urlscan.io logo urlscan.io
SecurityTrails logo

www.zdnet.com Open in urlscan Pro
2a04:4e42:3::444  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://packetstormsecurity.com/news/view/31143/Hackers-Have-Breached-60-Ad-Servers-To-Load-Their-Own-Malicious-Ads.html
Effective URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Submission: On April 23 via manual from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 5 countries across 17 domains to perform 121 HTTP transactions. The main IP is 2a04:4e42:3::444, located in Ascension Island and belongs to FASTLY, US. The main domain is www.zdnet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 24th 2020. Valid for: a year.
This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.84.60.198 54876 (ROKABEAR)
4 2a04:4e42:3::444 54113 (FASTLY)
32 2a04:4e42:1b:... 54113 (FASTLY)
6 152.195.132.202 15133 (EDGECAST)
9 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 151.101.65.188 54113 (FASTLY)
18 172.217.21.194 15169 (GOOGLE)
1 35.190.38.167 15169 (GOOGLE)
14 23.213.165.236 16625 (AKAMAI-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
22 2a00:1450:400... 15169 (GOOGLE)
1 54.77.161.100 16509 (AMAZON-02)
2 52.50.187.27 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:1b:... 54113 (FASTLY)
1 1 23.53.41.201 20940 (AKAMAI-ASN1)
1 23.53.41.203 20940 (AKAMAI-ASN1)
1 2 2a01:4a0:1338... 201011 (NETZBETRI...)
1 104.96.151.249 16625 (AKAMAI-AS)
121 18
1    198.84.60.198 (United States)

ASN54876 (ROKABEAR, US)
PTR: 198-84-60-198.ash01.rokabear.com
packetstormsecurity.com
4    2a04:4e42:3::444 (Ascension Island)

ASN54113 (FASTLY, US)
www.zdnet.com
production-cmp.isgprivacy.cbsi.com
32    2a04:4e42:1b::444 (Ascension Island)

ASN54113 (FASTLY, US)
zdnet4.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet1.cbsistatic.com
6    152.195.132.202 (United States)

ASN15133 (EDGECAST, US)
cdn.cookielaw.org
9    2a02:26f0:6c00:181::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
c.go-mpulse.net
6852bd09.akstat.io
1    151.101.65.188 (United States)

ASN54113 (FASTLY, US)
at.cbsi.com
18    172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f194.1e100.net
securepubads.g.doubleclick.net
1    35.190.38.167 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 167.38.190.35.bc.googleusercontent.com
urs.zdnet.com
14    23.213.165.236 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-165-236.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
1    2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
22    2a00:1450:4001:81e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.be
adservice.google.com
www.googletagservices.com
pagead2.googlesyndication.com
adservice.google.de
1    54.77.161.100 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-161-100.eu-west-1.compute.amazonaws.com
mb.moatads.com
2    52.50.187.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-187-27.eu-west-1.compute.amazonaws.com
geo.moatads.com
6    2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a04:4e42:1b::645 (Ascension Island)

ASN54113 (FASTLY, US)
vidtech.cbsinteractive.com
1    23.53.41.201 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-53-41-201.deploy.static.akamaitechnologies.com
trial-eum-clientnsv4-s.akamaihd.net
1    23.53.41.203 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-53-41-203.deploy.static.akamaitechnologies.com
kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net
2    2a01:4a0:1338:28::c38a:ff12 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)
trial-eum-clienttons-s.akamaihd.net
fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net
1    104.96.151.249 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-151-249.deploy.static.akamaitechnologies.com
rev.cbsi.com
Domain Requested by
18 securepubads.g.doubleclick.net zdnet4.cbsistatic.com
securepubads.g.doubleclick.net
www.zdnet.com
www.googletagservices.com
14 www.googletagservices.com www.zdnet.com
securepubads.g.doubleclick.net
rev.cbsi.com
12 z.moatads.com zdnet4.cbsistatic.com
securepubads.g.doubleclick.net
10 zdnet2.cbsistatic.com www.zdnet.com
zdnet3.cbsistatic.com
9 zdnet4.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
8 zdnet1.cbsistatic.com zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
6 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
6 6852bd09.akstat.io zdnet1.cbsistatic.com
c.go-mpulse.net
6 cdn.cookielaw.org www.zdnet.com
cdn.cookielaw.org
5 zdnet3.cbsistatic.com www.zdnet.com
zdnet2.cbsistatic.com
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
3 c.go-mpulse.net www.zdnet.com
c.go-mpulse.net
zdnet1.cbsistatic.com
3 www.zdnet.com zdnet3.cbsistatic.com
2 px.moatads.com www.zdnet.com
2 geo.moatads.com z.moatads.com
2 adservice.google.com securepubads.g.doubleclick.net
www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 rev.cbsi.com www.zdnet.com
1 fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net
1 trial-eum-clienttons-s.akamaihd.net 1 redirects
1 kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net
1 trial-eum-clientnsv4-s.akamaihd.net 1 redirects
1 vidtech.cbsinteractive.com zdnet2.cbsistatic.com
1 mb.moatads.com z.moatads.com
1 adservice.google.be securepubads.g.doubleclick.net
1 geolocation.onetrust.com cdn.cookielaw.org
1 urs.zdnet.com zdnet2.cbsistatic.com
1 at.cbsi.com zdnet4.cbsistatic.com
1 production-cmp.isgprivacy.cbsi.com www.zdnet.com
1 packetstormsecurity.com 1 redirects
121 30
Subject Issuer Validity Valid
*.zdnet.com
DigiCert SHA2 High Assurance Server CA		 2020-01-24 -
2021-06-18		 a year crt.sh
*.cbsistatic.com
DigiCert SHA2 High Assurance Server CA		 2019-02-22 -
2021-02-26		 2 years crt.sh
sa437gl.wpc.edgecastcdn.net
DigiCert SHA2 Secure Server CA		 2018-05-17 -
2020-08-19		 2 years crt.sh
*.isgprivacy.cbsi.com
DigiCert SHA2 High Assurance Server CA		 2019-10-07 -
2021-10-14		 2 years crt.sh
akstat.io
DigiCert SHA2 Secure Server CA		 2019-04-16 -
2020-06-14		 a year crt.sh
*.at.cbsi.com
DigiCert SHA2 High Assurance Server CA		 2019-12-17 -
2021-12-21		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-03-17		 a year crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA		 2018-03-12 -
2020-06-14		 2 years crt.sh
*.google.be
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh
*.moatads.com
DigiCert SHA2 Secure Server CA		 2019-03-12 -
2021-06-10		 2 years crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-04-01 -
2020-06-24		 3 months crt.sh
vidtech.cbsinteractive.com
DigiCert SHA2 High Assurance Server CA		 2018-12-13 -
2020-12-17		 2 years crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1		 2019-08-13 -
2020-08-12		 a year crt.sh
www.cbs.com
GeoTrust RSA CA 2018		 2019-04-23 -
2020-07-22		 a year crt.sh

This page contains 15 frames:

