal-70b4a7e7f7-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
60155554674635d5cea4d717c6d8d0d5891258dc00db4427a94dec6c27f36c52
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
313253
status
200
strict-transport-security
max-age=31536000
content-length
1923
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:32:28 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd13bc-13f9"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 19:36:39 GMT
industroyer.png
zdnet3.cbsistatic.com/hub/i/r/2019/07/08/352e9411-0746-4aac-a8d6-e599794dceb9/thumbnail/170x128/f24741ef141bba7f096977bb9c6b0106/ 		14 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/07/08/352e9411-0746-4aac-a8d6-e599794dceb9/thumbnail/170x128/f24741ef141bba7f096977bb9c6b0106/industroyer.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
155935e0a93c8ec455550b190009b63e38f69b99ba20dbdc3da5dfe1271b89b7
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3270900
status
200
content-transfer-encoding
binary
strict-transport-security
max-age=31536000
content-length
13712
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"042aec9e604155f2f06c0a16c5f9ba06"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
duqu.png
zdnet2.cbsistatic.com/hub/i/r/2019/07/08/1ed9a71d-b11e-4d38-a0a2-99435566bae2/thumbnail/170x128/5a7daabbc85ec370c59be15784b36c7d/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/07/08/1ed9a71d-b11e-4d38-a0a2-99435566bae2/thumbnail/170x128/5a7daabbc85ec370c59be15784b36c7d/duqu.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
b105bb3b88371b52236270b355f1657b62bcebb2141a2e67fd6439bf981b1d99
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13029584
status
200
content-transfer-encoding
binary
strict-transport-security
max-age=31536000
content-length
27423
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"0e31fe01bd51d1368eb9c4d9a3e4284e"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
plugx.png
zdnet2.cbsistatic.com/hub/i/r/2019/07/08/a805a835-0a4d-45ad-8c6d-d744d5361b46/thumbnail/170x128/c160c0514b3910ddde37693cc246d521/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/07/08/a805a835-0a4d-45ad-8c6d-d744d5361b46/thumbnail/170x128/c160c0514b3910ddde37693cc246d521/plugx.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
8f3c628048bb8f1f65090540cef37dedb3da8c58713b2d76710c87c9060edde0
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10228557
status
200
content-transfer-encoding
binary
strict-transport-security
max-age=31536000
content-length
5998
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"fa3060edb66e6ff4507886f9912e1ab9"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
winnti.png
zdnet4.cbsistatic.com/hub/i/r/2019/07/08/f0220f04-31c8-4d17-873a-f66e9c1bc390/thumbnail/170x128/7b5b52260c5a6750883cde914d0499a3/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/07/08/f0220f04-31c8-4d17-873a-f66e9c1bc390/thumbnail/170x128/7b5b52260c5a6750883cde914d0499a3/winnti.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d888280a72edc651af08047011eef087b2bc4d09580f91de2ffe09e22a52bdf0
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7196365
status
200
content-transfer-encoding
binary
strict-transport-security
max-age=31536000
content-length
26341
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"085041a0a9f34e2125087d2c53fe6291"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
uroburos.png
zdnet2.cbsistatic.com/hub/i/r/2019/07/08/b570b615-9755-48fc-a1b7-9ddb157e021a/thumbnail/170x128/c31da214d08ede8f4beb192154400d59/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/07/08/b570b615-9755-48fc-a1b7-9ddb157e021a/thumbnail/170x128/c31da214d08ede8f4beb192154400d59/uroburos.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
0b02d7a500ed96bb84b65bbcb27ee8524a12424170a0f02aa8a0e4604df3d086
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2711546
status
200
content-transfer-encoding
binary
strict-transport-security
max-age=31536000
content-length
12240
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"d9dbc51dc534921589adf460c85cd824"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
disqus-loader-8e759b9d3c-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		1 KB
722 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/disqus-loader-8e759b9d3c-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
0b2b82ba31f5d420a68664c3d7276effda59946d491a56236c1fbfe358fcbe79
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
425170
status
200
strict-transport-security
max-age=31536000
content-length
636
x-xss-protection
1; mode=block
last-modified
Mon, 16 Dec 2019 17:50:05 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5df7c3cd-576"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 26 Dec 2019 12:31:21 GMT
magellan.png
zdnet3.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/70x53/0585713e0eb3d9127daffd1681862dc3/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/70x53/0585713e0eb3d9127daffd1681862dc3/magellan.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
8c76886faa513840f447f579b3534ffcfcc59c1e55597b27d90b246a66df0345
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19331
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
7639
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"440e7c3eb9bbcd4c33c3535354a51605"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
russia-data-center.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/70x53/05c65cca8bfe9c74ad50ec610b58094c/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/70x53/05c65cca8bfe9c74ad50ec610b58094c/russia-data-center.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
233b77b67f146b7262ae381a567da517603d5a372a3dfe1e46c49149cb865c83
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47269
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
3646
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"18a010d2a9813e91907ce88cd9143fdf"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
rsa-passcode.png
zdnet3.cbsistatic.com/hub/i/r/2019/12/23/7f4daeb8-829a-45e5-8a4d-c7a3bbcfc130/thumbnail/70x53/f9a4d1b4d5b43b5c6fe92855070bc0e4/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/12/23/7f4daeb8-829a-45e5-8a4d-c7a3bbcfc130/thumbnail/70x53/f9a4d1b4d5b43b5c6fe92855070bc0e4/rsa-passcode.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
916ede50bb202623c667295d0409eb9e3535c965679a36ce567c0d1c54ba7649
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
101718
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
6345
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"498f2c21688f6451d9f5fd09d53edda7"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
apple-logo.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/12/20/5f637463-4a1c-4013-86c9-1273955d9ce4/thumbnail/70x53/6b716c44f0342fe17f1c22e46fb30a5e/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/12/20/5f637463-4a1c-4013-86c9-1273955d9ce4/thumbnail/70x53/6b716c44f0342fe17f1c22e46fb30a5e/apple-logo.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
1d1e2a76dd121a407c23c68978927572be31c47476e07c4abcfaaf1f44789832
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
296717
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
4447
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"6fd6b030c6afec018415662d0db43f9d"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
/
www.zdnet.com/newsletter/xhr/widget-login/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
23d25ff8f81a3162113427184ab6ec47e754500148704320929cd274c01b8174
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-NewRelic-ID
UQIHWFZXGwIDXFdRAAYDVw==
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
755
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 24 Dec 2019 10:37:33 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
8d72fb70-a024-43c3-ba9f-37f0b43ff954
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Tue, 24 Dec 2019 10:37:33 GMT
front-door-carousel-56427878d9-rev.js
zdnet1.cbsistatic.com/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/components/front-door-carousel-56427878d9-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
5ecc6a93ec2939faa8dbf80084346c7d940f5a2181ee69343810da52902eb92d
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332268
status
200
strict-transport-security
max-age=31536000
content-length
1564
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 15:26:21 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfb969d-124a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 14:19:45 GMT
magellan.png
zdnet2.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/170x128/fa288cc9118f9999d4944835e4b2fef2/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/170x128/fa288cc9118f9999d4944835e4b2fef2/magellan.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
1730a685ed74811d4594ae30acdc9ded489bf647e8eb707c6d3110c65bdc20a5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
19361
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
41286
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"151a8f24e6f9888bcb8745330c3dd7d9"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
russia-data-center.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/170x128/a300f917cd1d0f1953a06d82ca22f247/ 		8 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/170x128/a300f917cd1d0f1953a06d82ca22f247/russia-data-center.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
76a8c10e18b97bf1fcbb62af379ce300633f83462df2912bc613158df7837829
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47320
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
7194
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"995693c15f439e3d189b06e89d145dd5"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
pixel_50b4e13a
www.zdnet.com/akam/11/ 		0
571 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/akam/11/pixel_50b4e13a
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

X-NewRelic-ID
UQIHWFZXGwIDXFdRAAYDVw==
Origin
https://www.zdnet.com
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:32 GMT
status
200
vary
Accept-Encoding, User-Agent
content-type
text/html
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
0
expires
Tue, 24 Dec 2019 10:37:32 GMT
magellan.png
zdnet3.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/70x53/0585713e0eb3d9127daffd1681862dc3/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/70x53/0585713e0eb3d9127daffd1681862dc3/magellan.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
8c76886faa513840f447f579b3534ffcfcc59c1e55597b27d90b246a66df0345
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19331
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
7639
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"440e7c3eb9bbcd4c33c3535354a51605"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
rsa-passcode.png
zdnet3.cbsistatic.com/hub/i/r/2019/12/23/7f4daeb8-829a-45e5-8a4d-c7a3bbcfc130/thumbnail/70x53/f9a4d1b4d5b43b5c6fe92855070bc0e4/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2019/12/23/7f4daeb8-829a-45e5-8a4d-c7a3bbcfc130/thumbnail/70x53/f9a4d1b4d5b43b5c6fe92855070bc0e4/rsa-passcode.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
916ede50bb202623c667295d0409eb9e3535c965679a36ce567c0d1c54ba7649
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
101718
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
6345
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"498f2c21688f6451d9f5fd09d53edda7"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
russia-data-center.jpg
zdnet2.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/70x53/05c65cca8bfe9c74ad50ec610b58094c/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/70x53/05c65cca8bfe9c74ad50ec610b58094c/russia-data-center.jpg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
233b77b67f146b7262ae381a567da517603d5a372a3dfe1e46c49149cb865c83
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47269
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
3646
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"18a010d2a9813e91907ce88cd9143fdf"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
apple-logo.jpg
zdnet4.cbsistatic.com/hub/i/r/2019/12/20/5f637463-4a1c-4013-86c9-1273955d9ce4/thumbnail/70x53/6b716c44f0342fe17f1c22e46fb30a5e/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2019/12/20/5f637463-4a1c-4013-86c9-1273955d9ce4/thumbnail/70x53/6b716c44f0342fe17f1c22e46fb30a5e/apple-logo.jpg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
1d1e2a76dd121a407c23c68978927572be31c47476e07c4abcfaaf1f44789832
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
296717
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
4447
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"6fd6b030c6afec018415662d0db43f9d"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
36c1ca5070
bam.nr-data.net/1/ 		57 B
261 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/36c1ca5070?a=138637741&v=1158.afc605b&to=NV1TZ0MHXxUFWxBYWQwXcFBFD14IS1kWRV8BVFRsQg9fAQhd&rst=2479&ref=https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/&ap=1092&be=1677&fe=2299&dc=1887&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1577183850361,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:2,%22c%22:2,%22s%22:22,%22ce%22:88,%22rq%22:88,%22rp%22:1668,%22rpe%22:1733,%22dl%22:1670,%22di%22:1844,%22ds%22:1888,%22de%22:1888,%22dc%22:2299,%22l%22:2299,%22le%22:2307%7D,%22navigation%22:%7B%7D%7D&fp=1756&fcp=1756&at=GRpEEQsdExIcZw1VFFgaV1YBUFNWVQtJBgZVDhwHAAJUS10LV1IbBl5QAgkDCFNUDwYDFE4aRVxBD1IoBVUBEwxAS1RQRBRYEh1EAFBCAxhSVl8SVBQXRAhYWBdATUBUFEcDFktGHRQDSkVaUgpUMh1IARMMQFteXUUDXxI7WRZFXwFUVBEdRFMTHVEKVnUbW11WE1wTAg1LB15AB0oTHxMCVBANWwFlTxJdEwkTAlQVD0wLQRROGlNfXgF4AkYCRlNQAVtVVwNVHAMADAUcB1NdAh4IU1VUSQhWCAdTAAcABlAEA0YURkFXBV1lSkEDE1xGWRZFXwFUVBEdREUJFFEHeFJAAhMCAFVSVFFaUhxTAQEAHgBXVFVJAVFVBE8IAwoAVwlQVw9SBFMeCQEBBl9QBFQVAVIPUxUAAlRVHF9RXFYcBlABAAIJUAJRUg0BTQdSWgNSBQBQSwFbXQAbUwlUABxfBAJWFVQDD1MJCQUCUQdTAURVAAUHAFUHCEtUBV0JSQAHBwscCgQCA0tUCl0AB1oOAgQHU1RESBoRQ1pAAhNbRRJBFV5kS20ZFU9GHUsCXwMQFgdeWz4XUEFFD1IKAWRLRV4NTUJSXwJCSwteSUJTEE5UQUJLWAgCXQdFUwYVRlpFDhwIAU9JXV8OV1JYVAIcCg1UERxEA1ZCXFwRUBQBZEsTS04aUBELHUwb&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1158.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/javascript;charset=ISO-8859-1
Content-Length
57
Expires
Thu, 01 Jan 1970 00:00:00 GMT
russia-data-center.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/170x128/a300f917cd1d0f1953a06d82ca22f247/ 		8 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/08/30/85c50ec7-69c1-467a-ba9d-1e82359ce852/thumbnail/170x128/a300f917cd1d0f1953a06d82ca22f247/russia-data-center.jpg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
76a8c10e18b97bf1fcbb62af379ce300633f83462df2912bc613158df7837829
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47320
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
7194
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"995693c15f439e3d189b06e89d145dd5"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
magellan.png
zdnet2.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/170x128/fa288cc9118f9999d4944835e4b2fef2/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2018/12/14/6de8b433-160d-4c29-a5fc-04e2545f4ec3/thumbnail/170x128/fa288cc9118f9999d4944835e4b2fef2/magellan.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
1730a685ed74811d4594ae30acdc9ded489bf647e8eb707c6d3110c65bdc20a5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
x-content-type-options
nosniff
age
19361
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
41286
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"151a8f24e6f9888bcb8745330c3dd7d9"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
show-hide-1.0-7dc26ff326-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		2 KB
813 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/show-hide-1.0-7dc26ff326-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
f92514f4e39c16da9037f964148a09a79419744b77d611860ffc81c86aeace0a
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
433429
status
200
strict-transport-security
max-age=31536000
content-length
710
x-xss-protection
1; mode=block
last-modified
Mon, 16 Dec 2019 17:50:05 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5df7c3cd-7a5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 26 Dec 2019 10:13:43 GMT
lillocked-tor-1.png
zdnet3.cbsistatic.com/hub/i/2019/09/06/6e800528-5298-41b9-a860-196bd13b8971/ 		16 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/2019/09/06/6e800528-5298-41b9-a860-196bd13b8971/lillocked-tor-1.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
c10bfe1ecd369e73d760429f2db94f52487c6d36f8e82255ba3cf6fbd159f221
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
13413
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"4d2356339f13e4b3d5aec55ba88a6019"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
lilocked-search.png
zdnet1.cbsistatic.com/hub/i/2019/09/06/c8b4ccf1-9a84-48c3-b42e-396b885c48e1/ 		37 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/2019/09/06/c8b4ccf1-9a84-48c3-b42e-396b885c48e1/lilocked-search.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ca3e451f3858b9bf8761640362df506b91489aeaaf5ca75acdc60ed0a90c7857
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
36280
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"16eec7a9b0948c3688f6c222430b0784"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
lilocked-tor-2.png
zdnet1.cbsistatic.com/hub/i/2019/09/06/e9618732-44bb-4d9c-be4a-8364a09fa479/ 		34 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/2019/09/06/e9618732-44bb-4d9c-be4a-8364a09fa479/lilocked-tor-2.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
500aa465f5664e2d6fbdb9fcbde1900d4f1ecfc924dc7073567b62e7c605d0bf
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
31465
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"6dc876e513f15999edb45e390a906ee9"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
lilocked-note.png
zdnet4.cbsistatic.com/hub/i/2019/09/06/59f71a57-a27a-4125-873e-d24349fe3307/ 		74 KB
71 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/2019/09/06/59f71a57-a27a-4125-873e-d24349fe3307/lilocked-note.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d8859d58cb3d699e2e5e2f35d4727c9aee81be81a38eadc070ac9cd8c86cda74
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
content-transfer-encoding
binary
x-image-exists
1
strict-transport-security
max-age=31536000
content-length
72897
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"339d20ee7bb82978c862125775503548"
vary
Accept-Image-Webp,Accept-Image-Webv
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
view
securepubads.g.doubleclick.net/pcs/ Frame 3C16 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu1lw5JN12dYchotBUCqg-sFGHfYNzpolShF-OcdYaEpZtmexWYniCAIgi_lquJTrSRoKcBF563q7FVtaY5RKk1wwfk-3lptvs6ipMBO9_TpALo1DF2vf5MWk58ecW0I6hLWLiLv5OXZzrlXDGCkuy86SR_dKrrrHb4QiTUA0ZmeS5DSDeIMVAju8WcQkLdOipJb38jeE5-g4X0Au379sqAwWt2FT5DLdcLXMNQOiVpKc0ISy0zSfqU9qUIUoSmOMX6Bm5xCio3qPg8vQ&sai=AMfl-YTSaUVK7w1w9uHDluyd8u6UHDIeO5rzZdIuN9mckh1zp1aBw5Du0DgcwVbc71hDnBRcwtsypD0Mm3yyIqQpq3fwnorr7zE3fuuC7D9-&sig=Cg0ArKJSzJmNeKv1luBHEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
ad.js
clipcentric-a.akamaihd.net/ad/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/ Frame 3C16 		129 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://clipcentric-a.akamaihd.net/ad/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/ad.js?q=1575463714
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.73 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-73.deploy.static.akamaitechnologies.com
Software
Apache/2.2.34 /
Resource Hash
daf42032fb06c4234f0d4ed4a50a835bd11c76de3418e47028f52c358c4b7fe0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
last-modified
Wed, 04 Dec 2019 12:48:40 GMT
server
Apache/2.2.34
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3600
content-length
40914
moatad.js
z.moatads.com/the7starsukdcm304326999093/ Frame 3C16 		272 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/the7starsukdcm304326999093/moatad.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f8382dba15bcd7dfa87dea2054dd80f24c1a72334998edc12533adc753ec93c8