Primary Page: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Frame ID: 3E6D58679A4FCBA782A5DB230A0DEBB6
Requests: 78 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: EFE828F9A48A50F30758545138C564D6
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuF5-Ulrkk1ZBy9KqWgBrkcKd36bE-FbPX9y6R14f13i7Sgqbhg015bZHc2Jo2VkIq7s1ABKkxt7NCPUbHbYN4pPcm7B-kr_xwtfiIgg9eUg2QG7ptAbyqWefd5KC3_FL4HVH8i1yXU04r-uQEpz9jOOrxPsYoC-P9kC2R9VW5BWhB-I4E9nLWH8K0Dwr6WmgWf-0R6RTxqq6-NfTdnAyPQeYbeUYRZUovhFpfrv7yZDo_UvPgxRUz-Bys7ll3umIW4TUNWp634&sai=AMfl-YQdAhML5_VnOOEHT1zndDhlahd3zkNJpLtq-nlgnC885rnW5qw_ba4jatWHOJ9ddLfMfC0UeFHK5zgHmJGbmet1JbjaMwwdtwONzsT48A&sig=Cg0ArKJSzAnFLdH7vPwJEAE&urlfix=1&adurl=
Frame ID: 90B839CCD6C785E6091025AD6B2AA8A8
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQg34a8L0ffyH4Eq44NpSwGbOpuAuhVdtOwjdFQ8zFW49HdkUpdBE0KnoXO1jM4WKCvVBQROcTaEyzfNR8gWk2Pec42Zabx-AxCm99W8nMgqlbrOG1vwwTGpbZzXWi3aoHfpDrW_a6UdDWpJ0O4NFiAqhRaVRS6DALdG1536sv_51ZZpqj8vk6Z6lR1_mwDdFc_-oPDQY_iqYk8z09nA25XJKMZ7SjtoumEc_j0JfajlKeBmi6Yv3GX_SFl7F0dg5hgZhThgyx&sai=AMfl-YTnHvS8EN4jEwB2CsiiEZZ3eh9DYA0GZKHYG_QuGjs-RZQ22hjX8uUomu7Uym9lMA7f9OS1-VargJFLM5rMoWqOkfGIUvJqXsHjrOOXOA&sig=Cg0ArKJSzPakZwfm58V8EAE&urlfix=1&adurl=
Frame ID: 50879D9479FE0F6C6584632E153B0E9F
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuiCtGqqkHafo-ybfyTLSAKq6HSPXzOFPA17X2CtTTf6RpB-4nQhSlVckzARmNNshSode3XFmpEmhJyJY2FIZD8XSyLFfXrtzx0QaGJ_qqgwLQs5q1Qz-xCHOTMIGKbDDwh8cai6TnLtJ1MuNSn0pfHaQF-FKBxAT0u-1Nhw2dOCfqXAfh0mSHhpW4bj6eW5JvHni5THRo_HZHe2msHuG3ZwW_Lxp7608pjJcL0DHBLR9E7vApvumjv6gVlVdnQP5ugSCc51hc&sai=AMfl-YRLvREZGyFVcMNMORLh_l3IhvSDSxmgO3-f9-hXy5-1Qd5v7ziSY8XbhS3ZQHpzldrk-heUKVyzKeq_bp4EgDElw36O-K74Q8R7cbf7yA&sig=Cg0ArKJSzN8CpurZR94CEAE&urlfix=1&adurl=
Frame ID: 64EB018EBE58323DC1EE799CE70F8836
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssjyWuLHw72rEBdtUPPO0aAKyTBmq8ddqcNsPlmeYr5bNjjEUEN6ilET4WXfEzEx0ZfcZwqks89P5it97IGvmVW7wxzJsmLUpMyGU53A39MW1zlky0zvKndevdDdT6RoZlGqJOzv0lB0j7uwEDK8XgZm5zF4hovgw8sFIxAf6uAwl09i2wtTBJhbJMrEczNRUwCWTfHWraJt8G0Oob7tc2_XBdktDqBOZsYTHkWJAsydnFP_x8jGWrxhNuP4VAQk2eiNmv2yYPe&sai=AMfl-YTH0Ua00f-UQPnJr8wA-061TgaJkjAanwduRpl-rFHQCyc3sas5YFuz0eoxHHfnWZnIfUklLAE5HeszVqFEklqi6GaYjWoEZCcR2stBNQ&sig=Cg0ArKJSzOyQmQ9GA8HzEAE&urlfix=1&adurl=
Frame ID: 607B5519F4AEFD5211BE890DF4C0FFC4
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsufFCKwgAycWyVIXQAl6b2rYM4yq3oP6-C1jsWx2OvKzwvzTgZuM3wsQzyjTZhZVgzdI8_Palu9PJCjnMNXSvrpHDn-5MOYZgpuB363DQExOs6DvZN-dCjNQaZrGIzU2tCQOJ1Gr80fOoeqDM-lx9VVhQdB2Et2u9DQ2pb2Z4PuzE97IsMq4dHS8Tlf19luA1FiH8j6hwUacQB2_jfXOZP866xi1TUVIV4e8Fk6VyjoUFZxKI42tusGU7yCSI4UMbAxfOvIwb20&sai=AMfl-YQzR_IRgjimTWLGFDMNzdWo4-l-LSKFWoS2Fm972EE_yg6wKKAtRAF1GoHSx_nt2OyW2SUme6czSMaaJGfeAXqK25nEQ7egqRsD_WmV3Q&sig=Cg0ArKJSzJxGOhIusSwUEAE&urlfix=1&adurl=
Frame ID: D0F9E0C6B93AD42D30C889D6E7FD9806
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnkr838BDIK9HmyZTeYWYudEyaQuqDH_PiH7u7skgGxCxhPfEhVwqqzZr_vIPN1Pgya-xeMwtObezW-cS6TIBMteA5scvpgK6-RCGz-0cz8kQ8iWcxygWrJpoHX_bUwOFlWLSW8CizSU_5zkUzV1CD29tmMu3N65icDCCvpda8MCaizGrP8h2fJvI-a6VCfZQcbtPVmeztiPDGfhBj9KpbcEtw4lzCzmHFxJ7LcsiZx_NN2XkJH3DMRh0pxVYoB5ASWEFghCbb&sai=AMfl-YQo0O1XQd_2KAVlyNaqsCUpS7tNchvdyWpAWWUi2Z7aAgsxtXLp3Mhxkk4PL52hIehhxLBh5iKlgf8MqRtqf-ObvS1_eagw5uQ86E1Siw&sig=Cg0ArKJSzMzwDwondY0TEAE&urlfix=1&adurl=
Frame ID: 4B5838A7E5116D6D0CA669EA4003FF19
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFz8CYubEgyXLhgqk7x4HgLgpPintRW7XHnyXIgbX-_w_KeWw5NyZvSfYlrFSC0a5dINNUL3gbxK-ft6Oso8TF0ZOCd2Bm1f3M7FEc8uXjlkEoieMmazTbgi43J5icVQzKuONgYpZMRoDOJNqw5UGPr5hCFGEEdawbh8X-5Iid7N664OHa1xk6pA9FQRKCoiZfOm97M2w282WWdBK8ym6ddOudcvsjGkUQpHthSuVKFgR9YgiA6sYvgq99SpbGnFQFmw7Er5tw&sai=AMfl-YSZJ1H7v1UEu2acr3Vn3l9aIxnC9afmNuiaUyhKY2EUYs_EB8OFR43HBn344Csfh_aS6ds_F-NKyUdGYRCqxm2LgDHXmuD085W2BbfnQg&sig=Cg0ArKJSzF-UbCl1-asGEAE&urlfix=1&adurl=
Frame ID: 1ECAFBF67E2147BCDCA3859F07F4DC68
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_z11qSHigZIwmYS62u9UYfxonnkNVuj_nG6qj-PzNSUcdTR_x9nIA9eLTO8XQ5Lfz2G2ujeovCrxVh5j-xqpzWgW5NkalxkxKSom6Kbx2FNcQKcqTCzD6T6-sTVqMvnDDazV9skeubbX115Se39yoYzloaSnAjZp5UeU07PzoLMD9RgKyoDP2zBFtzgvowUpr2zSzbiONlgyVc90-Af9uFrLomWueviFF66FIGDFB4epn-T3hAiXF4XN9mSq8ES30VYa4EpO6&sai=AMfl-YQTN-o3ujC6jaFv5_EG0iEakc6TKqSugnLN2C6Ph-NLW5g4-ElmIxahnZenU93Lg009001Jaf3rhOHYxj5KOyblFUbG73hMexTNocTjog&sig=Cg0ArKJSzHdrwmroRIJYEAE&urlfix=1&adurl=
Frame ID: D99E459C8F954C8EBC497419C84FA261
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJKg6As-Ubt5Bb3Jaf_X9SZRTGWBzFiegMlwp_ntCrAcm_vAG4mUIO17DRg98ERj7Je8Uq1ej5doXST27IQNXt_k078_TvYoARtAjFe0RosQ5m7HnjpHSp7VVgFzQAItOICxrxk1NBQ-0mSNvQtLWC0AduqkitlTeJPSIKJG1b2Ub-eNm83ZiuFkGTTyMuKFeSc88WTirBqqz6xMCJg6M9mxu29WnwOiAsq-ugAO3rlYPxrffhjiYJE2MyX1kW4JAHxpREv9Vs&sai=AMfl-YQ_1MvY-Tw29uS5mrBBSsOcPkm_pco2RTxsuUJvT5XMMHJGLU2utUVn8Dm-35l9_RF9a_juolLks9b78ffGz1If1Yb9LVK0X3AqufH1LA&sig=Cg0ArKJSzHbmORndXJBtEAE&urlfix=1&adurl=
Frame ID: 54E98BDBC49237059BD3FE915E953381
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 0C1453BAE274874D3920C6A39391135D
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuXRyP5hXStZwYsmOTGpmAd-xQa7poW-nOH6mm-REIkYZADG35hL0uNGIkvPKoouyB2YrF6WFaERbceyCIQFw5cp_t28koIPMlj-fYPCHFCkeYhx5JjDmn6Xa9SSNQh9Oa4i331VCjd50QjpywYYYCYmdQ6Y5Lf-LBREM3hZ6_AktN57OGZfmX2tq0JpYkC6LrRZH0ZLIGnZXZYPwBLRV0NDwDm4MdN50raifp1HyKB27upleaHinocU4kXHp7YJU3ZlyPKpfl2&sig=Cg0ArKJSzO6-aWjrjXErEAE&urlfix=1&adurl=
Frame ID: 2CF7E159778EF20D6624DEA1BDA7E538
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss1rypYxr-r9ndPl2JOaJMpFXahUJP1y6IZrrGV4K7xVp0ddlqy-xF7oRezJA2yjeAphc17rxp6WrhwI2MgHNGHcvp7YxgghbX5ohMFrA6P4e2YF7WJWZLe8l5irP07qW4B91sR1zYzRHcwozSJykiWJVx3KFg6to0gAn1TcQTqQUjRv4Fg-Xa64fAecV9L2DuSh6sM96gRXtusH4Fvn-A3QfSVhHzi1Dqlx1t8JDMusNGu95RlDHxGaKc-8w3uFfe9lf3HhIDT&sig=Cg0ArKJSzPxWo5YuemFaEAE&urlfix=1&adurl=
Frame ID: FB11527DC5AB57DC0317C4FBD61ADB5A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: CAB5304D9766603D52692382EFEFB6C6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://packetstormsecurity.com/news/view/31143/Hackers-Have-Breached-60-Ad-Servers-To-Load-Their-Own-Malici... HTTP 302
    https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/ Page URL