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 16:31:02 GMT
Server
AmazonS3
x-amz-request-id
D19675036281B1AC
ETag
"4f29288d6c371643e4da5431afec9faf"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=58758
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
93890
x-amz-id-2
d7S/XfWKmcbTWB8t4junA71086CE8Su9gjJV9Gm5jRIcjg+FkrW5mMZYsLzlaEmL3YcG5gC0hGM=
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 3C16 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 3C16 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
osd.js
www.googletagservices.com/activeview/js/current/ 		78 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29463
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 4591 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstIs6N5Te774fP_3XtHlIa_dzgtE0qzoh7rjxu6E_mVx5m_S8lp2TSUc4o-KX0R0uxj59-z_Gmwm6iJrzzJawdDiJFJ_H6B9Jv9FgJeeMcJbGvzQYubLaaPTVVRU7E2MFp_CAv8npfZAZphHSXCinJGQTkW4cTi9gHYyVXl1WxfhTv46m8I9FJEjn-KSQLvOrop7sIdAw7n4DLrKX-wIdS7SeUxXERq3kcimaDJsCHyp7HPXc7HLnnKAecsgt16jy_DqcLO5YS5&sai=AMfl-YReJ7iXyW3fyA56u2EuAsYRhhyrkbzJl3oejXWQCJR6tqrCQbzPT5DJkIo0C4xGy8FGyHiD3B2cVIGtgzOeIKYO26MKkK1upNKwNcrS&sig=Cg0ArKJSzBjpca62ilDnEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
beacon
tag.researchnow.com/t/ Frame 4591 		42 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.researchnow.com/t/beacon?adn=20&ca=2535697826&cr=138296767547&did=&ord=1241411020&pl=5050875281&pr=284260&si=zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.91.215 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-91-215.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Thu, 11 Dec 2014 18:19:06 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Tue, 24 Dec 2019 10:37:33 GMT
bsi.js
z.moatads.com/pbb847483933/ Frame 4591 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/pbb847483933/bsi.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
174e26ff55a3395101cf44239a5ed2a9ac53130012ebcb53efe34cc54d15b9b5

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 14 Feb 2019 07:24:10 GMT
Server
AmazonS3
x-amz-request-id
AD6012F4BEC7F1F0
ETag
"152c53a87d0d4f7068634a46bd400b0e"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=61585
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10400
x-amz-id-2
YD1lYWJP7AyTxq0BLGE1hxNjmt8ht6XjLBw1DfJV0TPtMot8mbD4/upopWdK/CwXsIMjxwfmii4=
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 4591 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 4591 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
view
securepubads.g.doubleclick.net/pcs/ Frame 0A35 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssbrmvqjzSEmqWtdUt8bWjEDKDiUwzRKjmlK1Y0IA3yNUFRWnx_HPYzDSlmTHdIa2neaXUdncaW96sQ01DY2r0suZrFk4UCKbI4GjjXRi82zTAYxkj5pBdWBJARGvha8Oqzc-3ncC4lQ2-JVy6aTPczSBk0oKeDaGbxXDCezpRYerQdwwFxqVWKw3-yaDBC_-JDPkAqS7hzvMFRgkkNqod_xsTX5ux83Vdcbd6A6K01p-sRay4lvN0ydlodM2AeqJJawQYV54KK&sai=AMfl-YRGSPnQgXH0f9aorrt2WBYsSIkOVYlF3rjnKrjTDDlbnTkbzaCpZl4rglRS2Nwvw6uiKSmqnKgFnyOq5WfkWPT-CO8cornfUE8p5PUd&sig=Cg0ArKJSzBX6N0vM9WtrEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
beacon
tag.researchnow.com/t/ Frame 0A35 		42 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.researchnow.com/t/beacon?adn=20&ca=2535697826&cr=138296767763&did=&ord=324678889&pl=5050864523&pr=284260&si=zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.91.215 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-91-215.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Thu, 11 Dec 2014 18:19:06 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Tue, 24 Dec 2019 10:37:33 GMT
bsi.js
z.moatads.com/pbb847483933/ Frame 0A35 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/pbb847483933/bsi.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
174e26ff55a3395101cf44239a5ed2a9ac53130012ebcb53efe34cc54d15b9b5

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 14 Feb 2019 07:24:10 GMT
Server
AmazonS3
x-amz-request-id
AD6012F4BEC7F1F0
ETag
"152c53a87d0d4f7068634a46bd400b0e"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=61585
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10400
x-amz-id-2
YD1lYWJP7AyTxq0BLGE1hxNjmt8ht6XjLBw1DfJV0TPtMot8mbD4/upopWdK/CwXsIMjxwfmii4=
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 0A35 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 0A35 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
B23395875.258480865;dc_pre=CKroz9qLzuYCFQ6-dwodv7gKoA;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/ Frame 3C16
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/B23395875.258480865;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;...
  • https://ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/B23395875.258480865;dc_pre=CKroz9qLzuYCFQ6-dwodv7gKoA;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;...
42 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/B23395875.258480865;dc_pre=CKroz9qLzuYCFQ6-dwodv7gKoA;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.198 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f198.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N207803.150723CBSINTERACTIVE/B23395875.258480865;dc_pre=CKroz9qLzuYCFQ6-dwodv7gKoA;dc_trk_aid=454255422;dc_trk_cid=123273093;ord=2085580658;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E93F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZ0o1GvKpXjT9fP2NU-nKEk4e07O0AwgPemoV-OJBJw9Ur3krJIDn6Q1ujv-kBX26jgnXZjih79lrLjSim32USV56hYvm_B4ixFJUXdOv5XbsXq9O2gHap8_0dxbpMMnc7j_0eG7LwTrDUYZ_gKjs7pTTlaCzAFKavNdWPl_uiW9ShdetNWCh9ARkiAJTttYR-rXssVSvU0Fihkos78ZyT-qk-PjQW-O-6FOY11xw-sGW9qwdBJLXIsaolMUKICN2lwZDvmRsye-Zd1g&sai=AMfl-YTmtRig8nUSfQpkOm917dcr9hNr-Bu04f8tzxC9BmwZ2yzZUAsD8SrRVdQxehMVet_IKbmZ7-pIKZ08oKwU3dFHg_UHzbUHCuAKu09Y&sig=Cg0ArKJSzJWHbB_RV_O7EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
sfp-set-targeting.js
native.sharethrough.com/assets/ Frame E93F 		42 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://native.sharethrough.com/assets/sfp-set-targeting.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.127 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-127.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6033ab56a705519e380da5ab4bbea72f26899ecea7e62f51be86ba9796b57029

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 09:50:09 GMT
content-encoding
gzip
last-modified
Fri, 20 Dec 2019 20:55:00 GMT
server
AmazonS3
age
2844
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=3600
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
Nykxhl_DfYkrzKDn_PoIho-QoPSVIX315ZaOaKEZJ9ihqFk5As1Tgg==
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame E93F 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame E93F 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
amp4ads-host-v0.js
cdn.ampproject.org/rtv/011912050130240/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b0e077c071d8cadd7f559a3bfba9b136c071a5a0bc7cb6d952171b5f427cfa11
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
13365
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7140
x-xss-protection
0
server
sffe
date
Tue, 24 Dec 2019 06:54:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d61e8113ad0598ef"
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Dec 2020 06:54:48 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/011912050130240/ Frame 1C29 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0289758c8c964fbe0ec421527203b54fa728f037f3e023b002691158c82d7f98
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
47924
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55703
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 21:18:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5d665c0313f255e6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 21:18:49 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 1C29 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b388700842c722b76892ae257a262436a354966566be5fc2fc06dcb7a006d49d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63759
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5590
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 16:54:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"725cf1b04be851c6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 16:54:54 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 1C29 		152 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ab99b94ce42722a9b966906754075df92c870cb9ff1aa1c48920008806079153
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
47921
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41415
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 21:18:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66b88e0b1300c1e3"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 21:18:52 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 1C29 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
627128aa43dc242642c6d678f53ebface174b2a3a3de58522b644fd5c61c5f67
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63764
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1398
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 16:54:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"0b9648fcbc3c015a"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 16:54:49 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 1C29 		45 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
816ec7f0b489b0fd32872606d9458c49ac0d3f3fcbb901bd0a38f797d2eb14b1
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63794
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14335
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 16:54:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"e120bec091dd60ce"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 16:54:19 GMT
css
fonts.googleapis.com/ Frame 1C29 		4 KB
677 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 24 Dec 2019 10:37:33 GMT
server
ESF
access-control-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
truncated
/ Frame 1C29 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cccbec95190851c8da73ae529a5ddcff2ebd012633dc02324e963703c6720508

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/011912050130240/ Frame 6F9A 		200 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0289758c8c964fbe0ec421527203b54fa728f037f3e023b002691158c82d7f98
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
47924
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55703
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 21:18:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5d665c0313f255e6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 21:18:49 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 6F9A 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b388700842c722b76892ae257a262436a354966566be5fc2fc06dcb7a006d49d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63759
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5590
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 16:54:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"725cf1b04be851c6"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 16:54:54 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 6F9A 		152 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ab99b94ce42722a9b966906754075df92c870cb9ff1aa1c48920008806079153
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
47921
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41415
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 21:18:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66b88e0b1300c1e3"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 21:18:52 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 6F9A 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
627128aa43dc242642c6d678f53ebface174b2a3a3de58522b644fd5c61c5f67
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63764
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1398
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 16:54:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"0b9648fcbc3c015a"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 16:54:49 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011912050130240/v0/ Frame 6F9A 		45 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011912050130240/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
816ec7f0b489b0fd32872606d9458c49ac0d3f3fcbb901bd0a38f797d2eb14b1
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
63794
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14335
x-xss-protection
0
server
sffe
date
Mon, 23 Dec 2019 16:54:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"e120bec091dd60ce"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Dec 2020 16:54:19 GMT
truncated
/ Frame 6F9A 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
49c2b87b19da4c288fec3db1a0a320b94665f96641ff40ed0ef39f8b14eea134

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 1A2B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPSXdKSMyFEm-At2NCzVGSFidq4c18VKLrfGnhxr_YgBo16l0aUz5QLr2jAC39vR221vruEIBPYj-R2goBeEWv5l8FJKzyedCfqalfDE5WSWh4UArrD64FEP7-l-F5ERyM0YNx0JTzC2S82Yw4TlPnf2KQ20UtAYIReDbKIwQWp7hM9E-1u20a6Trt50jzER57x3QiyigqAxoUM0c0ZrKofiol30jpC14u5jW7FkdTcsZVzFvfRrVumxZJqIjXPhwKIZdHybge&sai=AMfl-YSyZvhyo6Vc7I1pYdTXIKO8riemSGkBGkHtLab-ZgFsmkKjJz3rh_Oyf6vYqiit8iI2wd0E_c9cEL8DC64_k8ts5WzU2uadBOtQd9IT&sig=Cg0ArKJSzKnzexa2BYy6EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 1A2B 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 1A2B 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
view
securepubads.g.doubleclick.net/pcs/ Frame 7B16 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNQ5MDmSHY2sCX-AoS8IaT3GvBjV4yJH6P_qSI-4-KheRc-G97kyqWIR94ZKbCpXsiT-a6oVjtYQWfRI6U4_ZdpIjSZAs6CoJ1vGfipgHu_DpQqqhcxHmf1nzatzeSk7bQfYQccWzshKJA9h-liuhWDskF2jMfXHI93K-R8qLhrREOo2hcdvAQvPf2NqB-h1y2VnAkUMz_EHK9tvmsqba3AjHFjseCfHlIuwfU8qLCOodkdzur0zE5cIcio9m6VY1LTwI&sai=AMfl-YRZn14yzNp7mkBxMRvyyKN-knlxCXhL4p2w2csB94O7h5DnOyeFr6jt7gByjR1soueRe6yvXEo4xv6pAvmiEzsRVeA5J2n0nUG0II7S&sig=Cg0ArKJSzCGpVH5dz_eMEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
9818.js
ads.rubiconproject.com/ad/ Frame 7B16 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rubiconproject.com/ad/9818.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.38.84 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-38-84.deploy.static.akamaitechnologies.com
Software
Apache / PHP/5.3.3
Resource Hash
9c3c4cff97345d34610704580b4634771d2ec0f8f7c640e510e3d830e4a4ea0a

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=2147
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
8784
Expires
Tue, 24 Dec 2019 11:13:20 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 7B16 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 7B16 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
view
securepubads.g.doubleclick.net/pcs/ Frame 49AE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvAvuF6GSq8q7zikC4VgsrTjCZgye6-Ar5pOIFX7S5aKCNJfAvlboXcf5Bh5eOL6W_6f4jYTQzwJ2GAlW8O19fHDGg0_Ld0eJnIMdZSsOQYAz9Mfp5E9V10IXXUsFokTnjYXNAQsfTafM2hAe31-l-beDOfj6mt6IqoNKO6u2Cpz6ACF9SG2Lv74SQt3KS5RJsLhn7yRfbJOOC7p_FyFRZY-wvCcGnixATdyOG3P90enaGADLo3hikVcpj-pJjw9vD_Mj4EBdlq&sai=AMfl-YTfYXqmGPwwaDhs7HlwGTcexj8_78R9pp_Sx_j9pIqNPp0HkOCqp5Q84VEFW962CGmBwKYxUOagB0m7CQi7DgOamXQDdy4oNCdotTox&sig=Cg0ArKJSzDVOyg1HVcL0EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
adKit.min.js
rev.cbsi.com/common/js/ Frame 49AE 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rev.cbsi.com/common/js/adKit.min.js?99606090
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.249.64 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-249-64.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 May 2019 18:29:20 GMT
Server
Apache
ETag
"e524dc608d5c7c30eef57b6ed95dc6a8:1557772160"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2149
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 49AE 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 49AE 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50839
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1C29 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 23 Dec 2019 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
84515
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 24 Dec 2019 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 1C29 		295 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 23 Dec 2019 11:08:48 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
84525
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 24 Dec 2019 11:08:48 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 1C29 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=Ckj5abOoBXsOMNcTg7gOi572AAo7f2MNYj7vl-_UKwI23ARABIMyRriJgu76ug9AKoAGGo7qeA8gBAakCJwzkBdS3tT7gAgCoAwHIAwqqBKMCT9AOot9Yse-mN_nzEIjrDTJtSMMMSNJ_leq5noVkDf5uoqTYny58OLfjjXJNCJ3PQeUt1hsE8d9X5yDD1Nug0spng8ft6jaB6ONxR50GGZsmxwN09u1LZyzia8z1WRA60E9B0XKE7jF2LmM0erXNXRK8ol_2I8rgS_cTzQpH1_-SM2jgZI-w1brJrEH6SBEryIYpbP60bJCWnnrVCC_ZLyV-IHMdMIYtJ26pqmApiOQIJ6TqfIuOs_86clTdDoL6WkX8naYHR6epuvOl7h9SXQVu3lnfC7Xj5ERLBiNCF4FcmxQ-NZMhTGwFfr5qmMBMqYiMPIhnQdWYVDaGwrYwstuCUZsZt8WkNIRxq5Ge1WdcAs93_v5o6cbpHTiq2WTTqSKFwATBod-jmwLgBAGSBQQIBBgBkgUECAUYBKAGUYAH4tzFYagHjs4bqAfVyRuoB5PYG6gHugaoB_LZG6gHpr4bqAfs1RvYBwHyBwQQpvwF0ggJCIDhgHAQARgdgAoDyAsB2BMK&sigh=hUmpfGdM7Dw&tpd=AGWhJmtRYScuQhewPDdB0wWEakE0GJX8MFoPX76sZpesHkpybw
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
7076473276960504037
tpc.googlesyndication.com/simgad/ Frame 6F9A 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/7076473276960504037?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlIenO-VYi3Bwn5fg4wn14xDZHtUg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9effdf7fbd2e150dc990601de0e0c50ce0c860e42b456cb2974591f6202e4e4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 16 Dec 2019 16:52:32 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Apr 2019 08:29:39 GMT
server
sffe
age
668701
content-type
image/png
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
26353
x-xss-protection
0
expires
Tue, 15 Dec 2020 16:52:32 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F9A 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 23 Dec 2019 11:08:58 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
84515
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 24 Dec 2019 11:08:58 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F9A 		295 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 23 Dec 2019 11:08:48 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
84525
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 24 Dec 2019 11:08:48 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 6F9A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C2CKobOoBXsSMNcTg7gOi572AAoq1-L9and6E8ZwKyMKWy48OEAEgzJGuImC7vq6D0AqgAd3f68sDyAECqQLzaStB8janPuACAKgDAcgDCKoEpQJP0CNMb-QymIheg-KJ_1HHiwZ9FXaeBCAxljmi_YYgJPgSfbADCEmSabRexNkpNlnSX0xpBwx9AVBzLiyb45su06mDC5vegI1-OdhFzNfLJDo8h8Fx83e8yvJvC1m8YKaUKXaZMfZb3wy1GmeRHBhBKZ3O_twMFWpC2Rtgg-aG4FpFTU7s2QWqEtzWUA-W2qKroXzMZUpPaGMK2veFy3ZtX7RLwXS8nzxge6SbNuqdd_9b8tAS-dSLBisvWA73cTwbGWUUdjh7T6o-YxVW8lLr_EYG7hracbjMmdmpw-_26eY5YziC9_vK7MnBpCYYIIP3fFwihdVlkk-arsxtKKlYlcjMZSHc7ZBEKcuPLDYAFaMr7kidSyXsVzb-285lVVpdHNWBMcAEqMjX_v8B4AQBkgUECAQYAZIFBAgFGASgBgKAB4uglDSoB47OG6gH1ckbqAeT2BuoB7oGqAfy2RuoB6a-G6gH7NUb2AcB8gcEENGGA9IICQiA4YBwEAEYHYAKA8gLAdgTCw&sigh=fOkHLBxIZKQ&tpd=AGWhJmuBlS9u0A191K3dl03CkWTqx1-Z_oaJQqx1zbgsanhenA
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
truncated
/ Frame 3C16 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b90c28b659560cba494ae3519975f5916adc948935bc3d8298af16f43fe9c5d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 1C29 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.zdnet.com

Response headers

date
Thu, 19 Dec 2019 18:22:41 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
404092
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 18 Dec 2020 18:22:41 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 1C29 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.zdnet.com

Response headers

date
Thu, 21 Nov 2019 15:36:21 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2833272
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 20 Nov 2020 15:36:21 GMT
a.js
mb.moatads.com/ Frame 4591 		236 B
410 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/a.js?callback=MoatHandleJsonpResponse_56215255&confidence=2&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&level1=22814289&level2=1162211&level3=249203970&level4=124498635&pcode=essenceukeedcmdisplaybs475485114131&tv=f972331-clean&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23y%2Ca%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)WxX*C%24%3D!L2I%5EKm3M(I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBeBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9ThFF3dOKBCBBxBBBBBBBfBz1BD7fB4BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/pbb847483933/bsi.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.178.93.243 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-178-93-243.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
0be7c0b1357082908dcda5b85ad66c0bfcaa634a0398d7076d8302e8c6aa3b8e

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
server
TornadoServer/4.5.3
etag
"3aa9752b70b40be45e62d87f3c5ac4772b4a70f6"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
236
a.js
mb.moatads.com/ Frame 0A35 		238 B
412 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/a.js?callback=MoatHandleJsonpResponse_30642738&confidence=2&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&level1=22814289&level2=1162211&level3=249203952&level4=124498647&pcode=essenceukeedcmdisplaybs475485114131&tv=f972331-clean&ud=undefined&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D*vOJ%23_%3DNoUA%5DRgBU_Gr1%3E%3AHuFTn%3ADXqJHZ%3BR%23y%2Ca%2Bho8bYLaXBjA%3AmQ)%3CF!tAbjrzJ%3BgoVYGVxc%40lQQV%23tc3%2Fh%7C%3FVKV%3BW5.NO)WxX*C%24%3D!L2I%5EKm3M(I1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&is=voqBBkBBy4HhBBwBBBBJjBRCqUCY3CTCB6BXwUcu8gKCBS9lYBBBCCBpYFmR4BOZBBgSJTcBBBBBBeBHUoBOFCyz7BB3CZ6mv5TimBBe9oeCt9lXqBvB8fBBBBBBBBBBBBBBCBMBa8eBBkKzQClBeaKaMVMBj5iMPzyHVY9zqxknZlysGBBBcBBBB9CctORpnICyRBBB4OBBBBBBBBBBC9ThFF3dOKBCBBxBBBBBBBfBz1BD7fB4BpkBJUDyDCZ6IDDDCCCCDDCCCCCCCBdh2eBBBGI57kNB8DJoDBBBBCiBBiB&iv=6&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/pbb847483933/bsi.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.178.93.243 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-178-93-243.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
7ad193fa05907a4d0f8d13e58f3cd21fbd109e51585777a614742b9e3671a0b6

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
server
TornadoServer/4.5.3
etag
"9405fa4f00be13fc57c4251c67ec3804d819d9da"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
238
truncated
/ Frame 4591 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b7b8f73fa8376a0b9153c1a2e3cc9e13c8c5358f06998c3c48fec044c02dd765

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 0A35 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e8768a712a10671295fe3350d2c371d1708c310735ce8d22be49d72b6c2445c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
n.js
geo.moatads.com/ 		112 B
287 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853556&de=908930422942&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=2&cb=0&ym=0&cu=1577183853556&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&zMoatPS=top&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=1954285287&cs=0&callback=DOMlessLLDcallback_24372735
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.8.11.1 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-8-11-1.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
01da7eb53f7d75ade20fa4b14996e403781cf51143798008d4742c8f1af3687a

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
server
TornadoServer/4.5.3
etag
"e3f86d6b7c078be38a0957639285944489a706f5"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
112
n.js
geo.moatads.com/ 		114 B
288 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853556&de=908930422942&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=3&cb=0&ym=0&cu=1577183853556&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&zMoatPS=top&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=635817944&cs=0&callback=MoatDataJsonpRequest_24372735
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.8.11.1 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-3-8-11-1.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
c4ac554a29af6e4d67d1905a04f6b55c21b008338e58f0722547511d366d5595

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
server
TornadoServer/4.5.3
etag
"ad8e57bc3863b331ce6d7ce546cb5c50ad7a34a6"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
114
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853556&de=908930422942&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=4&cb=0&ym=0&cu=1577183853556&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&zMoatPS=top&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=648036505&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 6F9A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
246
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 1C29
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
246
x-xss-protection
0
T-cY8y00.webp
clipcentric-a.akamaihd.net/file/875381/ad_720x406_p0/1571909184/ Frame 3C16 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clipcentric-a.akamaihd.net/file/875381/ad_720x406_p0/1571909184/T-cY8y00.webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.73 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-73.deploy.static.akamaitechnologies.com
Software
Apache/2.2.34 /
Resource Hash
ab813da4d112ccf8f88888546b27946e14ecbf30ae9947e5068a60225f8c6f06

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
last-modified
Thu, 24 Oct 2019 09:31:08 GMT
server
Apache/2.2.34
access-control-allow-origin
*
content-type
image/webp
status
200
cache-control
max-age=31536000
content-length
6898
E=in,im,fi
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=23/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=23/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=in,im,fi
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
e7JhLHQd.webp
clipcentric-a.akamaihd.net/file/875379/master/1571909071/ Frame 3C16 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clipcentric-a.akamaihd.net/file/875379/master/1571909071/e7JhLHQd.webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.73 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-73.deploy.static.akamaitechnologies.com
Software
Apache/2.2.34 /
Resource Hash
087ad865dd67e71bd6eb7f0df7beaed33d2313610800db71f964ae5f3c223b75

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
last-modified
Thu, 21 Nov 2019 01:54:18 GMT
server
Apache/2.2.34
access-control-allow-origin
*
content-type
image/webp
status
200
cache-control
max-age=31536000
content-length
81116
hStiw3Mg.webp
clipcentric-a.akamaihd.net/file/902423/ad_q75/1575462737/ Frame 3C16 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clipcentric-a.akamaihd.net/file/902423/ad_q75/1575462737/hStiw3Mg.webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.73 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-73.deploy.static.akamaitechnologies.com
Software
Apache/2.2.34 /
Resource Hash
7c220c41bdc21b3aefecbba0e8f5767b6ce437ee144078e81a766e2b882f3171

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
last-modified
Wed, 04 Dec 2019 12:38:36 GMT
server
Apache/2.2.34
access-control-allow-origin
*
content-type
image/webp
status
200
cache-control
max-age=31536000
content-length
13858
SjZdezgG.webp
clipcentric-a.akamaihd.net/file/902425/ad_q75/1575462737/ Frame 3C16 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clipcentric-a.akamaihd.net/file/902425/ad_q75/1575462737/SjZdezgG.webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.73 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-73.deploy.static.akamaitechnologies.com
Software
Apache/2.2.34 /
Resource Hash
51de604a7df5e1e7aea774b890e62e0f3ae349f8ca0dfc0a7e2d21bee34ef7b2

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
last-modified
Wed, 04 Dec 2019 12:38:36 GMT
server
Apache/2.2.34
access-control-allow-origin
*
content-type
image/webp
status
200
cache-control
max-age=31536000
content-length
21182
sfp.js
native.sharethrough.com/assets/ 		414 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://native.sharethrough.com/assets/sfp.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.127 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-127.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1d7f930f1af99074785dd6dd07ba73cf7cd2a190ae2738927af084585aed410f

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
last-modified
Fri, 20 Dec 2019 19:47:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=3600
x-amz-cf-id
CWLRgqgu8wyrxpw9Tm8EJYURmSZU-2jUC8PxyA8dsHPKBKrh8I_2Ew==
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
expires
Fri, 20 Dec 2019 20:47:41 GMT
moatad.js
z.moatads.com/essenceukeedcmdisplay403072119649/ Frame E93F 		288 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/essenceukeedcmdisplay403072119649/moatad.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8bc46e368fdb6af88f2ee39547a17ec85f526c37af80d5b8dc7a756eee9206c1

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 16:25:27 GMT
Server
AmazonS3
x-amz-request-id
01F69C434C8F5F69
ETag
"2175360d49179d656b1574d12a04f6b1"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=10658
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
98164
x-amz-id-2
hcMmQXaheZn6I8jOsAYTUp8ytH4K/G9YWXxXshlA2DcM98li6rEQb15fWAiCDVtvuEoE3H+liz8=
B22814289.249203913;dc_pre=CKu05NqLzuYCFQn2dwoddrkG0Q;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/ Frame E93F
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/B22814289.249203913;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
  • https://ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/B22814289.249203913;dc_pre=CKu05NqLzuYCFQn2dwoddrkG0Q;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_chil...
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/B22814289.249203913;dc_pre=CKu05NqLzuYCFQn2dwoddrkG0Q;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.198 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f198.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N6580.148013.CNET/B22814289.249203913;dc_pre=CKu05NqLzuYCFQn2dwoddrkG0Q;dc_trk_aid=448153815;dc_trk_cid=117597040;ord=122157202;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
beacon
tag.researchnow.com/t/ Frame E93F 		42 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tag.researchnow.com/t/beacon?adn=20&ca=2535697826&cr=138289884860&did=&ord=122157202&pl=5050413510&pr=284260&si=zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.91.215 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-91-215.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Thu, 11 Dec 2014 18:19:06 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Tue, 24 Dec 2019 10:37:33 GMT
truncated
/ Frame E93F 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9e886732401f0a70067dc1553b126803c118522247d6f1146a352c733bc6f6ab

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
283812-2.js
optimized-by.rubiconproject.com/a/9818/59604/ Frame 7B16 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://optimized-by.rubiconproject.com/a/9818/59604/283812-2.js?&cb=0.7510201562332108&tk_st=1&rf=https%3A//www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=59604_2&rp_secure=1
Requested by
Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/9818.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
0066a810481c1dafc6312552d564c3e1da1a2830f5aefc5d22a1f059b4191144

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
Keep-Alive
Content-Type
text/javascript
Keep-Alive
timeout=5, max=500
Content-Length
915
Expires
Wed, 17 Sep 1975 21:32:10 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame 49AE 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: rev.cbsi.com
URL: https://rev.cbsi.com/common/js/adKit.min.js?99606090
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f213be31d540e30366635b474daedd9c0b46287d55429ec9ef7a4829361c6f01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"376 / 207 of 1000 / last-modified: 1576520981"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
15827
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853556&de=908930422942&cu=1577183853556&m=61&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5849&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=21&an=0&gf=21&gg=0&ix=21&ic=21&ez=1&aj=1&pg=100&pf=0&ib=1&cc=0&bw=21&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=42&cd=0&ah=42&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5e01ea6a96130&hv=DOMSEARCH&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=719629045&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
ad.js
z.moatads.com/fallback/ Frame 23CA 		200 B
624 B 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/fallback/ad.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/pbb847483933/bsi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a917f4179203230547c3fcb75808e5360c61fd052e072a851863f574cdcbd7b1