Page Statistics

121
Requests

100 %
HTTPS

42 %
IPv6

17
Domains

30
Subdomains

18
IPs

5
Countries

3238 kB
Transfer

9488 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://packetstormsecurity.com/news/view/31143/Hackers-Have-Breached-60-Ad-Servers-To-Load-Their-Own-Malicious-Ads.html HTTP 302
    https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pa8c7c5is HTTP 302
  • https://kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net/eum/results.txt
Request Chain 72
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pa8c7c5is HTTP 302
  • https://fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net/eum/results.txt

121 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Redirect Chain
  • https://packetstormsecurity.com/news/view/31143/Hackers-Have-Breached-60-Ad-Servers-To-Load-Their-Own-Malicious-Ads.html
  • https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
512 KB
145 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9cdc047556347546740925a2f73094df2f1b74793496727128c3ec1df6d08994
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.zdnet.com
:scheme
https
:path
/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
content-type
text/html; charset=UTF-8
x-tx-id
86523a49-de9c-4ffd-bd66-c6db76e47305
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
x-frame-options
SAMEORIGIN
access-control-allow-origin
https://www.zdnet.com
content-encoding
gzip
set-cookie
nemo_highlander=share_bar:3:control; expires=Wed, 06-May-2020 14:00:00 GMT; path=/; domain=.zdnet.com; secure fly_geo={"countryCode": "de"}; max-age=604800; path=/; domain=.zdnet.com; Secure; fly_device=desktop; max-age=604800; path=/; domain=.zdnet.com; Secure; fly_preferred_edition=eu; path=/; domain=.zdnet.com; Secure; fly_default_edition=eu; path=/; domain=.zdnet.com; Secure;
date
Thu, 23 Apr 2020 09:59:21 GMT
cache-control
max-age=5400, private
expires
Thu, 23 Apr 2020 10:40:21 GMT
vary
Accept-Encoding, User-Agent
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
147887

Redirect headers

Server
EMX
Date
Thu, 23 Apr 2020 10:00:06 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
282
Connection
keep-alive
Location
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=3600
main-05d1a181c6-rev.css
zdnet4.cbsistatic.com/fly/2058-fly/css/core/ 		350 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/2058-fly/css/core/main-05d1a181c6-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
96eec2195ea9f4028709cfca9d9ba8195fb54a1196cc100944798e46d9c23e40
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65885
status
200
vary
Accept-Encoding
content-length
64432
x-xss-protection
1; mode=block
last-modified
Wed, 22 Apr 2020 15:29:11 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5ea062c7-57894"
strict-transport-security
max-age=31536000
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Apr 2020 15:41:16 GMT
controls-7094677ecb-rev.css
zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/css/video/htmlPlayerControls/controls-7094677ecb-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
5343bfe5831996d45ff0866a47e37479c7cf5b961dc0a543ed9ee928f1549a7d
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65885
status
200
vary
Accept-Encoding
content-length
3745
x-xss-protection
1; mode=block
last-modified
Wed, 22 Apr 2020 15:29:23 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5ea062d3-4563"
strict-transport-security
max-age=31536000
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Apr 2020 15:41:16 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8AAA) /
Resource Hash
8e00ebebe053ff93e139bab1a80ced2517b33572ab374ae641e0e1cfed58d8e0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
content-md5
G/X2RBBTDYd/Pr5BumVN6w==
age
4893
x-cache
HIT
status
200
content-length
3742
x-ms-lease-status
unlocked
last-modified
Fri, 17 Apr 2020 16:45:06 GMT
server
ECAcc (ama/8AAA)
etag
0x8D7E2EEAEFE644D
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
dd89f5a8-701e-0156-514a-1976c3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Thu, 23 Apr 2020 13:59:21 GMT
optanon.js
production-cmp.isgprivacy.cbsi.com/dist/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://production-cmp.isgprivacy.cbsi.com/dist/optanon.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1d93d85e9887c861e43962220f8ae363c16197932c5ffa3620eb42bb3c216a99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1956
x-cache
HIT
status
200
x-cache-hits
132
vary
Accept-Encoding
content-length
10074
x-xss-protection
1; mode=block
x-served-by
cache-fra19157-FRA
access-control-allow-origin
*
last-modified
Tue, 31 Mar 2020 23:59:57 GMT
x-timer
S1587635962.967300,VS0,VE0
x-frame-options
SAMEORIGIN
etag
"b7a27fff8da8a3fc715c5003c0e1ea15"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript
via
1.1 varnish
access-control-expose-headers
X-CDN
accept-ranges
bytes
x-amz-id-2
sfcM9mL7kekjho/vqryuJ4sStIeLBJASIeXM3dVMqmRyO7A1yJulwsRQ+JW/fDPMsIHAJ0VKCQE=
bidbarrel-2.12.js
zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/ads/ 		348 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/ads/bidbarrel-2.12.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
83cbc7b54092b1bc2080b2ef7a7096e2c125a21a8b58895fa2cccd7e0a03d89d
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
226599
status
200
vary
Accept-Encoding
content-length
111609
x-xss-protection
1; mode=block
last-modified
Mon, 20 Apr 2020 13:38:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e9da5e2-56e18"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Apr 2020 19:02:42 GMT
catalin-cimpanu.jpg
zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/ 		907 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2018/08/21/a59867e9-8d75-40af-a87c-690638f8afa4/thumbnail/40x40/e9e4d21a35e101b1402c656cf979114c/catalin-cimpanu.jpg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
70d1b63641ae86512ee80c400ae1c15c7b5d723d2c9517a75f7637b22707e13f
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5331084
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
865
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"621461af90cadfdaf0e8d4cc25129f91"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
malvertising.png
zdnet2.cbsistatic.com/hub/i/2020/04/21/183dcb18-ef6e-457f-9fb2-c3bc3a65c292/ 		14 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/2020/04/21/183dcb18-ef6e-457f-9fb2-c3bc3a65c292/malvertising.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
9aa78b89d6962ca7c0196027ff48d9af7f04d9c3097d5529071a6e0642808d05
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74562
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
13447
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"131632cb7eeb986974e1be59af67e8fe"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
require-2.1.2.js
zdnet2.cbsistatic.com/fly/js/libs/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
254666
status
200
vary
Accept-Encoding
content-length
6288
x-xss-protection
1; mode=block
last-modified
Wed, 15 Apr 2020 17:29:04 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e974460-3f88"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Apr 2020 11:14:54 GMT
YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
c.go-mpulse.net/boomerang/ Frame EFE8 		202 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 23 Apr 2020 09:59:21 GMT
Content-Encoding
br
Last-Modified
Wed, 11 Mar 2020 17:14:33 GMT
Server
Akamai Resource Optimizer
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800, s-maxage=604800
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
51580
truncated
/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		917 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
mag-white01.png
zdnet2.cbsistatic.com/fly/1587569191-asset/bundles/zdnetcss/images/core/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1587569191-asset/bundles/zdnetcss/images/core/mag-white01.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet4.cbsistatic.com/fly/2058-fly/css/core/main-05d1a181c6-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65885
status
200
vary
Accept-Encoding
content-length
936
x-xss-protection
1; mode=block
last-modified
Wed, 22 Apr 2020 15:26:31 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5ea06227-4f1"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Apr 2020 15:41:17 GMT
logo.png
zdnet2.cbsistatic.com/fly/1587569191-asset/bundles/zdnetcss/images/core/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/fly/1587569191-asset/bundles/zdnetcss/images/core/logo.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zdnet4.cbsistatic.com/fly/2058-fly/css/core/main-05d1a181c6-rev.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65885
status
200
vary
Accept-Encoding
content-length
4128
x-xss-protection
1; mode=block
last-modified
Wed, 22 Apr 2020 15:26:31 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5ea06227-1009"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Apr 2020 15:41:16 GMT
Semibold.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/2058-fly/css/core/main-05d1a181c6-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
x-content-type-options
nosniff
age
4823961
status
200
vary
Accept-Encoding
content-length
20344
x-xss-protection
1; mode=block
last-modified
Thu, 27 Feb 2020 13:35:38 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5e57c5aa-4f78"
strict-transport-security
max-age=31536000
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Feb 2021 13:59:59 GMT
Regular.woff2
zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://zdnet4.cbsistatic.com/fly/2058-fly/css/core/main-05d1a181c6-rev.css
Origin
https://www.zdnet.com