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Mon, 11 Feb 2019 21:49:15 GMT
Server
AmazonS3
x-amz-request-id
EB1474C08F3D554B
ETag
"91b3c96c3750422ec5dd1d7c37bc9c00"
Content-Type
application/x-javascript
Cache-Control
max-age=9250
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
200
x-amz-id-2
0QBXZCGqsJ52jg0pxyi9anWq/RiK3VyQv+bnA30VOUl58oKMII7rib8rQAAY2XypTM3CAgGva4M=
moatad.js
z.moatads.com/essenceukeedcmdisplaybs475485114131/ Frame 4591 		272 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/essenceukeedcmdisplaybs475485114131/moatad.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/pbb847483933/bsi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0fa3bf45a0f9da9644d82fd00b196b209c04afa53c30d61b789bb2986080ac71

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 16:25:36 GMT
Server
AmazonS3
x-amz-request-id
126BBE98D6F5D184
ETag
"eb96a133c1c12be0ca6aa2c8fb9a4d46"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=11270
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
93980
x-amz-id-2
oyce69zDPAqfO9RacbNJrUdEkflVAhVMQfKeWg31KM6GmZvpJ4TobQ5SyZ90+bZrqDlZFoB7M2g=
ad.js
z.moatads.com/fallback/ Frame 3D5F 		200 B
624 B 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/fallback/ad.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/pbb847483933/bsi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a917f4179203230547c3fcb75808e5360c61fd052e072a851863f574cdcbd7b1

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Mon, 11 Feb 2019 21:49:15 GMT
Server
AmazonS3
x-amz-request-id
EB1474C08F3D554B
ETag
"91b3c96c3750422ec5dd1d7c37bc9c00"
Content-Type
application/x-javascript
Cache-Control
max-age=9250
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
200
x-amz-id-2
0QBXZCGqsJ52jg0pxyi9anWq/RiK3VyQv+bnA30VOUl58oKMII7rib8rQAAY2XypTM3CAgGva4M=
moatad.js
z.moatads.com/essenceukeedcmdisplaybs475485114131/ Frame 0A35 		272 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/essenceukeedcmdisplaybs475485114131/moatad.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/pbb847483933/bsi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0fa3bf45a0f9da9644d82fd00b196b209c04afa53c30d61b789bb2986080ac71

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Tue, 10 Dec 2019 16:25:36 GMT
Server
AmazonS3
x-amz-request-id
126BBE98D6F5D184
ETag
"eb96a133c1c12be0ca6aa2c8fb9a4d46"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=11270
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
93980
x-amz-id-2
oyce69zDPAqfO9RacbNJrUdEkflVAhVMQfKeWg31KM6GmZvpJ4TobQ5SyZ90+bZrqDlZFoB7M2g=
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=21&fi=1&apd=42&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050864523&L4id=138296767763&S1id=23605329&S2id=23619609&ord=1577183853556&r=908930422942&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=21&fi=1&apd=42&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050864523&L4id=138296767763&S1id=23605329&S2id=23619609&ord=1577183853556&r=908930422942&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=233&fi=1&apd=254&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050864523&L4id=138296767763&S1id=23605329&S2id=23619609&ord=1577183853556&r=908930422942&t=hdn&os=1&fi2=0&div1=0&ait=106&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=4&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050875281&L4id=138296767547&S1id=23605329&S2id=23619609&ord=1577183853630&r=893696478493&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=4&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050875281&L4id=138296767547&S1id=23605329&S2id=23619609&ord=1577183853630&r=893696478493&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=235&fi=1&apd=237&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050875281&L4id=138296767547&S1id=23605329&S2id=23619609&ord=1577183853630&r=893696478493&t=hdn&os=1&fi2=0&div1=0&ait=117&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
cbsi_ads_skyboxKit.js
rev.cbsi.com/common/js/ Frame 3C16 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rev.cbsi.com/common/js/cbsi_ads_skyboxKit.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.249.64 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-249-64.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
bbf66af0fbea2327cb153d8abcb8d06de0f3baf752907f4c76f6872599773084

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Oct 2019 20:40:00 GMT
Server
AkamaiNetStorage
ETag
"5ce628f0637b19baa1e4d36e2aad23e7:1571949600"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2118
truncated
/ Frame 3E1C 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 3C16 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 3C16 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame DE8F 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame DE8F 		750 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9cac3eeba1fc86e06fdc013a4c52742e9b4bd14b7be6517321127d4515095ce

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
E=ls:load%20CBSi%20js%20file.0,li
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=193/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=193/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:load%20CBSi%20js%20file.0,li
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
E=ls:video%20auto.0
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=194/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=194/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:video%20auto.0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
E=ls:Super%20Billboard.0
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=199/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=199/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:Super%20Billboard.0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
E=ls:hotspots%20collapsed.0
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=199/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=199/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:hotspots%20collapsed.0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
E=ls:on%20scroll%20full%20collapse.0
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=200/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=200/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:on%20scroll%20full%20collapse.0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
E=ls:custom%20ad%20controls.0
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=205/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=205/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:custom%20ad%20controls.0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:33 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
integrator.js
adservice.google.de/adsid/ Frame 49AE 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 49AE 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2019121002.js
securepubads.g.doubleclick.net/gpt/ Frame 49AE 		163 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
216fd62bccc74ef4e4d35292cd4874e7072a4fb30685afb6235d894a3ec1a2df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Dec 2019 17:29:18 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
60922
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:33 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853621&de=705096985093&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=9&cb=0&ym=0&cu=1577183853621&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&zMoatPS=nav&zMoatPT=article&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=1222073159&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:33 GMT
ad.png
z.moatads.com/fallback/ Frame 23CA 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://z.moatads.com/fallback/ad.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
ef1f342a3e85285f6192a4b04d741a3018a8be6e882da7d9180a869dac3823f8

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Mon, 11 Feb 2019 20:23:54 GMT
Server
AmazonS3
x-amz-request-id
43C732C36BA494C3
ETag
"52ebe64201143a9c37ce86939fdc09e8"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3937
x-amz-id-2
f8IzswFDetEYVnptxUb3I3Fg3hOpJw+OqMJfR23Vj6DnNLOu/GGuLf6oZyqxAshs5gi+/BKAs3M=
ad.png
z.moatads.com/fallback/ Frame 3D5F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://z.moatads.com/fallback/ad.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
ef1f342a3e85285f6192a4b04d741a3018a8be6e882da7d9180a869dac3823f8

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:33 GMT
Last-Modified
Mon, 11 Feb 2019 20:23:54 GMT
Server
AmazonS3
x-amz-request-id
43C732C36BA494C3
ETag
"52ebe64201143a9c37ce86939fdc09e8"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3937
x-amz-id-2
f8IzswFDetEYVnptxUb3I3Fg3hOpJw+OqMJfR23Vj6DnNLOu/GGuLf6oZyqxAshs5gi+/BKAs3M=
truncated
/ Frame 3E1C 		299 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95698b6af45a720fa13415398e77c20504c6ae8bf75e3a462e5aa1f67bc42b11

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 3E1C 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
008c4174fd85893eba55f80ed4126a154a394733a5d57f74b62c3ed72edcae9b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853630&de=893696478493&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=14&cb=0&ym=0&cu=1577183853630&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&zMoatPS=top&zMoatPT=article&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=1486004640&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 7B16 		78 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/9818/59604/283812-2.js?&cb=0.7510201562332108&tk_st=1&rf=https%3A//www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=59604_2&rp_secure=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
2c08b5b8f62b8b8ff7cf20b959f3e1c59131a6ab0b1b1acd9e53ca6c71faec1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29460
x-xss-protection
0
server
cafe
etag
14098270111006999435
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 24 Dec 2019 10:37:34 GMT
81835fae-db7e-45d3-805b-d1d339945763
beacon-eu2.rubiconproject.com/beacon/d/ Frame 7B16 		43 B
268 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-eu2.rubiconproject.com/beacon/d/81835fae-db7e-45d3-805b-d1d339945763?oo=51&accountId=9818&siteId=59604&zoneId=283812&sizeId=2&e=6A1E40E384DA563BA89CAFFC74E9E6D7637F4C59311EE5F9A8725BE614A37145539A54D81DE1954F43FE71CE52FD148D172DB22D3B21A9B55A83079A7148FE1F152495931596E8C63570ECD3831C9446AC237D6FA0EBFC9A6240B348FC26EBCF9657252D90587B3D83009FDB9DE7981633F8630F2FDB6069
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.154 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
Rubicon Project /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:33 GMT
Cache-Control
private, max-age=0, no-cache
Expires
01 Jan 1970 10:00:00 GMT
Server
Rubicon Project
Content-Length
43
Content-Type
image/webp
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=442&fi=1&apd=463&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050864523&L4id=138296767763&S1id=23605329&S2id=23619609&ord=1577183853556&r=908930422942&t=nht&os=1&fi2=0&div1=0&ait=315&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 49AE 		29 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=531372375322850&correlator=3983162686704916&output=ldjh&impl=fifs&adsid=NT&vrg=2019121002&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20191224&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=372x142%2C372x142&prev_scp=env%3Dprod%26session%3De%26subses%3D1%26ptype%3Darticle%26vguid%3De52c7758-a320-4bba-8959-7d18ad069758%7Cenv%3Dprod%26session%3De%26subses%3D1%26ptype%3Darticle%26vguid%3De52c7758-a320-4bba-8959-7d18ad069758&cookie=ID%3D65d5147eb220fa22%3AT%3D1577183852%3AS%3DALNI_MbIG5cEPcQqit0ITQD47XnS82YVlw&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1577183854&dt=1577183854040&dlt=1577183853358&idt=677&frm=23&biw=1585&bih=1200&isw=371&ish=771&oid=3&adxs=-12245933%2C-12245933&adys=-12245933%2C-12245933&adks=3261246841%2C3261246840&ucis=s4bdxwakjx77%7Cqvmckpkrnj5t&ifi=1&ifk=771328176&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&dssz=16&icsg=10888&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0%7C0x0&msz=0x0%7C0x0&ga_vid=1770335841.1577183854&ga_sid=1577183854&ga_hid=1509250964&fws=256%2C256&ohw=0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
aeaf0fc5d905b101cd066bd6c8369e337a02db9de247615f802353a1b7cab062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7266
x-xss-protection
0
google-lineitem-id
4746066197,4746066197
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138239375180,138239375540
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2019121002.js
securepubads.g.doubleclick.net/gpt/ Frame 49AE 		64 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
4c52ed8f9039265ffed7fdca0b967b2624325e6356433f437e044b0dd332cddf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Dec 2019 17:29:18 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24811
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:34 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 49AE 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853630&de=893696478493&cu=1577183853630&m=10&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5849&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=2&an=0&gf=2&gg=0&ix=2&ic=2&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=2&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4&cd=0&ah=4&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatPS=top&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-top-5e01ea6a96130&hv=DOMSEARCH&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=611917832&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
integrator.js
adservice.google.de/adsid/ Frame 7B16 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 7B16 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/ Frame 7B16 		245 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
2424d4d0676494244257b830643c905eac8254d373e00bc0cf6a13158626921b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
91654
x-xss-protection
0
server
cafe
etag
2923717731764352670
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 24 Dec 2019 10:37:34 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20191205/r20190131/ Frame 11B7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20191205/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20191205/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUk8vOufv0cK_Ia-9opD6oYbjRKXvg_bhA9ZIuLDyD-U3W3mjDuEnb-bW37B; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Thu, 19 Dec 2019 17:43:23 GMT
expires
Thu, 02 Jan 2020 17:43:23 GMT
content-type
text/html; charset=UTF-8
etag
13309989325511048345
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6574
x-xss-protection
0
cache-control
public, max-age=1209600
age
406451
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
usync.html
eus.rubiconproject.com/ Frame AC77 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=uk
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-37-55-184.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Thu, 12 Dec 2019 00:18:57 GMT
Content-Encoding
gzip
Content-Length
7754
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=84161
Expires
Wed, 25 Dec 2019 10:00:15 GMT
Date
Tue, 24 Dec 2019 10:37:34 GMT
Connection
keep-alive
Vary
Accept-Encoding
truncated
/ Frame 7B16 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ffb52510681d67679fe77107228a4ed815912af75db0da2b9cd7d38ae2c232cd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=4&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=253246569&L4id=138271463540&S1id=23605329&S2id=23619609&ord=1577183854095&r=626210178165&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=bottom&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=4&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=253246569&L4id=138271463540&S1id=23605329&S2id=23619609&ord=1577183854095&r=626210178165&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=bottom&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=480&fi=1&apd=482&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050875281&L4id=138296767547&S1id=23605329&S2id=23619609&ord=1577183853630&r=893696478493&t=nht&os=1&fi2=0&div1=0&ait=362&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853726&de=293930083425&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=19&cb=0&ym=0&cu=1577183853726&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=29604729%3A2535697826%3A5050413510%3A138289884860&zMoatPS=top&zMoatPT=article&zMoatW=11&zMoatH=11&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=11x11&zMoatSZPS=11x11%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=1690468619&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 5C40 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1991679624331369&output=html&h=90&slotname=3084619100&adk=2606246846&adf=52413253&w=728&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1577183854072&bpp=16&bdt=719&fdt=59&idt=59&shv=r20191205&cbv=r20190131&saldr=sa&correlator=8380280534437&frm=23&ife=4&pv=2&ga_vid=704004758.1577183854&ga_sid=1577183854&ga_hid=1223889316&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=5432&biw=1585&bih=1200&isw=728&ish=90&ifk=3071934195&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=3851907101642893&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.knzf8fd1qoub&btvi=1&fsb=1&dtd=70
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1991679624331369&output=html&h=90&slotname=3084619100&adk=2606246846&adf=52413253&w=728&npa=1&guci=1.2.0.0.2.1.0.0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1577183854072&bpp=16&bdt=719&fdt=59&idt=59&shv=r20191205&cbv=r20190131&saldr=sa&correlator=8380280534437&frm=23&ife=4&pv=2&ga_vid=704004758.1577183854&ga_sid=1577183854&ga_hid=1223889316&ga_fc=0&iag=3&icsg=43368&nhd=1&dssz=19&mdo=0&mso=1&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=5432&biw=1585&bih=1200&isw=728&ish=90&ifk=3071934195&scr_x=0&scr_y=0&eid=21065125&oid=3&pvsid=3851907101642893&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.knzf8fd1qoub&btvi=1&fsb=1&dtd=70
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUk8vOufv0cK_Ia-9opD6oYbjRKXvg_bhA9ZIuLDyD-U3W3mjDuEnb-bW37B; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 24 Dec 2019 10:37:34 GMT
server
cafe
content-length
19855
x-xss-protection
0
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
osd.js
www.googletagservices.com/activeview/js/current/ Frame 7B16 		78 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29463
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:34 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 9079 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss4LiBk1ULSuM53mmDOOlgdWdcNnnSpLJPzv76X9MXDFAYk6JIMyejh2u7F7P2krTOdj8z45E6e11gr49mZjlHTEbJT0cUz9EWYD_8hnCoW0XRvWkZ6xgjoP__cSuchnM5QgdCorLGsRqhrjB072djN_Qrtw4WbX2E1ZOW519evh9_dq9MzoVSGP88vbp-maPTtOscakjFHb9H8zDZZrAjTttUztoIVGLaXIvg62978wVXbnpXb5_zTrJFqsf-zCzyTvVTTOcR4&sig=Cg0ArKJSzDonimX_spbNEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:34 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 9079 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:34 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 9079 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:34 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50838
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
osd.js
www.googletagservices.com/activeview/js/current/ Frame 49AE 		78 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019121002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29463
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:34 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 0568 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssr8_zyjksUTZUTAlVtxwUlK-B4EJu4mEkYZkWT5s3xymQdng6qBeHLd1PcR_BYkfcqT4EAojAHRp6MIUkt34E-kcpiFv9j9WB0nSoY5Jo1JxfDOLBG85dmW-SZ92k5nMQBzK3as1MwKnbzyHxlrnUUyN6CO1RiaC2I3SCD2XfbcE7bwTgxQB1TjyaUeKPdf3s46rVIBSrl-swl7M_8epvGZYzL36PrordDfofZYprJCvMCK2Kk2mSyEbnTwL30DbMjC8dLUkTB&sig=Cg0ArKJSzP-qQVttwJwGEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 24 Dec 2019 10:37:34 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 0568 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1575654529893506"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29272
x-xss-protection
0
expires
Tue, 24 Dec 2019 10:37:34 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 0568 		303 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019121002.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 24 Dec 2019 10:37:34 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Dec 2019 19:14:16 GMT
Server
AmazonS3
x-amz-request-id
A447FEF91201B5EC
ETag
"ee25ce96349b25784dffdbbaf0ffe860"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=50838
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
103351
x-amz-id-2
GFZ9j7qf4L2PI+76sA3ntUTy90EFAuTLxzVSaszYX7OL/pYLtvgDZA7Z+NTPEj8EohvcmN9yCWg=
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=60&fi=1&apd=119&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=24737049&L2id=2617483191&L3id=5243758003&L4id=138297090465&S1id=23605329&S2id=23619609&ord=1577183853621&r=705096985093&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=nav&zMoatPT=article&bedc=1&q=1&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=60&fi=1&apd=119&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=24737049&L2id=2617483191&L3id=5243758003&L4id=138297090465&S1id=23605329&S2id=23619609&ord=1577183853621&r=705096985093&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=nav&zMoatPT=article&bedc=1&q=2&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=60&fi=1&apd=119&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=24737049&L2id=2617483191&L3id=5243758003&L4id=138297090465&S1id=23605329&S2id=23619609&ord=1577183853621&r=705096985093&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=nav&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853744&de=253947952385&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=24&cb=0&ym=0&cu=1577183853744&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745327422%3A138239368367&zMoatPS=top&zMoatPT=article&zMoatW=641&zMoatH=321&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=641x321&zMoatSZPS=641x321%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=1762912578&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
E=ls:on%20scroll%20full%20collapse.1
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=520/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=520/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=ls:on%20scroll%20full%20collapse.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:34 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
truncated
/ Frame DE8F 		694 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45408e7b8b5c05bd33821ec9fb87468ed4802c7a954fb2848cb4db205f4e3b50

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853807&de=392947883961&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=29&cb=0&ym=0&cu=1577183853807&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4825966980%3A138247024569&zMoatPS=top&zMoatPT=article&zMoatW=371&zMoatH=771&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=371x771&zMoatSZPS=371x771%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=328980744&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=150&fi=1&apd=209&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=24737049&L2id=2617483191&L3id=5243758003&L4id=138297090465&S1id=23605329&S2id=23619609&ord=1577183853621&r=705096985093&t=hdn&os=1&fi2=0&div1=0&ait=45&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=nav&zMoatPT=article&bedc=1&q=4&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=197&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=25299489&L2id=251370729&L3id=253246569&L4id=138271463540&S1id=23605329&S2id=23619609&ord=1577183854095&r=626210178165&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=bottom&zMoatPT=article&bedc=1&q=3&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=THE7STARS_UK_DCM1&hp=1&wf=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853831&de=54026461084&m=0&ar=5d15d450ed-clean&iw=3821a19&q=32&cb=0&ym=0&cu=1577183853831&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5806527%3A23395875%3A3527954%3A258480865&zMoatENV=-&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=zdnet.com&bd=zdnet.com&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=the7starsukdcm304326999093&fd=1&ac=1&it=500&ti=0&ih=1&fs=174970&na=1355467529&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=ESSENCE_UK_EE_DCM_DISPLAY1&hp=1&wf=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853899&de=418867464632&m=0&ar=5d15d450ed-clean&iw=3af0463&q=35&cb=0&ym=0&cu=1577183853899&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=22814289%3A1162211%3A249203913%3A1x1_Site_Served&zMoatENV=-&zMoatADV=-&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=zdnet.com&bd=zdnet.com&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=essenceukeedcmdisplay403072119649&fd=1&ac=1&it=500&ti=0&ih=1&fs=174970&na=275670522&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&hp=1&wf=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853949&de=175510445966&m=0&ar=5d15d450ed-clean&iw=e486bbd&q=38&cb=0&ym=0&cu=1577183853949&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=22814289%3A1162211%3A249203970%3A124498635&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatDTYPE=-&zMoatGSE=1&zMoatJBR2=-&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=-&zMoatLT=-&zMoatPRTJ=-&zMoatPRTM=-&zMoatINS=-&zMoatF3D9Z4=-&zMoatF3D9Z3=-&zMoatPTNS=-&zMoatNL=-&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&bo=-&bd=zdnet.com&gw=essenceukeedcmdisplaybs475485114131&fd=1&ac=1&it=500&ti=0&ih=1&fs=174970&na=717427048&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2FIFRAME&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&zGSRC=1&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=NaN&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5932&le=1&gm=1&io=1&ch=0&vv=0&vw=0%3A0%3A0&vp=undefined&vx=-%3A-%3A-&im=0&in=0&pd=0&em=0&en=0&bu=0&cd=0&ah=0&am=0&rf=0&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatDTYPE=-&zMoatJBR2=-&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=-&zMoatLT=-&zMoatPRTJ=-&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=-&zMoatF3D9Z4=-&zMoatF3D9Z3=-&zMoatPTNS=-&zMoatNL=-&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=null&it=500&fz=1&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=253125392&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=19&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5932&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=0&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=10&cd=0&ah=10&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=242097349&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&hp=1&wf=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183853979&de=372111646233&m=0&ar=5d15d450ed-clean&iw=e486bbd&q=41&cb=0&ym=0&cu=1577183853979&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=22814289%3A1162211%3A249203952%3A124498647&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatDTYPE=-&zMoatGSE=1&zMoatJBR2=-&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=-&zMoatLT=-&zMoatPRTJ=-&zMoatPRTM=-&zMoatINS=-&zMoatF3D9Z4=-&zMoatF3D9Z3=-&zMoatPTNS=-&zMoatNL=-&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&bo=-&bd=zdnet.com&gw=essenceukeedcmdisplaybs475485114131&fd=1&ac=1&it=500&ti=0&ih=1&fs=174970&na=260324634&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2FIFRAME&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&zGSRC=1&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=NaN&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5932&le=1&gm=1&io=1&ch=0&vv=0&vw=0%3A0%3A0&vp=undefined&vx=-%3A-%3A-&im=0&in=0&pd=0&em=0&en=0&bu=0&cd=0&ah=0&am=0&rf=0&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatDTYPE=-&zMoatJBR2=-&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=-&zMoatLT=-&zMoatPRTJ=-&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=-&zMoatF3D9Z4=-&zMoatF3D9Z3=-&zMoatPTNS=-&zMoatNL=-&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=null&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1192160267&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=9&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5932&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&ez=1&aj=1&pg=100&pf=0&ib=1&cc=0&bw=0&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&bu=5&cd=0&ah=5&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1315816355&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183854095&de=626210178165&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=45&cb=0&ym=0&cu=1577183854095&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25299489%3A251370729%3A253246569%3A138271463540&zMoatPS=bottom&zMoatPT=article&zMoatW=728&zMoatH=90&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatSZPS=728x90%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=383513338&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fbeacon-eu2.rubiconproject.com%2Fbeacon%2Fd%2F81835fae-db7e-45d3-805b-d1d339945763&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183854095&de=626210178165&cu=1577183854095&m=12&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5932&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=0&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4&cd=0&ah=4&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=25299489%3A251370729%3A253246569%3A138271463540&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=bottom&zMoatSZPS=728x90%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=728&zMoatH=90&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-bottom&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-bottom-5e01ea6a96130&hv=DOMSEARCH&ab=3&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=577512591&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=894&tet=1076&fi=1&apd=1097&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050864523&L4id=138296767763&S1id=23605329&S2id=23619609&ord=1577183853556&r=908930422942&t=iv&os=1&fi2=0&div1=1&ait=949&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&vb=10&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fwww.zdnet.com%2F%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853621&de=705096985093&cu=1577183853621&m=572&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=249&lg=1&lh=139&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=60&an=0&gf=60&gg=0&ix=60&ic=60&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=60&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=119&cd=0&ah=119&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=nav-ad&zMoatMMV_MAX=na&zMoatDfpSlotId=nav-ad-5e01ea6a96130&hv=DOMSEARCH&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=nav-ad&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=234091461&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=884&tet=1083&fi=1&apd=1085&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=29604729&L2id=2535697826&L3id=5050875281&L4id=138296767547&S1id=23605329&S2id=23619609&ord=1577183853630&r=893696478493&t=iv&os=1&fi2=0&div1=1&ait=965&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=top&zMoatPT=article&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=248&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=0&ag=234&an=0&gf=234&gg=0&ix=234&ic=234&ez=1&aj=1&pg=100&pf=100&ib=0&cc=0&bw=234&bx=0&dj=1&aa=0&ad=117&cn=0&gk=117&gl=0&ik=117&cq=1&im=0&in=0&pd=0&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=10&cd=10&ah=10&am=10&rf=0&re=1&ft=117&fv=0&fw=117&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1095079198&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=225&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=0&ag=218&an=0&gf=218&gg=0&ix=218&ic=218&ez=1&aj=1&pg=100&pf=100&ib=1&cc=0&bw=218&bx=0&dj=1&aa=0&ad=109&cn=0&gk=109&gl=0&ik=109&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5&cd=5&ah=5&am=5&rf=0&re=1&ft=109&fv=0&fw=109&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1333598129&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183854249&de=171654538623&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=49&cb=0&ym=0&cu=1577183854249&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4746066197%3A138239375180&zMoatPT=article&zMoatW=372&zMoatH=142&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=372x142&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=1373251499&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=10&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1577183854268&de=974702903320&m=0&ar=cdbf7bf5ccd-clean&iw=ec92544&q=53&cb=0&ym=0&cu=1577183854268&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4746066197%3A138239375540&zMoatPT=article&zMoatW=372&zMoatH=142&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV_MAX=na&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&bo=23605329&bp=23619609&bd=-&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=372x142&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&iq=na&tt=na&tu=&tp=&fs=175060&na=2028597089&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fclipcentric-a.akamaihd.net%2Ffile%2F902425%2Fad_q75%2F1575462737%2FSjZdezgG.webp&i=THE7STARS_UK_DCM1&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853831&de=54026461084&cu=1577183853831&m=523&ar=5d15d450ed-clean&iw=3821a19&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&as=0&ag=35&an=0&gf=35&gg=0&ix=35&ic=35&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=35&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=70&cd=0&ah=70&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=5806527%3A23395875%3A3527954%3A258480865&bo=zdnet.com&bd=zdnet.com&gw=the7starsukdcm304326999093&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=911391352&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
E=wi
tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=1211/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/ Frame 3C16 		35 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.clipcentric.com/s/B=244/F=902421/C=56749/P=22/L=21/V=23/S=c-dCTGBt/Z=1/I=121.486292.1577183853689/U=www.zdnet.com/T=1211/M=i/D=d/PO=zdnet.com/LO=5243758003/VO=138297090465/E=wi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.251.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-199-251-195.compute-1.amazonaws.com
Software
Apache/2.2.34 /
Resource Hash
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 24 Dec 2019 10:37:34 GMT
cache-control
no-cache
server
Apache/2.2.34
content-length
35
content-type
image/gif
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853556&de=908930422942&cu=1577183853556&m=1109&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=275&lg=1&lh=159&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1076&an=21&gi=1&gf=1076&gg=21&ix=1076&ic=1076&ez=1&ck=1076&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1076&bx=21&ci=1076&jz=894&dj=1&aa=0&ad=949&cn=0&gk=949&gl=0&ik=949&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=894&cd=42&ah=894&am=42&rf=0&re=1&ft=949&fv=0&fw=949&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=574610611&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853556&de=908930422942&cu=1577183853556&m=1110&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=275&lg=1&lh=159&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1076&an=1076&gi=1&gf=1076&gg=1076&ix=1076&ic=1076&ez=1&ck=1076&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1076&bx=1076&ci=1076&jz=894&dj=1&aa=0&ad=949&cn=949&gk=949&gl=949&ik=949&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=894&cd=894&ah=894&am=894&rf=0&re=1&ft=949&fv=949&fw=949&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1583536188&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:34 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:34 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 4591 		42 B
115 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsut9CZFshpIaJ_d_2UtTM9VLIwy4S3iGHZY8WCAPl5UcINbP_MAgzz5xm_yJHur5tlPo6FwO5F2DsCgFZEY5KYb0Cb116HqDtOb4YtIP6E&sig=Cg0ArKJSzM99HU-ED-DSEAE&adk=1302819243&tt=-1&bs=1585%2C1200&mtos=1093,1093,1093,1093,1093&tos=1093,0,0,0,0&p=363,308,613,1278&mcvt=1093&rs=0&ht=0&tfs=359&tls=1452&mc=1&lte=1&bas=0&bac=0&met=ie&la=1&avms=nio&exg=1&md=2&lm=2&rst=1577183853300&dlt&rpt=361&isd=0&msd=0&ext&imams=1&xdi=0&ps=1585%2C5892&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-2-13-2-12-12-0-0-0&tvt=1452&is=970%2C250&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&r=v&id=osdim&vs=4&uc=13&upc=1&tgt=DIV&cl=1&cec=1&clc=1&wf=0&cac=1&cd=0x0&itpl=19&v=20191206
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:34 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 0A35 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsurSnqyIYxtTHE_TH-zBdu3M5bKhd5mBLb-f_o8QkGMDrE2cfh54E712UxdK42mZRkjQMuPVlgYwny9FY0053cqcIhDGsKgobNuxqLUBNw&sig=Cg0ArKJSzD2Eswj1y-EFEAE&adk=2450669842&tt=-1&bs=1585%2C1200&mtos=1094,1094,1094,1094,1094&tos=1094,0,0,0,0&p=643,1043,893,1343&mcvt=1094&rs=0&ht=0&tfs=373&tls=1467&mc=1&lte=1&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&lm=2&rst=1577183853307&dlt&rpt=359&isd=0&msd=0&ext&imams=1&xdi=0&ps=1585%2C5892&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-3-13-2-12-12-0-0-0&tvt=1466&is=300%2C250&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&r=v&id=osdim&vs=4&uc=13&upc=1&tgt=DIV&cl=1&cec=1&clc=1&wf=0&cac=1&cd=0x0&itpl=19&v=20191206
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:35 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853556&de=908930422942&cu=1577183853556&m=1110&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=275&lg=1&lh=159&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1076&an=1076&gi=1&gf=1076&gg=1076&ix=1076&ic=1076&ez=1&ck=1076&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1076&bx=1076&ci=1076&jz=894&dj=1&aa=0&ad=949&cn=949&gk=949&gl=949&ik=949&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=894&cd=894&ah=894&am=894&rf=0&re=1&ft=949&fv=949&fw=949&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1429152611&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853630&de=893696478493&cu=1577183853630&m=1089&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=239&lg=1&lh=135&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1083&an=2&gi=1&gf=1083&gg=2&ix=1083&ic=1083&ez=1&ck=1083&kw=884&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1083&bx=2&ci=1083&jz=884&dj=1&aa=0&ad=965&cn=0&gk=965&gl=0&ik=965&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=884&cd=4&ah=884&am=4&rf=0&re=1&ft=965&fv=0&fw=965&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatPS=top&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=305082161&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853630&de=893696478493&cu=1577183853630&m=1090&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=239&lg=1&lh=135&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1083&an=1083&gi=1&gf=1083&gg=1083&ix=1083&ic=1083&ez=1&ck=1083&kw=884&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1083&bx=1083&ci=1083&jz=884&dj=1&aa=0&ad=965&cn=965&gk=965&gl=965&ik=965&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=884&cd=884&ah=884&am=884&rf=0&re=1&ft=965&fv=965&fw=965&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatPS=top&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=133591559&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3C16 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuVF_DIXX4y3ZGUtmCJDAhkAOGE09R23XHvzNXpnvWQcUN-ghTED3ogBfvdYV9WAl3-LgJ921AcbZ5zKOBoOkgBzeSw2r-SarwNNq7XdnM&sig=Cg0ArKJSzDp8BqZxYWREEAE&adk=2084717703&tt=-1&bs=1585%2C1200&mtos=1055,1055,1055,1055,1310&tos=1055,0,0,0,255&p=0,0,113,1585&mcvt=1055&rs=0&ht=0&tfs=422&tls=1732&mc=1&lte=1&bas=0&bac=0&met=ce&avms=nio&exg=1&md=2&lm=2&rst=1577183853289&dlt&rpt=480&isd=0&msd=0&ext&imams=1&xdi=0&ps=1585%2C5892&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-3-14-5-13-11-0-0-0&tvt=1729&is=1585%2C113&iframe_loc=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&r=v&id=osdim&vs=4&uc=14&upc=1&tgt=DIV&cl=1&cec=1&clc=1&wf=0&cac=1&cd=0x0&itpl=19&v=20191206
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 10:37:35 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853630&de=893696478493&cu=1577183853630&m=1090&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=239&lg=1&lh=135&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1083&an=1083&gi=1&gf=1083&gg=1083&ix=1083&ic=1083&ez=1&ck=1083&kw=884&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1083&bx=1083&ci=1083&jz=884&dj=1&aa=0&ad=965&cn=965&gk=965&gl=965&ik=965&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=884&cd=884&ah=884&am=884&rf=0&re=1&ft=965&fv=965&fw=965&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatPS=top&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1974515880&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853556&de=908930422942&cu=1577183853556&m=1312&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=275&lg=1&lh=159&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1279&an=1076&gi=1&gf=1279&gg=1076&ix=1279&ic=1279&ez=1&ck=1076&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1279&bx=1076&ci=1076&jz=894&dj=1&aa=1&ad=1152&cn=949&gn=1&gk=1152&gl=949&ik=1152&co=1152&cp=1097&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1097&cd=894&ah=1097&am=894&rf=0&re=1&ft=1152&fv=949&fw=949&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1402046075&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853630&de=893696478493&cu=1577183853630&m=1292&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=239&lg=1&lh=135&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1286&an=1083&gi=1&gf=1286&gg=1083&ix=1286&ic=1286&ez=1&ck=1083&kw=884&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1286&bx=1083&ci=1083&jz=884&dj=1&aa=1&ad=1168&cn=965&gn=1&gk=1168&gl=965&ik=1168&co=1168&cp=1085&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1085&cd=884&ah=1085&am=884&rf=0&re=1&ft=1168&fv=965&fw=965&wb=1&cl=0&at=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatPS=top&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1081617378&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=1052&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1039&an=234&gi=1&gf=1039&gg=234&ix=1039&ic=1039&ez=1&ck=1039&kw=848&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1039&bx=234&ci=1039&jz=848&dj=1&aa=0&ad=922&cn=117&gk=922&gl=117&ik=922&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=848&cd=10&ah=848&am=10&rf=0&re=1&ft=922&fv=117&fw=117&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1105265242&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=1054&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1039&an=1039&gi=1&gf=1039&gg=1039&ix=1039&ic=1039&ez=1&ck=1039&kw=848&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1039&bx=1039&ci=1039&jz=848&dj=1&aa=0&ad=922&cn=922&gk=922&gl=922&ik=922&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=848&cd=848&ah=848&am=848&rf=0&re=1&ft=922&fv=922&fw=117&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1887377563&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
cbsdfp5832910442.s.moatpixel.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsdfp5832910442.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1014&tet=1156&fi=1&apd=1215&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=24737049&L2id=2617483191&L3id=5243758003&L4id=138297090465&S1id=23605329&S2id=23619609&ord=1577183853621&r=705096985093&t=iv&os=1&fi2=0&div1=1&ait=1051&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatPS=nav&zMoatPT=article&bedc=1&q=5&nu=1&ib=0&dc=1&ob=1&oh=0&lt=0&ab=1&n=1&nm=1&sp=0&pt=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=1055&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1039&an=1039&gi=1&gf=1039&gg=1039&ix=1039&ic=1039&ez=1&ck=1039&kw=848&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1039&bx=1039&ci=1039&jz=848&dj=1&aa=0&ad=922&cn=922&gk=922&gl=922&ik=922&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=848&cd=848&ah=848&am=848&rf=0&re=1&ft=922&fv=922&fw=117&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=44671206&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=1032&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1025&an=218&gi=1&gf=1025&gg=218&ix=1025&ic=1025&ez=1&ck=1025&kw=830&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1025&bx=218&ci=1025&jz=830&dj=1&aa=0&ad=916&cn=109&gk=916&gl=109&ik=916&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=830&cd=5&ah=830&am=5&rf=0&re=1&ft=916&fv=109&fw=109&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1361915940&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=1033&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1025&an=1025&gi=1&gf=1025&gg=1025&ix=1025&ic=1025&ez=1&ck=1025&kw=830&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1025&bx=1025&ci=1025&jz=830&dj=1&aa=0&ad=916&cn=916&gk=916&gl=916&ik=916&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=830&cd=830&ah=830&am=830&rf=0&re=1&ft=916&fv=916&fw=109&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=766224491&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=1034&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1025&an=1025&gi=1&gf=1025&gg=1025&ix=1025&ic=1025&ez=1&ck=1025&kw=830&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1025&bx=1025&ci=1025&jz=830&dj=1&aa=0&ad=916&cn=916&gk=916&gl=916&ik=916&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=830&cd=830&ah=830&am=830&rf=0&re=1&ft=916&fv=916&fw=109&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1341130346&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=6&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=1256&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1243&an=1039&gi=1&gf=1243&gg=1039&ix=1243&ic=1243&ez=1&ck=1039&kw=848&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1243&bx=1039&ci=1039&jz=848&dj=1&aa=1&ad=1126&cn=922&gn=1&gk=1126&gl=922&ik=1126&co=1126&cp=1049&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1049&cd=848&ah=1049&am=848&rf=0&re=1&ft=1126&fv=922&fw=117&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1484525042&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=6&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=1236&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1229&an=1025&gi=1&gf=1229&gg=1025&ix=1229&ic=1229&ez=1&ck=1025&kw=830&aj=1&pg=100&pf=100&ib=1&cc=1&bw=1229&bx=1025&ci=1025&jz=830&dj=1&aa=1&ad=1120&cn=916&gn=1&gk=1120&gl=916&ik=1120&co=1120&cp=1030&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1030&cd=830&ah=1030&am=830&rf=0&re=1&ft=1120&fv=916&fw=109&wb=1&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1558875246&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&vb=10&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853621&de=705096985093&cu=1577183853621&m=1665&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=249&lg=1&lh=139&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1156&an=60&gi=1&gf=1156&gg=60&ix=1156&ic=1156&ez=1&ck=1156&kw=1014&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1156&bx=60&ci=1156&jz=1014&dj=1&aa=1&ad=1051&cn=0&gn=1&gk=1051&gl=0&ik=1051&co=1051&cp=1014&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1014&cd=119&ah=1014&am=119&rf=0&re=1&ft=1051&fv=0&fw=1051&wb=1&cl=0&at=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=nav-ad&zMoatMMV_MAX=na&zMoatDfpSlotId=nav-ad-5e01ea6a96130&hv=CBS%20Attribute&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=nav-ad&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1867716540&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&vb=10&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853621&de=705096985093&cu=1577183853621&m=1665&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=249&lg=1&lh=139&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1156&an=1156&gi=1&gf=1156&gg=1156&ix=1156&ic=1156&ez=1&ck=1156&kw=1014&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1156&bx=1156&ci=1156&jz=1014&dj=1&aa=1&ad=1051&cn=1051&gn=1&gk=1051&gl=1051&ik=1051&co=1051&cp=1014&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1014&cd=1014&ah=1014&am=1014&rf=0&re=1&ft=1051&fv=1051&fw=1051&wb=1&cl=0&at=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=nav-ad&zMoatMMV_MAX=na&zMoatDfpSlotId=nav-ad-5e01ea6a96130&hv=CBS%20Attribute&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=nav-ad&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=504318596&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&vb=10&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853621&de=705096985093&cu=1577183853621&m=1666&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=249&lg=1&lh=139&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1156&an=1156&gi=1&gf=1156&gg=1156&ix=1156&ic=1156&ez=1&ck=1156&kw=1014&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1156&bx=1156&ci=1156&jz=1014&dj=1&aa=1&ad=1051&cn=1051&gn=1&gk=1051&gl=1051&ik=1051&co=1051&cp=1014&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1014&cd=1014&ah=1014&am=1014&rf=0&re=1&ft=1051&fv=1051&fw=1051&wb=1&cl=0&at=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=nav-ad&zMoatMMV_MAX=na&zMoatDfpSlotId=nav-ad-5e01ea6a96130&hv=CBS%20Attribute&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=nav-ad&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1207687450&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=THE7STARS_UK_DCM1&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853831&de=54026461084&cu=1577183853831&m=1652&ar=5d15d450ed-clean&iw=3821a19&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1170&an=35&gi=1&gf=1170&gg=35&ix=1170&ic=1170&ez=1&ck=1170&kw=1005&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1170&bx=35&ci=1170&jz=1005&dj=1&aa=1&ad=1070&cn=0&gn=1&gk=1070&gl=0&ik=1070&co=1070&cp=1005&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1005&cd=70&ah=1005&am=70&rf=0&re=0&wb=1&cl=0&at=0&d=5806527%3A23395875%3A3527954%3A258480865&bo=zdnet.com&bd=zdnet.com&gw=the7starsukdcm304326999093&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=find%20iframe%20parent&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1769820578&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=THE7STARS_UK_DCM1&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853831&de=54026461084&cu=1577183853831&m=1653&ar=5d15d450ed-clean&iw=3821a19&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1170&an=1170&gi=1&gf=1170&gg=1170&ix=1170&ic=1170&ez=1&ck=1170&kw=1005&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1170&bx=1170&ci=1170&jz=1005&dj=1&aa=1&ad=1070&cn=1070&gn=1&gk=1070&gl=1070&ik=1070&co=1070&cp=1005&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1005&cd=1005&ah=1005&am=1005&rf=0&re=0&wb=1&cl=0&at=0&d=5806527%3A23395875%3A3527954%3A258480865&bo=zdnet.com&bd=zdnet.com&gw=the7starsukdcm304326999093&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=find%20iframe%20parent&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1222167738&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=THE7STARS_UK_DCM1&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853831&de=54026461084&cu=1577183853831&m=1654&ar=5d15d450ed-clean&iw=3821a19&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=1170&an=1170&gi=1&gf=1170&gg=1170&ix=1170&ic=1170&ez=1&ck=1170&kw=1005&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1170&bx=1170&ci=1170&jz=1005&dj=1&aa=1&ad=1070&cn=1070&gn=1&gk=1070&gl=1070&ik=1070&co=1070&cp=1005&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1005&cd=1005&ah=1005&am=1005&rf=0&re=0&wb=1&cl=0&at=0&d=5806527%3A23395875%3A3527954%3A258480865&bo=zdnet.com&bd=zdnet.com&gw=the7starsukdcm304326999093&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=find%20iframe%20parent&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1593948474&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:35 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:35 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853556&de=908930422942&cu=1577183853556&m=5141&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=275&lg=1&lh=159&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5108&an=1279&gi=1&gf=5108&gg=1279&ix=5108&ic=5108&ez=1&ck=1076&kw=894&aj=1&pg=100&pf=100&ib=1&cc=1&bw=5108&bx=1279&ci=1076&jz=894&dj=1&aa=1&ad=4981&cn=1152&gn=1&gk=4981&gl=1152&ik=4981&co=1152&cp=1097&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4928&cd=1097&ah=4928&am=1097&rf=0&re=1&ft=4881&fv=1152&fw=949&wb=2&cl=0&at=0&d=29604729%3A2535697826%3A5050864523%3A138296767763&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=300&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=mpu-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=mpu-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=594035040&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:38 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:38 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853630&de=893696478493&cu=1577183853630&m=5141&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=239&lg=1&lh=135&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5135&an=1286&gi=1&gf=5135&gg=1286&ix=5135&ic=5135&ez=1&ck=1083&kw=884&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5135&bx=1286&ci=1083&jz=884&dj=1&aa=1&ad=5017&cn=1168&gn=1&gk=5017&gl=1168&ik=5017&co=1168&cp=1085&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4937&cd=1085&ah=4937&am=1085&rf=0&re=1&ft=4917&fv=1168&fw=965&wb=2&cl=0&at=0&d=29604729%3A2535697826%3A5050875281%3A138296767547&bo=23605329&bp=23619609&bd=top&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=970x250&zMoatPS=top&zMoatSZPS=970x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=970&zMoatH=250&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-top&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-top-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=955394230&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:38 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:38 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=7&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=970&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853949&de=175510445966&cu=1577183853949&m=5089&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5075&an=1243&gi=1&gf=5075&gg=1243&ix=5075&ic=5075&ez=1&ck=1039&kw=848&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5075&bx=1243&ci=1039&jz=848&dj=1&aa=1&ad=4958&cn=1126&gn=1&gk=4958&gl=1126&ik=4958&co=1126&cp=1049&cq=1&im=1&in=1&pd=1&nb=1&el=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4885&cd=1049&ah=4885&am=1049&rf=0&re=1&ft=4858&fv=1126&fw=117&wb=2&cl=0&at=0&d=22814289%3A1162211%3A249203970%3A124498635&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=346&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi1490450&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_56215255&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853298%2Ct1%3A1577183853516%2Ct2%3A1577183853862%2Ct3%3A1577183853862%2Cta%3A1577183853516%7D&zMoatPRTJ=%7BconnectEnd%3A273%2CconnectStart%3A224%2CdecodedBodySize%3A236%2CdomainLookupEnd%3A224%2CdomainLookupStart%3A223%2Cduration%3A98%2CencodedBodySize%3A236%2CfetchStart%3A223%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A273%2CresponseEnd%3A321%2CresponseStart%3A320%2CsecureConnectionStart%3A244%2CstartTime%3A223%2CtransferSize%3A410%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A45%2CencodedBodySize%3A0%2CfetchStart%3A569%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A614%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A569%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853293&zMoatNL=247&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=1726599814&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&wf=1&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=ESSENCE_UK_EE_DCM_DISPLAY_BS2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=7&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRC=1&gv=moat_unsafe%2Cgv_crime%2Cgv_download%2Cgs_tech_computing&hw=0&zMoatGSE=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&f=0&j=&t=1577183853979&de=372111646233&cu=1577183853979&m=5068&ar=5d15d450ed-clean&iw=e486bbd&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5060&an=1229&gi=1&gf=5060&gg=1229&ix=5060&ic=5060&ez=1&ck=1025&kw=830&aj=1&pg=100&pf=100&ib=1&cc=1&bw=5060&bx=1229&ci=1025&jz=830&dj=1&aa=1&ad=4951&cn=1120&gn=1&gk=4951&gl=1120&ik=4951&co=1120&cp=1030&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4864&cd=1030&ah=4864&am=1030&rf=0&re=1&ft=4951&fv=1120&fw=109&wb=2&cl=0&at=0&d=22814289%3A1162211%3A249203952%3A124498647&bo=-&bd=zdnet.com&gq=2&zMoatDTYPE=0&oj=327&gw=essenceukeedcmdisplaybs475485114131&zMoatBSWFFID=_moatApi76851748&zMoatConf=2&zMoatJBR2=0&zMoatJPCN=MoatHandleJsonpResponse_30642738&zMoatJPRCVD=t&zMoatLT=%7Bt0%3A1577183853306%2Ct1%3A1577183853538%2Ct2%3A1577183853865%2Ct3%3A1577183853865%2Cta%3A1577183853538%7D&zMoatPRTJ=%7BconnectEnd%3A235%2CconnectStart%3A235%2CdecodedBodySize%3A238%2CdomainLookupEnd%3A235%2CdomainLookupStart%3A235%2Cduration%3A79%2CencodedBodySize%3A238%2CfetchStart%3A235%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A264%2CresponseEnd%3A314%2CresponseStart%3A314%2CsecureConnectionStart%3A235%2CstartTime%3A235%2CtransferSize%3A412%2CworkerStart%3A0%7D&zMoatPRTM=%7BconnectEnd%3A0%2CconnectStart%3A0%2CdecodedBodySize%3A0%2CdomainLookupEnd%3A0%2CdomainLookupStart%3A0%2Cduration%3A72%2CencodedBodySize%3A0%2CfetchStart%3A563%2CredirectEnd%3A0%2CredirectStart%3A0%2CrequestStart%3A0%2CresponseEnd%3A634%2CresponseStart%3A0%2CsecureConnectionStart%3A0%2CstartTime%3A563%2CtransferSize%3A0%2CworkerStart%3A0%7D&zMoatINS=4&zMoatF3D9Z4=b&zMoatF3D9Z3=-&zMoatPTNS=1577183853302&zMoatNL=248&hv=BrandSafetyFrame&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=974047674&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853621&de=705096985093&cu=1577183853621&m=5687&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=249&lg=1&lh=139&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5178&an=1156&gi=1&gf=5178&gg=1156&ix=5178&ic=5178&ez=1&ck=1156&kw=1014&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5178&bx=1156&ci=1156&jz=1014&dj=1&aa=1&ad=5073&cn=1051&gn=1&gk=5073&gl=1051&ik=5073&co=1051&cp=1014&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5036&cd=1014&ah=5036&am=1014&rf=0&re=1&ft=4973&fv=1051&fw=1051&wb=2&cl=0&at=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=nav-ad&zMoatMMV_MAX=na&zMoatDfpSlotId=nav-ad-5e01ea6a96130&hv=CBS%20Attribute&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=nav-ad&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1012099651&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&vb=10&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183854095&de=626210178165&cu=1577183854095&m=5265&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=0&lg=1&lh=16&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A0%3A-&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&cq=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5059&cd=4&ah=5059&am=4&rf=0&re=1&wb=1&cl=0&at=0&d=25299489%3A251370729%3A253246569%3A138271463540&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=bottom&zMoatSZPS=728x90%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=728&zMoatH=90&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=leader-plus-bottom&zMoatMMV_MAX=na&zMoatDfpSlotId=leader-plus-bottom-5e01ea6a96130&hv=Domsearch%20Early&ab=3&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&tz=leader-plus-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=1037111008&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=THE7STARS_UK_DCM1&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853831&de=54026461084&cu=1577183853831&m=5682&ar=5d15d450ed-clean&iw=3821a19&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5199&an=1170&gi=1&gf=5199&gg=1170&ix=5199&ic=5199&ez=1&ck=1170&kw=1005&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5199&bx=1170&ci=1170&jz=1005&dj=1&aa=1&ad=5099&cn=1070&gn=1&gk=5099&gl=1070&ik=5099&co=1070&cp=1005&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5029&cd=1005&ah=5029&am=1005&rf=0&re=0&wb=2&cl=0&at=0&d=5806527%3A23395875%3A3527954%3A258480865&bo=zdnet.com&bd=zdnet.com&gw=the7starsukdcm304326999093&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=find%20iframe%20parent&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=981421161&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&wf=1&vb=10&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CBSDFPCW2&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853621&de=705096985093&cu=1577183853621&m=5898&ar=cdbf7bf5ccd-clean&iw=ec92544&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&lf=249&lg=1&lh=139&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5389&an=5178&gi=1&gf=5389&gg=5178&ix=5389&ic=5389&ez=1&ck=1156&kw=1014&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5389&bx=5178&ci=1156&jz=1014&dj=1&aa=1&ad=5284&cn=5073&gn=1&gk=5284&gl=5073&ik=5284&co=1051&cp=1014&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5237&cd=5036&ah=5237&am=5036&rf=0&re=1&ft=4973&fv=4973&fw=1051&wb=2&cl=0&at=0&d=24737049%3A2617483191%3A5243758003%3A138297090465&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=5x5&zMoatPS=nav&zMoatSZPS=5x5%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&gw=cbsdfp5832910442&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&zMoatW=5&zMoatH=5&zMoatVGUID=e52c7758-a320-4bba-8959-7d18ad069758&zMoatSN=e&zMoatCURL=zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware&zMoatDev=Desktop&zMoatSlotId=nav-ad&zMoatMMV_MAX=na&zMoatDfpSlotId=nav-ad-5e01ea6a96130&hv=CBS%20Attribute&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tz=nav-ad&iq=na&tt=na&tu=&tp=&tc=0&fs=175060&na=2064063977&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
pixel.gif
px.moatads.com/ 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&wf=1&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=THE7STARS_UK_DCM1&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soBggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=c%3FgD3W%3CA&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&po=1-0020002000002120&vy=&ql=&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=113&w=1585&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&id=1&f=0&j=&t=1577183853831&de=54026461084&cu=1577183853831&m=5887&ar=5d15d450ed-clean&iw=3821a19&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5892&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&as=1&ag=5405&an=5199&gi=1&gf=5405&gg=5199&ix=5405&ic=5405&ez=1&ck=1170&kw=1005&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5405&bx=5199&ci=1170&jz=1005&dj=1&aa=1&ad=5305&cn=5099&gn=1&gk=5305&gl=5099&ik=5305&co=1070&cp=1005&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5234&cd=5029&ah=5234&am=5029&rf=0&re=0&wb=2&cl=0&at=0&d=5806527%3A23395875%3A3527954%3A258480865&bo=zdnet.com&bd=zdnet.com&gw=the7starsukdcm304326999093&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatENV=-&hv=find%20iframe%20parent&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&tc=0&fs=174970&na=2003144209&cs=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Dec 2019 10:37:39 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 24 Dec 2019 10:37:39 GMT
/
www.zdnet.com/homepage/xhr/ 		252 KB
27 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/homepage/xhr/
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ab444ccd73b1918a9b7d1f14cb7dcc534101a6c941db1a883ac79b072d253d08
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-NewRelic-ID
UQIHWFZXGwIDXFdRAAYDVw==
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
26790
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Dec 2019 10:17:26 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 24 Dec 2019 10:37:42 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
198ac3f0-5c30-41ff-9732-049ca2a5b67b
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
accept-ranges
bytes
expires
Tue, 24 Dec 2019 11:47:26 GMT
ring.gif
zdnet1.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/logos/ 		16 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/logos/ring.gif
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
309e20d540054848c2bee4268a2ec8e37656da9e7d5f8084c6f66f4fd711aed6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316786
status
200
strict-transport-security
max-age=31536000
content-length
9039
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:28:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd12da-3f75"
vary
Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:55 GMT
ZDLogoMicroRed-x2.png
zdnet1.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/logos/ZDLogoMicroRed-x2.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d6f28c2ecc7e7b603cead026b3febaa53ef60ef1ee17095ccaa5bfd465565e5e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316786
status
200
strict-transport-security
max-age=31536000
content-length
1513
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:28:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd12da-6fa"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:55 GMT
36c1ca5070
bam.nr-data.net/events/1/ 		24 B
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/36c1ca5070?a=138637741&v=1158.afc605b&to=NV1TZ0MHXxUFWxBYWQwXcFBFD14IS1kWRV8BVFRsQg9fAQhd&rst=12479&ref=https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.zdnet.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif
ZDLogoMicroWhite-x2.png
zdnet2.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/logos/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1576866522-fly/bundles/zdnetcss/images/logos/ZDLogoMicroWhite-x2.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d4bf85df37940345c4a0795bcc6556e480751e36f503425c25b1993071e90c9c
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet3.cbsistatic.com/fly/1912-fly/css/core/main-154661365f-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
316785
status
200
strict-transport-security
max-age=31536000
content-length
1398
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 18:28:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfd12da-691"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:37:56 GMT
river-time-ago-f2210a157b-rev.js
zdnet4.cbsistatic.com/fly/js/components/ 		753 B
556 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/js/components/river-time-ago-f2210a157b-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
2d3e9015bb665cc4e62a0aada26a74311bf87ba40e12b896724f447a98e68a89
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
442023
status
200
strict-transport-security
max-age=31536000
content-length
426
x-xss-protection
1; mode=block
last-modified
Mon, 16 Dec 2019 17:50:05 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5df7c3cd-2f1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 26 Dec 2019 07:50:37 GMT
tr-premium-promo-49ebdaab89-rev.js
zdnet2.cbsistatic.com/fly/js/components/ 		461 B
598 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/components/tr-premium-promo-49ebdaab89-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
f0c8ad030a90f1ee3cdcd5910587eab25da7bb0ec6f942d979bba4d506b38380
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
476993
status
200
strict-transport-security
max-age=31536000
content-length
287
x-xss-protection
1; mode=block
last-modified
Mon, 16 Dec 2019 17:50:06 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5df7c3ce-1cd"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Dec 2019 22:07:49 GMT
load-more-dc05f6361c-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/load-more-dc05f6361c-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
3de2287fb8729e557307be699642a97d5ef27c55627d663133aa8278172c9a83
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
319031
status
200
strict-transport-security
max-age=31536000
content-length
1808
x-xss-protection
1; mode=block
last-modified
Fri, 20 Dec 2019 16:33:28 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dfcf7d8-129d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Dec 2019 18:00:31 GMT
/
www.zdnet.com/newsletter/xhr/widget-login/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/newsletter/xhr/widget-login/?topic=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ae169d9f8c643dd24fd2572302cccc569cdf74b2d2e304bfa3763269d5d77438
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-NewRelic-ID
UQIHWFZXGwIDXFdRAAYDVw==
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
765
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
x-newrelic-app-data
PxQCVVZaCAcTVVJaAQIAUVAAFB9AMQYAZBBZDEtZV0ZaClc9HiBQFg1ZWT1JDV1EQwgEFkNURTkTWFJUBxI8EVgNTz1UV1NbXUcVUR9RA1JUBhtRSFELAwlRTU8GHRVUUFMDUFBWAFcCVQEBD1pVEB8DWA1CBG4=
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 24 Dec 2019 10:37:43 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
ae52ab91-594f-4fd6-a606-50477eb9d8bc
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
expires
Tue, 24 Dec 2019 10:37:43 GMT
/
www.zdnet.com/components/tr-promo-asset/xhr/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/components/tr-promo-asset/xhr/?topic=0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.143 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-143.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3b476aa1c93f76bee4eb278cc9bd2f2071c542ced56a4a8f2ede1dd3b0ac101f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-NewRelic-ID
UQIHWFZXGwIDXFdRAAYDVw==
Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, User-Agent
content-length
618
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Dec 2019 10:20:08 GMT
server
nginx
x-frame-options
SAMEORIGIN
date
Tue, 24 Dec 2019 10:37:43 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
be241535-2195-49f3-bda3-cb56be4e2d05
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
accept-ranges
bytes
expires
Tue, 24 Dec 2019 11:50:08 GMT
load-more-1.0.js
zdnet4.cbsistatic.com/fly/bundles/flyjs/js/components/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/bundles/flyjs/js/components/load-more-1.0.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/1912-fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
da52af54b0a90f89c3b6c3482a53119a588e68f99f3cb4d7af0e4460ff8e5016
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
577808
status
200
strict-transport-security
max-age=31536000
content-length
2472
x-xss-protection
1; mode=block
last-modified
Mon, 16 Dec 2019 17:48:35 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5df7c373-1f51"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Dec 2019 18:07:34 GMT
trp-promo-thumb.jpg
zdnet1.cbsistatic.com/fly/bundles/zdnetcss/images/core/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/fly/bundles/zdnetcss/images/core/trp-promo-thumb.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
ContentServer /
Resource Hash
41e1b82b530a565f139da63948d96402471dadea6e3e912578cc2de4426bbe41
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 10:37:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4267846
status
200
strict-transport-security
max-age=31536000
content-length
3552
x-xss-protection
1; mode=block
last-modified
Mon, 04 Nov 2019 19:20:35 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5dc07a03-f53"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Nov 2019 01:04:13 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
z.moatads.com
URL
https://z.moatads.com/cbsprebidheader506831276743/moatheader.js