Response headers

date
Thu, 23 Apr 2020 09:59:21 GMT
x-content-type-options
nosniff
age
4823962
status
200
vary
Accept-Encoding
content-length
20256
x-xss-protection
1; mode=block
last-modified
Thu, 27 Feb 2020 13:35:38 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5e57c5aa-4f20"
strict-transport-security
max-age=31536000
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Feb 2021 13:59:59 GMT
client-info
at.cbsi.com/lib/api/ 		99 B
339 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://at.cbsi.com/lib/api/client-info
Requested by
Host: zdnet4.cbsistatic.com
URL: https://zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/ads/bidbarrel-2.12.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.188 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
78f6f98c51a18c6cb355a576bb80ee274c17a4bdd1c7b3300cf2c47ad57eadf1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
via
1.1 varnish
x-cache
HIT
status
200
content-length
99
x-served-by
cache-ams21058-AMS
server
Varnish
x-timer
S1587635962.129470,VS0,VE0
strict-transport-security
max-age=300
access-control-allow-methods
OPTIONS, POST, GET
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
*
retry-after
0
x-cache-hits
0
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: zdnet4.cbsistatic.com
URL: https://zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/ads/bidbarrel-2.12.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
sffe /
Resource Hash
c840af2963c98ac6d0739a188c8c02f81a14b0a351fac4c878e7047e0d2797ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"494 / 820 of 1000 / last-modified: 1587436183"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14273
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:22 GMT
bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c.json
cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B5A) /
Resource Hash
3e197065a7140de42dd208e9d62e19a1dffb7849965296e2c57fa2d12fa692ae

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
content-md5
lt3wTQAVMGYQppuN62v4Ow==
age
3731
x-cache
HIT
status
200
content-length
1109
x-ms-lease-status
unlocked
last-modified
Fri, 17 Apr 2020 14:56:29 GMT
server
ECAcc (ama/8B5A)
etag
0x8D7E2DF82CCB9CF
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
abd8bc35-b01e-0044-294d-19048a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Thu, 23 Apr 2020 13:59:22 GMT
main.default.js
zdnet3.cbsistatic.com/fly/2058-fly/js/ 		223 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
38b105aaaea628c1b123cc6c484b947929d2465ad1b01ac0c9342ba21f6d5336
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65884
status
200
vary
Accept-Encoding
content-length
74660
x-xss-protection
1; mode=block
last-modified
Wed, 22 Apr 2020 15:29:26 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5ea062d6-37b22"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Apr 2020 15:41:17 GMT
config.json
c.go-mpulse.net/api/ Frame EFE8 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5292120&v=1.632.0&if=&sl=0&si=t19k22ivsnr-q98jqy&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,LOGN&acao=
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
8bb184667d003389ad5cb0c15e7df00c2bd8ffb8b74f514ffdae6e90ca6b6156

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
821
urs.js
urs.zdnet.com/sdk/ 		50 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://urs.zdnet.com/sdk/urs.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.167 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
167.38.190.35.bc.googleusercontent.com
Software
/
Resource Hash
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
via
1.1 google
last-modified
Mon, 13 Apr 2020 17:57:02 GMT
etag
"5e94a7ee-c803"
content-type
application/javascript
status
200
accept-ranges
bytes
alt-svc
clear
content-length
51203
moatheader.js
z.moatads.com/cbsprebidheader506831276743/ 		200 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Requested by
Host: zdnet4.cbsistatic.com
URL: https://zdnet4.cbsistatic.com/fly/bundles/zdnetjs/js/libs/ads/bidbarrel-2.12.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
3e739d0fcd6811c6f2c97393b66431eda17c61ebbdd01b88344e90a7a7a90c0b

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 17:17:53 GMT
server
AmazonS3
x-amz-request-id
2F52957EE95F74B5
etag
"6d1c9d5f2e90a2e13a74e809a3b63438"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47365
accept-ranges
bytes
content-length
72041
x-amz-id-2
erHGcDMDyXjsPezNRAPhciEyv/6nrNGeiXc/vnNEMeqYagurtqazjCBk2v9+ltN1LYQGDAGEKXU=
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		161 B
530 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48b9b9c50fd14ec46d7bafe5857e5aeeb945e25a79f678f31f02d2c2761e5971
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5886bb3bcf96d6c9-FRA
cf-request-id
024813595c0000d6c983a34200000001
mpulse-1.0.2.js
zdnet1.cbsistatic.com/fly/js/libs/ 		61 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
492792
status
200
vary
Accept-Encoding
content-length
13447
x-xss-protection
1; mode=block
last-modified
Wed, 15 Apr 2020 17:29:04 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e974460-f278"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 24 Apr 2020 17:06:08 GMT
integrator.js
adservice.google.be/adsid/ 		109 B
839 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.be/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
839 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020041602.js
securepubads.g.doubleclick.net/gpt/ 		167 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020041602.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
sffe /
Resource Hash
82bbd04adfca6dbbc54fbcff55f4db8bc1f66d7ccfe36820480be504d94d905d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Apr 2020 16:34:23 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
62526
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:22 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/5.15.0/ 		303 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/5.15.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B50) /
Resource Hash
e7feb1384d2175253d0749fb7bba1cb865b9c725d3a93599fbd874af6c4d00b0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
content-md5
SNw92guH7JP3DNTmnwORRQ==
age
11745
x-cache
HIT
status
200
content-length
67969
x-ms-lease-status
unlocked
last-modified
Fri, 17 Apr 2020 16:45:07 GMT
server
ECAcc (ama/8B50)
etag
0x8D7E2EEAFE013C1
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
42bd9ef7-901e-001c-303a-1900f1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Thu, 23 Apr 2020 13:59:22 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1587635962251&s=45da43e0193c68e82c63545dbbb529bb91bf032dbb0a4a07424cbe6688be41c5
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b18ef7898c68f185595b98ae3484d569ad5599e6e2e0c261105f6e76b5977e4d

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
777
en.json
cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bac19328-3673-4434-b575-5b669b4d361d/ 		99 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/bc1ecd99-9ce4-4c1a-97f9-51121cc6da4c/bac19328-3673-4434-b575-5b669b4d361d/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.15.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8AE7) /
Resource Hash
7444a4f95aa54b94261f01f7bc26d3fcd45f723643698a54412fc8dea4267179

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
content-md5
JkkEaTxAkJvZn6QW+OIVuA==
age
3507
x-cache
HIT
status
200
content-length
17844
x-ms-lease-status
unlocked
last-modified
Fri, 17 Apr 2020 14:56:34 GMT
server
ECAcc (ama/8AE7)
etag
0x8D7E2DF85B23C5B
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
b8cfaad4-701e-001d-3b4d-19010c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Thu, 23 Apr 2020 13:59:22 GMT
/
6852bd09.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6852bd09.akstat.io/?h.pg=article&h.ab=share_bar_control_3&when=1587635962254&cdim.Site_View=desktop&t_other=custom0%7C1415&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=58403dead74b9e6eabcaa3e42907ade64199378f&h.t=1587635962270&http.initiator=api&rt.start=api&rt.si=d41b699f-e9e9-440d-ade9-5a19d09d9d58&rt.ss=1587635963739&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 23 Apr 2020 09:59:22 GMT
yi.js
mb.moatads.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/yi.js?ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&th=341666498&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=00&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&confidence=2&pcode=cbsprebidheader506831276743&callback=MoatNadoAllJsonpRequest_53160917
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.161.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-161-100.eu-west-1.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
e13a522607a6aa275416565aa38e464c73b950ac3c99f490a96d78860cc84e2a

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
server
TornadoServer/4.5.3
etag
"c230c8c2787cf91d09ea802085ba7f7cb90c2c6b"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
2037
n.js
geo.moatads.com/ 		126 B
300 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&th=341666498&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=00&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&confidence=2&pcode=cbsprebidheader506831276743&ql=&qo=0&i=CBS_PREBID_HEADER1&hp=1&wf=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=11&f=0&j=&t=1587635962301&de=67182419747&rx=281853384303&m=0&ar=6ba875f-clean&iw=2ec19fd&q=1&cb=0&cu=1587635962301&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&id=1&bo=undefined&bd=undefined&gw=cbsprebidheader506831276743&fd=1&ac=1&it=500&pe=1%3A1240%3A1240%3A0%3A1239&fs=178191&na=1669215785&cs=0&callback=MoatDataJsonpRequest_53160917
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsprebidheader506831276743/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.187.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-187-27.eu-west-1.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
18a55e7bcc430701ed2ce74ce34f8592214be86ec6cae2e10cc04736d2541c35