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| NREUM object| newrelic function| __nr_require object| googletag object| cbsoptanon object| soastaTracking object| ZdnetPageVars object| ZdnetFunctions object| _sf_async_config number| _sf_startpt object| _cbq object| knownServiceWorkers string| bazadebezolkohpepadr object| cbsiGptDivIds string| _cbsotstate object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| receiveOTMessage function| __cmp function| UUIDv4 string| __tealium_data_guid object| utag_data function| requirejs function| require function| define string| urhehlevkedkilrobacf object| otStubData object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| $ function| jQuery function| renderAdCallback function| blankAdCallback number| _sf_endpt object| jQuery18307888095238075201 function| jsonFeed number| google_srt undefined| google_measure_js_timing object| Optanon object| OneTrust undefined| easyXDM object| AudEng object| URS object| Modernizr function| Waypoint object| debug string| adBlockCookieValue object| $tealium string| firstpgvar boolean| google_noFetch number| __google_ad_urls_id number| google_unique_id object| gaGlobal boolean| searchOpen object| $lastFocusedInput string| pageType string| waypointContextKey function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| _ function| Hls undefined| uuid function| addResizeListener function| removeResizeListener object| cvui object| uvpjs function| Class object| mpulseUserTiming object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| Moat#G26 boolean| Moat#EVA object| MoatSuperV26 object| DOMlessLLDcallback_24372735 object| MoatDataJsonpRequest_24372735 object| __core-js_shared__ function| setImmediate function| clearImmediate function| UUIDv1 function| clamp object| STR undefined| UUID object| Audit object| google_reactive_ads_global_state object| google_jobrunner object| google_ad_modifications number| google_global_correlator object| google_prev_clients

6 Cookies

Domain/Path Name / Value
.zdnet.com/ Name: ak_bmsc
Value: C29022FB947963D30782284505E9206D0210BA84120C00006BEA015ED1CA1564~plwCseO5ySAbMTJA1SOZSl8wKmJHrj6LTiPWKgiYBA8CEF4lrT+ANLiKi8CCha+wA5QcNa0Ado5N9kE/B9ofQne/pLClP2Eu2E3WPjFd04RMYOChKFG1wI9WkVmWqgKNKw5mBqW6zZPFY3XkxsahciRKXhMkKTn38M1d2FopXeH988W5EInjSoufyfbjjUN/s/OkB8Re4Up2dh/DKazWVT5CQ14CDOeOqhE9mjdp0FNQadf7syChixsEIutgzrg80cewRWYErB9lKDHXlg1uxej9K5SX5LvxoyNGqm/6UGkIVVbPmFkQ8Deg4/tppiWyPf6rPULqaAq2n8Ei1H6Bo8FQ==
.zdnet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Tue+Dec+24+2019+11%3A37%3A32+GMT%2B0100+(Central+European+Standard+Time)&version=5.9.0&landingPath=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthousands-of-servers-infected-with-new-lilocked-lilu-ransomware%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0&hosts=
.zdnet.com/ Name: fly_device
Value: desktop
.zdnet.com/ Name: fly_default_edition
Value: uk
.zdnet.com/ Name: fly_preferred_edition
Value: uk
.zdnet.com/ Name: fly_geo
Value: {"countryCode": "gb"}