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
server
TornadoServer/4.5.3
etag
"cc1479bf22530ecc20e39be99822fd38f9ad8005"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
126
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&t=1587635962301&de=371999031543&d=CBS_PREBID_HEADER1%3ADesktop%3A-%3A-&i=YIELD_INTELLIGENCE_INTERNAL1&ar=6ba875f-clean&iw=2ec19fd&zMoatRendered=0&zMoatSlotTargetingLoaded=0&zMoatSlotTargetingSet=0&zMoatPageDataTargetingSet=0&zMoatSafetyTargetingSet=0&zMoatEmptySlot=0&zMoatNadoDataLoadTime=Not%20Loaded&zMoatAllDataLoadTime=Not%20Loaded&bo=zdnet.com&bd=zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads&ac=1&bq=11&f=0&na=209969913&cs=0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Apr 2020 09:59:22 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 23 Apr 2020 09:59:22 GMT
/
6852bd09.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6852bd09.akstat.io/?h.pg=article&h.ab=share_bar_control_3&when=1587635962254&cdim.Site_View=desktop&t_other=custom1%7C1418&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=58403dead74b9e6eabcaa3e42907ade64199378f&h.t=1587635962270&http.initiator=api&rt.start=api&rt.si=d41b699f-e9e9-440d-ade9-5a19d09d9d58&rt.ss=1587635963739&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 23 Apr 2020 09:59:22 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/5.15.0/assets/ 		17 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/5.15.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.15.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8AC7) /
Resource Hash
e60d72219eb682a93fea26976d93acbe542afdd65065fd1e05c393d8dd996a30

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
content-md5
t6/RJMDrcGAB0h5aUVNNUA==
age
2818
x-cache
HIT
status
200
content-length
3207
x-ms-lease-status
unlocked
last-modified
Fri, 17 Apr 2020 16:45:04 GMT
server
ECAcc (ama/8AC7)
etag
0x8D7E2EEADB246F5
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
81462682-f01e-016e-3f4f-19379a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Thu, 23 Apr 2020 13:59:22 GMT
otPcPanel.json
cdn.cookielaw.org/scripttemplates/5.15.0/assets/ 		93 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/5.15.0/assets/otPcPanel.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/5.15.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.132.202 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/8B31) /
Resource Hash
6c9ba076312d706e7a2c79aa15b2c7a50610191232a333f5504e8d8eded22ed7

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
content-md5
i6l2TsZCNu53HRj/pGXS7Q==
age
10758
x-cache
HIT
status
200
content-length
18788
x-ms-lease-status
unlocked
last-modified
Fri, 17 Apr 2020 16:45:04 GMT
server
ECAcc (ama/8B31)
etag
0x8D7E2EEAE12C804
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
1a9fe312-301e-0011-213c-19effd000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Thu, 23 Apr 2020 13:59:22 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		156 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2759763276195385&correlator=3688684385360075&output=ldjh&impl=fifs&adsid=NT&vrg=2020041602&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200423&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=5x5%7C7x7%2C728x90%7C970x250%7C970x66%2C300x250%7C300x600%7C300x1050%2C300x250%2C371x771%2C641x321%2C300x250%2C320x50%7C11x11%2C728x90%7C970x250%7C970x66&fluid=0%2C0%2C0%2C0%2C0%2C0%2C0%2Cheight%2C0&prev_scp=pos%3Dnav%26sl%3Dnav-ad%253FT-1000%7Cpos%3Dtop%26sl%3Dleader-plus-top%253FT-1000%7Cpos%3Dtop%26sl%3Dmpu-plus-top%253FT-1000%7Cpos%3Dmiddle%26sl%3Dmpu-middle%253FT-1000%7Cpos%3Dtop%26sl%3Ddynamic-showcase-top%253FT-1000%7Cpos%3Dtop%26sl%3Dinpage-video-top%253FT-1000%7Cpos%3Dbottom%26sl%3Dmpu-bottom%253FT-1000%7Cpos%3Dtop%26strnativekey%3D8ec3a4f3%26sl%3Dsharethrough-top%253FT-1000%7Cpos%3Dbottom%26sl%3Dleader-plus-bottom%253FT-1000&eri=1&cust_params=test%3Dshare_bar%257C3%257Ccontrol%26buyingcycle%3Ddiscover%26topic%3Dsecurity%252Cservers%26mfr%3Dadobe%26pid%3Dadobe-flash%252Cnest-tag%252Ctag%252Ccobra-tag%26tag%3Dadobe%252Cadobe-flash%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Duk%26subses%3D1%26session%3Dc%26pv%3D1%26vguid%3D99d32627-0ef5-4895-a281-c48a21346f56%26m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting&cookie_enabled=1&bc=31&abxe=1&lmt=1587635962&dt=1587635962393&dlt=1587635961892&idt=454&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C-20%2C1043%2C1043%2C1008%2C208%2C1043%2C208%2C429&adys=0%2C285%2C405%2C2424%2C1623%2C1862%2C3306%2C2470%2C4440&adks=1512325694%2C3581870410%2C1925781520%2C3289239044%2C3970605601%2C2450494987%2C3509234736%2C2484431570%2C519614694&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&dssz=29&icsg=536881664&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x4900%7C1585x90%7C370x250%7C370x250%7C370x771%7C770x3642%7C370x250%7C770x11%7C1210x90&msz=1585x5%7C1585x90%7C370x250%7C370x250%7C370x771%7C770x321%7C370x250%7C770x11%7C1210x90&ga_vid=587545303.1587635962&ga_sid=1587635962&ga_hid=772815438&fws=4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585%2C1585
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
4e4d8109d379b0330b898e12260ed88cadda9c0697564df4aeac894f36e5db45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
16160
x-xss-protection
0
google-lineitem-id
4745974454,4745696286,4745571990,4745571990,4825966980,4745327422,4745571990,4745189935,4745696286
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138239360681,138239338545,138239321463,138239321448,138247024569,138239368367,138247985744,138239344481,138239338263
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020041602.js
securepubads.g.doubleclick.net/gpt/ 		64 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
sffe /
Resource Hash
df255e2f7f9fd8c86ec6b227d9b3d2f8b3501188802e75a5009cbf9ba6f4eab7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Apr 2020 16:34:23 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
23935
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:22 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
/
6852bd09.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6852bd09.akstat.io/?h.pg=article&h.ab=share_bar_control_3&when=1587635962379&cdim.Site_View=desktop&t_other=custom5%7C1615&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=58403dead74b9e6eabcaa3e42907ade64199378f&h.t=1587635962270&http.initiator=api&rt.start=api&rt.si=d41b699f-e9e9-440d-ade9-5a19d09d9d58&rt.ss=1587635963739&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 23 Apr 2020 09:59:22 GMT
/
6852bd09.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6852bd09.akstat.io/?h.pg=article&h.ab=share_bar_control_3&when=1587635962422&cdim.Site_View=desktop&t_other=custom3%7C1658&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=58403dead74b9e6eabcaa3e42907ade64199378f&h.t=1587635962270&http.initiator=api&rt.start=api&rt.si=d41b699f-e9e9-440d-ade9-5a19d09d9d58&rt.ss=1587635963739&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 23 Apr 2020 09:59:22 GMT
article-bdfb9b9622-rev.js
zdnet4.cbsistatic.com/fly/js/pages/ 		147 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet4.cbsistatic.com/fly/js/pages/article-bdfb9b9622-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
b37f511be983e8dbafb0a6ec4ba2710468eb35312e3b28c622e806ed88e1b196
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
244428
status
200
vary
Accept-Encoding
content-length
41583
x-xss-protection
1; mode=block
last-modified
Mon, 20 Apr 2020 13:43:28 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e9da700-24c14"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Apr 2020 14:05:34 GMT
CBSI-PLAYER.js
vidtech.cbsinteractive.com/uvpjs/0.42.297/ 		1 MB
281 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidtech.cbsinteractive.com/uvpjs/0.42.297/CBSI-PLAYER.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
age
1395670
x-cache
HIT, HIT
status
200
content-length
286838
x-amz-id-2
RkoxRp0a0/7FNgxrGTKdreTPzFemEBympfwZ2M2+w1LudazJ1M+EWQzCO3/aw2UScdqEMrvf8lw=
x-served-by
cache-dca17763-DCA, cache-hhn4076-HHN
last-modified
Fri, 01 Feb 2019 18:20:56 GMT
server
AmazonS3
x-timer
S1587635963.545845,VS0,VE0
etag
"eb5dd4ed3dcb7641ebbcb604d7ddb038"
vary
Accept-Encoding
x-amz-request-id
5B930A47F70140CA
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1, 10
/
www.zdnet.com/components/breaking-news/xhr/ 		1 KB
644 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
23f840d3af4c53adb0b257825bdf850cdc954c8927e9b9a0e74a3c82f955c429
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
516
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 23 Apr 2020 09:35:13 GMT
x-frame-options
SAMEORIGIN
date
Thu, 23 Apr 2020 09:59:22 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
vary
Accept-Encoding, User-Agent
x-tx-id
eb623bc4-c315-4a08-9e61-bfd4ac795d21
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=5400, private
accept-ranges
bytes
expires
Thu, 23 Apr 2020 11:05:13 GMT
malicious-ads.png
zdnet4.cbsistatic.com/hub/i/2020/04/21/a099d84d-08ec-4fcf-94fc-71c792105575/ 		145 KB
142 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/2020/04/21/a099d84d-08ec-4fcf-94fc-71c792105575/malicious-ads.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d2e9551716429ed6958d4f3c78ba255418d10f709da06e51dcbbeb168fce8691
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74560
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
144726
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"e00151840ad86ec8a82291707618981f"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
image-gallery-modal-426b98fe1d-rev.js
zdnet1.cbsistatic.com/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/components/image-gallery-modal-426b98fe1d-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
744ae87db00be85a6a482a3e8036f81aafaa7754be29b05a2330d0fbc8fea803
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
572456
status
200
vary
Accept-Encoding
content-length
1866
x-xss-protection
1; mode=block
last-modified
Wed, 15 Apr 2020 17:29:04 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e974460-1328"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Apr 2020 18:58:25 GMT
c-1-freedom.jpg
zdnet2.cbsistatic.com/hub/i/r/2017/05/19/1a49c0cd-a147-4a90-962c-706be1149835/thumbnail/170x128/d7f66e712aedd73c180aa0abf41fdb96/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2017/05/19/1a49c0cd-a147-4a90-962c-706be1149835/thumbnail/170x128/d7f66e712aedd73c180aa0abf41fdb96/c-1-freedom.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
67f54c287bc5ce7e574c48f9a1d806e36fb4fba3112b49bff6c366eb23ae13c6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4927811
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
4372
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"473803f0f2ebd77d83ee60daaa61f381"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
b-4-handbrake.jpg
zdnet2.cbsistatic.com/hub/i/r/2017/05/19/7ce349e7-21da-4f3b-98aa-6f86c8cf19a3/thumbnail/170x128/194b565177d04efea103183e15017b0c/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2017/05/19/7ce349e7-21da-4f3b-98aa-6f86c8cf19a3/thumbnail/170x128/194b565177d04efea103183e15017b0c/b-4-handbrake.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
5105b8eee102f736f17890d756756585008ab8a096c380dbda779247e8964ac7
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75522
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
5495
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"07ff46bb6597a4f81eed4f59360ff835"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
b-5-hipchat.jpg
zdnet3.cbsistatic.com/hub/i/r/2017/05/19/7571dfba-87b7-48e5-ad86-2c65529b36ec/thumbnail/170x128/50cb9190fcb22c4a7c1418d7e50c73d2/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet3.cbsistatic.com/hub/i/r/2017/05/19/7571dfba-87b7-48e5-ad86-2c65529b36ec/thumbnail/170x128/50cb9190fcb22c4a7c1418d7e50c73d2/b-5-hipchat.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ec5ed25e5dd18e0c1793e781cfd53e87a2e984d362195e4dd1684c907376bf44
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75522
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
3925
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"acff1af62d0f91f4be73f4857552d70c"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
cloudflare.jpg
zdnet2.cbsistatic.com/hub/i/r/2017/12/17/bb43b5c5-1b1d-4acd-8bb2-34223c6774ef/thumbnail/170x128/cbb5440a12e6017d10565ec9724791d6/ 		5 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2017/12/17/bb43b5c5-1b1d-4acd-8bb2-34223c6774ef/thumbnail/170x128/cbb5440a12e6017d10565ec9724791d6/cloudflare.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d9fd30a7e44563b9265683a887105a89e936636f06dc525d88aae50194852d85
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75522
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
4469
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"2cfa8f9e50e0f510ede9d12338a5f564"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
b-6-wonga.jpg
zdnet1.cbsistatic.com/hub/i/r/2017/05/19/20460df8-1783-4295-9462-b48cd5b700c2/thumbnail/170x128/06eecbedd89035d9fb691f962f84e216/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2017/05/19/20460df8-1783-4295-9462-b48cd5b700c2/thumbnail/170x128/06eecbedd89035d9fb691f962f84e216/b-6-wonga.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ac4b2de5fae00b4449bf2a06f618eb66df1e3465ea8c6dec34b5be42d87f7be6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3854252