49 Console Messages

Source Level URL
Text
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 724)
Message:
ADS: queuing nav-ad-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1185)
Message:
ADS: queuing intromercial-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1227)
Message:
ADS: queuing leader-plus-top-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1367)
Message:
ADS: queuing inpage-video-top-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1381)
Message:
ADS: queuing sharethrough-top-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1665)
Message:
ADS: queuing mpu-plus-top-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1769)
Message:
ADS: queuing dynamic-showcase-top-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1776)
Message:
ADS: queuing mpu-middle-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 1985)
Message:
ADS: queuing mpu-bottom-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 2002)
Message:
ADS: queuing leader-plus-bottom-5e01ea6a96130 for display
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_mpulse performance
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: _injectQueryStringGCP functional
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_chartbeat performance
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_tealium functional
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 30)
Message:
Loading iframes
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 39)
Message:
Ads loaded, npa flag: 1
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_urban_airship targeting
console-api log URL: https://zdnet3.cbsistatic.com/fly/1912-fly/js/main.default.js(Line 55)
Message:
Enabling services and refreshing ads
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_sharebar social
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_sharebar social
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_taboola targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_async_load targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log (Line 21)
Message:
Skybox - ClipCentric ::: creative id = 138297090465, pos = nav
console-api log (Line 61)
Message:
blank creative loaded: 138239368367 (641 x 321, pos=top)
console-api info URL: https://cdn.ampproject.org/rtv/011912050130240/amp4ads-v0.js(Line 412)
Message:
Powered by AMP ⚡ HTML – Version 1912050130240 https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
console-api info URL: https://cdn.ampproject.org/rtv/011912050130240/amp4ads-v0.js(Line 412)
Message:
Powered by AMP ⚡ HTML – Version 1912050130240 https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 38)
Message:
Sharethrough ::: creative id = 138289884860, pos = top, size = 11x11
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 164)
Message:
Dynamic Showcase Center container ::: creative id = 138247024569
console-api log (Line 51)
Message:
%c CBSi Skybox v2.2.030 background:#0080ff; color:#fff; border-radius:2px;
console-api log (Line 86)
Message:
[s] loaded
console-api log (Line 86)
Message:
[s] collapsed
console-api log (Line 86)
Message:
[s] video user listeners set
console-api log URL: https://rev.cbsi.com/common/js/cbsi_ads_skyboxKit.js(Line 1)
Message:
%c CBSi Skybox Kit v4.13 background:#369; color:#fff; border-radius:2px;
console-api log (Line 61)
Message:
blank creative loaded: 138239375180 (372 x 142, pos=)
console-api log (Line 61)
Message:
blank creative loaded: 138239375540 (372 x 142, pos=)
console-api log (Line 86)
Message:
[s] collapsed
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_taboola targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_async_load targeting
console-api log URL: https://www.zdnet.com/article/thousands-of-servers-infected-with-new-lilocked-lilu-ransomware/(Line 174)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ads.rubiconproject.com
adservice.google.co.uk
adservice.google.com
adservice.google.de
bam.nr-data.net
beacon-eu2.rubiconproject.com
cbsdfp5832910442.s.moatpixel.com
cdn.ampproject.org
cdn.cookielaw.org
clipcentric-a.akamaihd.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
geolocation.onetrust.com
googleads.g.doubleclick.net
js-agent.newrelic.com
mb.moatads.com
native.sharethrough.com
optimized-by.rubiconproject.com
pagead2.googlesyndication.com
production-cmp.isgprivacy.cbsi.com
px.moatads.com
rev.cbsi.com
securepubads.g.doubleclick.net
tag.researchnow.com
tpc.googlesyndication.com
tr.clipcentric.com
urs.zdnet.com
vidtech.cbsinteractive.com
www.google.com
www.googletagservices.com
www.zdnet.com
z.moatads.com
zdnet1.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
z.moatads.com
104.109.91.215
13.35.253.127
151.101.14.110
151.101.14.133
152.195.132.202
162.247.242.18
172.217.21.194
172.217.21.198
2.16.186.73
2.18.233.143
2.19.38.84
23.210.249.64
23.210.250.213
23.37.55.184
2606:4700:10::6814:b944
2a00:1450:4001:809::2001
2a00:1450:4001:809::200a
2a00:1450:4001:816::2002
2a00:1450:4001:817::2003
2a00:1450:4001:820::2004
2a00:1450:4001:821::2001
2a00:1450:4001:824::2002
2a04:4e42:1b::444
2a04:4e42:3::444
3.8.11.1
34.199.251.195
35.178.93.243
35.190.38.167
69.173.144.141
69.173.144.154
005414ad9d93e4cb677b5e4f87112b0ff6d3731b414bc425bfa1bb94c99a081a
0066a810481c1dafc6312552d564c3e1da1a2830f5aefc5d22a1f059b4191144
008c4174fd85893eba55f80ed4126a154a394733a5d57f74b62c3ed72edcae9b
01da7eb53f7d75ade20fa4b14996e403781cf51143798008d4742c8f1af3687a
0289758c8c964fbe0ec421527203b54fa728f037f3e023b002691158c82d7f98
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
087ad865dd67e71bd6eb7f0df7beaed33d2313610800db71f964ae5f3c223b75
0b02d7a500ed96bb84b65bbcb27ee8524a12424170a0f02aa8a0e4604df3d086
0b2b82ba31f5d420a68664c3d7276effda59946d491a56236c1fbfe358fcbe79
0be7c0b1357082908dcda5b85ad66c0bfcaa634a0398d7076d8302e8c6aa3b8e
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0fa3bf45a0f9da9644d82fd00b196b209c04afa53c30d61b789bb2986080ac71
108c9792bf1a8514e6c69e10e9850a848863bebb588972b3a415bce5993ffe6d
10c01f96805811a6b3ebd50e5f206404156f9d0b044755c0fbee8618bb5e1cf1
155935e0a93c8ec455550b190009b63e38f69b99ba20dbdc3da5dfe1271b89b7
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c
1730a685ed74811d4594ae30acdc9ded489bf647e8eb707c6d3110c65bdc20a5
174e26ff55a3395101cf44239a5ed2a9ac53130012ebcb53efe34cc54d15b9b5
179f3cc83c64c6613775e012c8bcbb2b1b562418e843e60b5e2448c6a870d651
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9
1d1e2a76dd121a407c23c68978927572be31c47476e07c4abcfaaf1f44789832
1d7f930f1af99074785dd6dd07ba73cf7cd2a190ae2738927af084585aed410f
1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b
201df1f09a06925738bdd6b40a197399a99e15858adffe922811cd860a48384f
216fd62bccc74ef4e4d35292cd4874e7072a4fb30685afb6235d894a3ec1a2df
233b77b67f146b7262ae381a567da517603d5a372a3dfe1e46c49149cb865c83
23d25ff8f81a3162113427184ab6ec47e754500148704320929cd274c01b8174
2424d4d0676494244257b830643c905eac8254d373e00bc0cf6a13158626921b
2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab
2c08b5b8f62b8b8ff7cf20b959f3e1c59131a6ab0b1b1acd9e53ca6c71faec1a
2d3e9015bb665cc4e62a0aada26a74311bf87ba40e12b896724f447a98e68a89
309e20d540054848c2bee4268a2ec8e37656da9e7d5f8084c6f66f4fd711aed6
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3b476aa1c93f76bee4eb278cc9bd2f2071c542ced56a4a8f2ede1dd3b0ac101f
3de2287fb8729e557307be699642a97d5ef27c55627d663133aa8278172c9a83
41e1b82b530a565f139da63948d96402471dadea6e3e912578cc2de4426bbe41
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
45408e7b8b5c05bd33821ec9fb87468ed4802c7a954fb2848cb4db205f4e3b50
49c2b87b19da4c288fec3db1a0a320b94665f96641ff40ed0ef39f8b14eea134
4c52ed8f9039265ffed7fdca0b967b2624325e6356433f437e044b0dd332cddf
4d565f67641c732365c3180ec1e37c7a987825faad3e8632de8a07a9101feedd
4e8768a712a10671295fe3350d2c371d1708c310735ce8d22be49d72b6c2445c
500aa465f5664e2d6fbdb9fcbde1900d4f1ecfc924dc7073567b62e7c605d0bf
51de604a7df5e1e7aea774b890e62e0f3ae349f8ca0dfc0a7e2d21bee34ef7b2
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
5ecc6a93ec2939faa8dbf80084346c7d940f5a2181ee69343810da52902eb92d
60155554674635d5cea4d717c6d8d0d5891258dc00db4427a94dec6c27f36c52
6033ab56a705519e380da5ab4bbea72f26899ecea7e62f51be86ba9796b57029
6109d5731632d64df9eb483fcde4fb912fbe0e95eab63b7db6739f7a3f6ee757
627128aa43dc242642c6d678f53ebface174b2a3a3de58522b644fd5c61c5f67
63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929
66ef1b7581d8ef7b82bfe2ca363a612a479d89b808e2241f68d3e8c75f4f06d4
68a684637fdf242a9f0a053e94e5c23aee96754ab6a977ba2d7e2cba8cc13c34
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6c63cc5063ac82d8bbc925f9a31adf3a87f1510c021e0fde51854d60484b5019
6de73873dd441f953668e77030299f082e0f3e6335bf944d88d44978162e6609
76a8c10e18b97bf1fcbb62af379ce300633f83462df2912bc613158df7837829
78e780a5f2d37b9e42ce78c9a6b875117cd42d3a540b10f670cfb97db2213c8f
7ad193fa05907a4d0f8d13e58f3cd21fbd109e51585777a614742b9e3671a0b6
7c220c41bdc21b3aefecbba0e8f5767b6ce437ee144078e81a766e2b882f3171
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
816ec7f0b489b0fd32872606d9458c49ac0d3f3fcbb901bd0a38f797d2eb14b1
8bc46e368fdb6af88f2ee39547a17ec85f526c37af80d5b8dc7a756eee9206c1
8c76886faa513840f447f579b3534ffcfcc59c1e55597b27d90b246a66df0345
8f3c628048bb8f1f65090540cef37dedb3da8c58713b2d76710c87c9060edde0
916ede50bb202623c667295d0409eb9e3535c965679a36ce567c0d1c54ba7649
95698b6af45a720fa13415398e77c20504c6ae8bf75e3a462e5aa1f67bc42b11
9a5d37f8875c93f05a42eba17dd0dd3529db70234feba6fb73cfc14936c3f47a
9b90c28b659560cba494ae3519975f5916adc948935bc3d8298af16f43fe9c5d
9c3c4cff97345d34610704580b4634771d2ec0f8f7c640e510e3d830e4a4ea0a
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9db8bd3e641dc88d54edf476a148e75e29b4e8ccd040cb340404d557578dcfbd
9e886732401f0a70067dc1553b126803c118522247d6f1146a352c733bc6f6ab
9effdf7fbd2e150dc990601de0e0c50ce0c860e42b456cb2974591f6202e4e4a
9f61195d926688e3fab06954f3556d5652a95527155cebc7fe6ed78c86d44823
a917f4179203230547c3fcb75808e5360c61fd052e072a851863f574cdcbd7b1
a9a723f6804ffe8fe8a32992982f630be7c335d33205c03f0ebf25a585adae0f
ab444ccd73b1918a9b7d1f14cb7dcc534101a6c941db1a883ac79b072d253d08
ab813da4d112ccf8f88888546b27946e14ecbf30ae9947e5068a60225f8c6f06
ab99b94ce42722a9b966906754075df92c870cb9ff1aa1c48920008806079153
ae169d9f8c643dd24fd2572302cccc569cdf74b2d2e304bfa3763269d5d77438
aeaf0fc5d905b101cd066bd6c8369e337a02db9de247615f802353a1b7cab062
b0e077c071d8cadd7f559a3bfba9b136c071a5a0bc7cb6d952171b5f427cfa11
b105bb3b88371b52236270b355f1657b62bcebb2141a2e67fd6439bf981b1d99
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b388700842c722b76892ae257a262436a354966566be5fc2fc06dcb7a006d49d
b7b8f73fa8376a0b9153c1a2e3cc9e13c8c5358f06998c3c48fec044c02dd765
ba2fa15976662b87f31dccdd53d415b927f2118760fdafc4ac21dd2c1b234ff3
bbf66af0fbea2327cb153d8abcb8d06de0f3baf752907f4c76f6872599773084
c01d825e8f03f4125b38f630b84c7a88201c319b4f94e5a6a787cd86b89543f0
c10bfe1ecd369e73d760429f2db94f52487c6d36f8e82255ba3cf6fbd159f221
c2bdfd6b334593875cb7e009a4ae681f003edf8118a0ae5bb7568216ece5d1d2
c4ac554a29af6e4d67d1905a04f6b55c21b008338e58f0722547511d366d5595
ca3e451f3858b9bf8761640362df506b91489aeaaf5ca75acdc60ed0a90c7857
ca977fdfa32b5304b22635faa808e8170d0c463505999196c03c6329fb84172b
cccbec95190851c8da73ae529a5ddcff2ebd012633dc02324e963703c6720508
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d02d0fb15b57b14b8f4c5a2170247c15d624d66950dfe39f3c75f8a55942058b
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41
d4bf85df37940345c4a0795bcc6556e480751e36f503425c25b1993071e90c9c
d54f94df1233ab7224af68f63fe3df27584c4c01d70b2e65bcdc774ba05c6b41
d6f28c2ecc7e7b603cead026b3febaa53ef60ef1ee17095ccaa5bfd465565e5e
d8859d58cb3d699e2e5e2f35d4727c9aee81be81a38eadc070ac9cd8c86cda74
d888280a72edc651af08047011eef087b2bc4d09580f91de2ffe09e22a52bdf0
da52af54b0a90f89c3b6c3482a53119a588e68f99f3cb4d7af0e4460ff8e5016
daf42032fb06c4234f0d4ed4a50a835bd11c76de3418e47028f52c358c4b7fe0
e1217573334153832a852ee5049d8c3019127c23035b448780c1bb8e92a14969
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9cac3eeba1fc86e06fdc013a4c52742e9b4bd14b7be6517321127d4515095ce
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1f342a3e85285f6192a4b04d741a3018a8be6e882da7d9180a869dac3823f8
efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd
f0c8ad030a90f1ee3cdcd5910587eab25da7bb0ec6f942d979bba4d506b38380
f213be31d540e30366635b474daedd9c0b46287d55429ec9ef7a4829361c6f01
f4137d9ab09cfb98d4f3088bcac8c079c4ff72c3aa5b4ab39f5f528c071b06bf
f7aa4714e096a10d27792f4c9f0f5a66d14c7e625d618bc2dcaa02c3b3113d0a
f8382dba15bcd7dfa87dea2054dd80f24c1a72334998edc12533adc753ec93c8
f92514f4e39c16da9037f964148a09a79419744b77d611860ffc81c86aeace0a
f96f203f5605c9f56e7f6f97caf6ea84f122872ec3c5ac1f9037a1b508c706ee
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
ff46f02f527d6845ad6933cf983aadde8fc88c4fe8bb3e752698c1f12b167d8e
ffa163db836c5dfbd95a1b7ef3b769a1e680808ff2d1b4488fa9c796d159abd1
ffaeeea8b8a09eda9e1eb2f2dc2c9ae055afb7fdbd4d88f57f324f8cad1d4ac5
ffb52510681d67679fe77107228a4ed815912af75db0da2b9cd7d38ae2c232cd