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
5608
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"f84d465177e84bb4e756a8319443cdcb"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
disqus-loader-ba8cc73646-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		1 KB
920 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/disqus-loader-ba8cc73646-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
824e2ec0553bc582c02673a30139ac8fe4a6485943d64d32dfb7ae5a83efbe92
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8824
status
200
vary
Accept-Encoding
content-length
640
x-xss-protection
1; mode=block
last-modified
Wed, 22 Apr 2020 15:29:26 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5ea062d6-57e"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 Apr 2020 07:32:18 GMT
cs-go.jpg
zdnet4.cbsistatic.com/hub/i/r/2020/04/22/2557be8f-f122-48c9-96ef-8b1ae87ac07d/thumbnail/170x128/0f546e4ff683ae79c7f6245ee6b5620b/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2020/04/22/2557be8f-f122-48c9-96ef-8b1ae87ac07d/thumbnail/170x128/0f546e4ff683ae79c7f6245ee6b5620b/cs-go.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
1cfb698b1d1a71effcb5f6c15aa5a1dd567b319e1f5f66c8132a72522dcdda6e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
x-content-type-options
nosniff
age
40132
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
5738
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"d0f4dae80c3d0277922f8371d5827292"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
apt-shadow-brokers.jpg
zdnet1.cbsistatic.com/hub/i/r/2020/04/22/d2839eb8-a08d-48ac-a91a-1a040f83c53c/thumbnail/170x128/66ee8039e757daf75f7e674222ddb40a/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2020/04/22/d2839eb8-a08d-48ac-a91a-1a040f83c53c/thumbnail/170x128/66ee8039e757daf75f7e674222ddb40a/apt-shadow-brokers.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
be3a5f2df80210a6c25938d4ac55e4d51d790b40193ce64c2606618f4b46105a
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51367
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
2574
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"0b7e926154c1274e8b602ff0d7c133d7"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
iphone.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/26/47b10a26-6d35-4758-8f6d-cfbefbe69ad4/thumbnail/170x128/de5e25de9eab2d601e0548673fc6187f/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/26/47b10a26-6d35-4758-8f6d-cfbefbe69ad4/thumbnail/170x128/de5e25de9eab2d601e0548673fc6187f/iphone.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
058595b0d8a9f821fe2cd890c8e1a6fd2e13366fcbb4654301d408cdb94a3c4f
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65667
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
5177
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"de01d76e793fec3fba32f4401a45fb20"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
uyghur-iphone-diagram.png
zdnet2.cbsistatic.com/hub/i/r/2020/04/21/fe7eb5a1-be49-4334-83f7-f82eab503941/thumbnail/170x128/9664d3eb5955fa0c64fd672ccbc01665/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2020/04/21/fe7eb5a1-be49-4334-83f7-f82eab503941/thumbnail/170x128/9664d3eb5955fa0c64fd672ccbc01665/uyghur-iphone-diagram.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
aae80f26c8e332c3c12a4844c46012692eb9cb9ffe2f7ee391d16e0312da1604
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141077
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
13101
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"81b0e1902f1c695c267651e72616f46e"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
/
www.zdnet.com/newsletter/xhr/widget-login/ 		2 KB
914 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
855c06f4b56fa7a093b41eee5d00e50735c9cfb08c16bb8fbf518365ce804f34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
date
Thu, 23 Apr 2020 09:59:23 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
vary
Accept-Encoding, User-Agent
x-tx-id
36ec1593-91c5-4a94-8f50-a6dc88dae676
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache
accept-ranges
bytes
front-door-carousel-d989216481-rev.js
zdnet1.cbsistatic.com/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet1.cbsistatic.com/fly/js/components/front-door-carousel-d989216481-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
a0aa48808ddef7604ba969db62e4af3a2ba001b7a8751823cf0ab2d430308ea5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
572457
status
200
vary
Accept-Encoding
content-length
1552
x-xss-protection
1; mode=block
last-modified
Wed, 15 Apr 2020 17:29:04 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e974460-1251"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Apr 2020 18:58:24 GMT
cs-go.jpg
zdnet4.cbsistatic.com/hub/i/r/2020/04/22/2557be8f-f122-48c9-96ef-8b1ae87ac07d/thumbnail/170x128/0f546e4ff683ae79c7f6245ee6b5620b/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/r/2020/04/22/2557be8f-f122-48c9-96ef-8b1ae87ac07d/thumbnail/170x128/0f546e4ff683ae79c7f6245ee6b5620b/cs-go.jpg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
1cfb698b1d1a71effcb5f6c15aa5a1dd567b319e1f5f66c8132a72522dcdda6e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
x-content-type-options
nosniff
age
40132
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
5738
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"d0f4dae80c3d0277922f8371d5827292"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
apt-shadow-brokers.jpg
zdnet1.cbsistatic.com/hub/i/r/2020/04/22/d2839eb8-a08d-48ac-a91a-1a040f83c53c/thumbnail/170x128/66ee8039e757daf75f7e674222ddb40a/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2020/04/22/d2839eb8-a08d-48ac-a91a-1a040f83c53c/thumbnail/170x128/66ee8039e757daf75f7e674222ddb40a/apt-shadow-brokers.jpg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
be3a5f2df80210a6c25938d4ac55e4d51d790b40193ce64c2606618f4b46105a
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
51367
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
2574
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"0b7e926154c1274e8b602ff0d7c133d7"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
iphone.jpg
zdnet1.cbsistatic.com/hub/i/r/2019/03/26/47b10a26-6d35-4758-8f6d-cfbefbe69ad4/thumbnail/170x128/de5e25de9eab2d601e0548673fc6187f/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet1.cbsistatic.com/hub/i/r/2019/03/26/47b10a26-6d35-4758-8f6d-cfbefbe69ad4/thumbnail/170x128/de5e25de9eab2d601e0548673fc6187f/iphone.jpg
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
058595b0d8a9f821fe2cd890c8e1a6fd2e13366fcbb4654301d408cdb94a3c4f
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65667
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
5177
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"de01d76e793fec3fba32f4401a45fb20"
strict-transport-security
max-age=31536000
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
uyghur-iphone-diagram.png
zdnet2.cbsistatic.com/hub/i/r/2020/04/21/fe7eb5a1-be49-4334-83f7-f82eab503941/thumbnail/170x128/9664d3eb5955fa0c64fd672ccbc01665/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet2.cbsistatic.com/hub/i/r/2020/04/21/fe7eb5a1-be49-4334-83f7-f82eab503941/thumbnail/170x128/9664d3eb5955fa0c64fd672ccbc01665/uyghur-iphone-diagram.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
aae80f26c8e332c3c12a4844c46012692eb9cb9ffe2f7ee391d16e0312da1604
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141077
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
13101
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"81b0e1902f1c695c267651e72616f46e"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
malicious-ads.png
zdnet4.cbsistatic.com/hub/i/2020/04/21/a099d84d-08ec-4fcf-94fc-71c792105575/ 		145 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zdnet4.cbsistatic.com/hub/i/2020/04/21/a099d84d-08ec-4fcf-94fc-71c792105575/malicious-ads.png
Requested by
Host: zdnet3.cbsistatic.com
URL: https://zdnet3.cbsistatic.com/fly/2058-fly/js/main.default.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d2e9551716429ed6958d4f3c78ba255418d10f709da06e51dcbbeb168fce8691
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74560
status
200
content-transfer-encoding
binary
x-image-exists
1
vary
Accept-Image-Webp,Accept-Image-Webv
content-length
144726
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"e00151840ad86ec8a82291707618981f"
strict-transport-security
max-age=31536000
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
show-hide-1.0-7bf562809f-rev.js
zdnet3.cbsistatic.com/fly/js/components/ 		2 KB
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://zdnet3.cbsistatic.com/fly/js/components/show-hide-1.0-7bf562809f-rev.js
Requested by
Host: zdnet2.cbsistatic.com
URL: https://zdnet2.cbsistatic.com/fly/js/libs/require-2.1.2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
572458
status
200
vary
Accept-Encoding
content-length
673
x-xss-protection
1; mode=block
last-modified
Wed, 15 Apr 2020 17:29:04 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
W/"5e974460-71c"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
gcstest
false
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 23 Apr 2020 18:58:23 GMT
results.txt
kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net/eum/ Frame EFE8
Redirect Chain
  • https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=pa8c7c5is
  • https://kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net/eum/results.txt
8 B
302 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.41.203 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-53-41-203.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 23 Apr 2020 09:59:23 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
Apache
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net/eum/results.txt
Date
Thu, 23 Apr 2020 09:59:22 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
results.txt
fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net/eum/ Frame EFE8
Redirect Chain
  • https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=pa8c7c5is
  • https://fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net/eum/results.txt
8 B
302 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net/eum/results.txt
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a01:4a0:1338:28::c38a:ff12 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software
Apache /
Resource Hash
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 23 Apr 2020 09:59:23 GMT
Last-Modified
Wed, 08 May 2013 07:51:12 GMT
Server
Apache
ETag
"402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type
text/plain
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8

Redirect headers

Location
https://fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net/eum/results.txt
Date
Thu, 23 Apr 2020 09:59:22 GMT
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
*
Content-Length
0
/
6852bd09.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6852bd09.akstat.io/?h.pg=article&h.ab=share_bar_control_3&when=1587635962700&cdim.Site_View=desktop&t_other=custom4%7C1131&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=58403dead74b9e6eabcaa3e42907ade64199378f&h.t=1587635962270&http.initiator=api&rt.start=api&rt.si=d41b699f-e9e9-440d-ade9-5a19d09d9d58&rt.ss=1587635963739&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: zdnet1.cbsistatic.com
URL: https://zdnet1.cbsistatic.com/fly/js/libs/mpulse-1.0.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Apr 2020 09:59:22 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 23 Apr 2020 09:59:22 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 90B8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuF5-Ulrkk1ZBy9KqWgBrkcKd36bE-FbPX9y6R14f13i7Sgqbhg015bZHc2Jo2VkIq7s1ABKkxt7NCPUbHbYN4pPcm7B-kr_xwtfiIgg9eUg2QG7ptAbyqWefd5KC3_FL4HVH8i1yXU04r-uQEpz9jOOrxPsYoC-P9kC2R9VW5BWhB-I4E9nLWH8K0Dwr6WmgWf-0R6RTxqq6-NfTdnAyPQeYbeUYRZUovhFpfrv7yZDo_UvPgxRUz-Bys7ll3umIW4TUNWp634&sai=AMfl-YQdAhML5_VnOOEHT1zndDhlahd3zkNJpLtq-nlgnC885rnW5qw_ba4jatWHOJ9ddLfMfC0UeFHK5zgHmJGbmet1JbjaMwwdtwONzsT48A&sig=Cg0ArKJSzAnFLdH7vPwJEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 90B8 		75 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 90B8 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
osd.js
www.googletagservices.com/activeview/js/current/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
70d5c45513d094e7ee22b3553952f0a228600dfbde43d810d36e46e07bf2f319
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28351
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 5087 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQg34a8L0ffyH4Eq44NpSwGbOpuAuhVdtOwjdFQ8zFW49HdkUpdBE0KnoXO1jM4WKCvVBQROcTaEyzfNR8gWk2Pec42Zabx-AxCm99W8nMgqlbrOG1vwwTGpbZzXWi3aoHfpDrW_a6UdDWpJ0O4NFiAqhRaVRS6DALdG1536sv_51ZZpqj8vk6Z6lR1_mwDdFc_-oPDQY_iqYk8z09nA25XJKMZ7SjtoumEc_j0JfajlKeBmi6Yv3GX_SFl7F0dg5hgZhThgyx&sai=AMfl-YTnHvS8EN4jEwB2CsiiEZZ3eh9DYA0GZKHYG_QuGjs-RZQ22hjX8uUomu7Uym9lMA7f9OS1-VargJFLM5rMoWqOkfGIUvJqXsHjrOOXOA&sig=Cg0ArKJSzPakZwfm58V8EAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 5087 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 5087 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame 64EB 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuiCtGqqkHafo-ybfyTLSAKq6HSPXzOFPA17X2CtTTf6RpB-4nQhSlVckzARmNNshSode3XFmpEmhJyJY2FIZD8XSyLFfXrtzx0QaGJ_qqgwLQs5q1Qz-xCHOTMIGKbDDwh8cai6TnLtJ1MuNSn0pfHaQF-FKBxAT0u-1Nhw2dOCfqXAfh0mSHhpW4bj6eW5JvHni5THRo_HZHe2msHuG3ZwW_Lxp7608pjJcL0DHBLR9E7vApvumjv6gVlVdnQP5ugSCc51hc&sai=AMfl-YRLvREZGyFVcMNMORLh_l3IhvSDSxmgO3-f9-hXy5-1Qd5v7ziSY8XbhS3ZQHpzldrk-heUKVyzKeq_bp4EgDElw36O-K74Q8R7cbf7yA&sig=Cg0ArKJSzN8CpurZR94CEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 64EB 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 64EB 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame 607B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssjyWuLHw72rEBdtUPPO0aAKyTBmq8ddqcNsPlmeYr5bNjjEUEN6ilET4WXfEzEx0ZfcZwqks89P5it97IGvmVW7wxzJsmLUpMyGU53A39MW1zlky0zvKndevdDdT6RoZlGqJOzv0lB0j7uwEDK8XgZm5zF4hovgw8sFIxAf6uAwl09i2wtTBJhbJMrEczNRUwCWTfHWraJt8G0Oob7tc2_XBdktDqBOZsYTHkWJAsydnFP_x8jGWrxhNuP4VAQk2eiNmv2yYPe&sai=AMfl-YTH0Ua00f-UQPnJr8wA-061TgaJkjAanwduRpl-rFHQCyc3sas5YFuz0eoxHHfnWZnIfUklLAE5HeszVqFEklqi6GaYjWoEZCcR2stBNQ&sig=Cg0ArKJSzOyQmQ9GA8HzEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 607B 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 607B 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame D0F9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsufFCKwgAycWyVIXQAl6b2rYM4yq3oP6-C1jsWx2OvKzwvzTgZuM3wsQzyjTZhZVgzdI8_Palu9PJCjnMNXSvrpHDn-5MOYZgpuB363DQExOs6DvZN-dCjNQaZrGIzU2tCQOJ1Gr80fOoeqDM-lx9VVhQdB2Et2u9DQ2pb2Z4PuzE97IsMq4dHS8Tlf19luA1FiH8j6hwUacQB2_jfXOZP866xi1TUVIV4e8Fk6VyjoUFZxKI42tusGU7yCSI4UMbAxfOvIwb20&sai=AMfl-YQzR_IRgjimTWLGFDMNzdWo4-l-LSKFWoS2Fm972EE_yg6wKKAtRAF1GoHSx_nt2OyW2SUme6czSMaaJGfeAXqK25nEQ7egqRsD_WmV3Q&sig=Cg0ArKJSzJxGOhIusSwUEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
adKit.min.js
rev.cbsi.com/common/js/ Frame D0F9 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rev.cbsi.com/common/js/adKit.min.js?1950209675
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.96.151.249 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-96-151-249.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 23 Apr 2020 09:59:23 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 May 2019 18:29:20 GMT
Server
AkamaiNetStorage
ETag
"e524dc608d5c7c30eef57b6ed95dc6a8:1557772160"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2149
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame D0F9 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame D0F9 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame 4B58 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnkr838BDIK9HmyZTeYWYudEyaQuqDH_PiH7u7skgGxCxhPfEhVwqqzZr_vIPN1Pgya-xeMwtObezW-cS6TIBMteA5scvpgK6-RCGz-0cz8kQ8iWcxygWrJpoHX_bUwOFlWLSW8CizSU_5zkUzV1CD29tmMu3N65icDCCvpda8MCaizGrP8h2fJvI-a6VCfZQcbtPVmeztiPDGfhBj9KpbcEtw4lzCzmHFxJ7LcsiZx_NN2XkJH3DMRh0pxVYoB5ASWEFghCbb&sai=AMfl-YQo0O1XQd_2KAVlyNaqsCUpS7tNchvdyWpAWWUi2Z7aAgsxtXLp3Mhxkk4PL52hIehhxLBh5iKlgf8MqRtqf-ObvS1_eagw5uQ86E1Siw&sig=Cg0ArKJSzMzwDwondY0TEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 4B58 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 4B58 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame 1ECA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFz8CYubEgyXLhgqk7x4HgLgpPintRW7XHnyXIgbX-_w_KeWw5NyZvSfYlrFSC0a5dINNUL3gbxK-ft6Oso8TF0ZOCd2Bm1f3M7FEc8uXjlkEoieMmazTbgi43J5icVQzKuONgYpZMRoDOJNqw5UGPr5hCFGEEdawbh8X-5Iid7N664OHa1xk6pA9FQRKCoiZfOm97M2w282WWdBK8ym6ddOudcvsjGkUQpHthSuVKFgR9YgiA6sYvgq99SpbGnFQFmw7Er5tw&sai=AMfl-YSZJ1H7v1UEu2acr3Vn3l9aIxnC9afmNuiaUyhKY2EUYs_EB8OFR43HBn344Csfh_aS6ds_F-NKyUdGYRCqxm2LgDHXmuD085W2BbfnQg&sig=Cg0ArKJSzF-UbCl1-asGEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 1ECA 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 1ECA 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame D99E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_z11qSHigZIwmYS62u9UYfxonnkNVuj_nG6qj-PzNSUcdTR_x9nIA9eLTO8XQ5Lfz2G2ujeovCrxVh5j-xqpzWgW5NkalxkxKSom6Kbx2FNcQKcqTCzD6T6-sTVqMvnDDazV9skeubbX115Se39yoYzloaSnAjZp5UeU07PzoLMD9RgKyoDP2zBFtzgvowUpr2zSzbiONlgyVc90-Af9uFrLomWueviFF66FIGDFB4epn-T3hAiXF4XN9mSq8ES30VYa4EpO6&sai=AMfl-YQTN-o3ujC6jaFv5_EG0iEakc6TKqSugnLN2C6Ph-NLW5g4-ElmIxahnZenU93Lg009001Jaf3rhOHYxj5KOyblFUbG73hMexTNocTjog&sig=Cg0ArKJSzHdrwmroRIJYEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame D99E 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame D99E 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
view
securepubads.g.doubleclick.net/pcs/ Frame 54E9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJKg6As-Ubt5Bb3Jaf_X9SZRTGWBzFiegMlwp_ntCrAcm_vAG4mUIO17DRg98ERj7Je8Uq1ej5doXST27IQNXt_k078_TvYoARtAjFe0RosQ5m7HnjpHSp7VVgFzQAItOICxrxk1NBQ-0mSNvQtLWC0AduqkitlTeJPSIKJG1b2Ub-eNm83ZiuFkGTTyMuKFeSc88WTirBqqz6xMCJg6M9mxu29WnwOiAsq-ugAO3rlYPxrffhjiYJE2MyX1kW4JAHxpREv9Vs&sai=AMfl-YQ_1MvY-Tw29uS5mrBBSsOcPkm_pco2RTxsuUJvT5XMMHJGLU2utUVn8Dm-35l9_RF9a_juolLks9b78ffGz1If1Yb9LVK0X3AqufH1LA&sig=Cg0ArKJSzHbmORndXJBtEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 54E9 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 54E9 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020041602&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b2a8c25716b5fc79cad44721da262069633a0a215b4fc15a483e58e54a7d08c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5230
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020041602.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame D0F9 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: rev.cbsi.com
URL: https://rev.cbsi.com/common/js/adKit.min.js?1950209675
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe1244a9a19db22f8fcc8a0663bf6ddde0699b7d9bcd4dfbd2ffbaeae2a26b33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"494 / 301 of 1000 / last-modified: 1587436432"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14359
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
n.js
geo.moatads.com/ 		125 B
299 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=undefined&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~t8!Z.%5BMhS%3A15.sn_003etW6~P6Jn)s)wC%24GL3jX%7BQqDOJ%3Eoy)G3p%2FhFjrR8CL6k%24)m3*%5B%605*mF%40%23b%3DhjdbEW%3C7bNC%3ElaKc%2C%26WLRGt%269RHrOCFxBoocF)uhFAkD%3Dv%3Cy%5Dv%5BLy*hgMcpk%3FqFm%5Dm%22%2Bx%7Co%3Ee%7CwR3yC%7CQ%7DGH%3Ch%2Cqkc!p!ny%7BiY81%22ASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN%7CDoD%3DhA&th=341666498&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&qp=00000&is=BBBBB2IUEY4vGl2BBCBBtUTBBRmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMQSQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Skg7OxBb8MxOtJYHCBdm5kBhBBC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBSqj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccypBsrB41kNBBBBBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTCyBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=null&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=-120&qa=1600&qb=1200&qi=1600&qj=1200&to=00&po=1-0020002000002120&vy=&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&confidence=2&pcode=cbsprebidheader506831276743&ql=&qo=0&i=CBSDFPCW2&hp=1&wf=1&vb=9&cm=23&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1587635963397&de=310247742258&m=0&ar=6ba875f-clean&iw=b4c0ffe&q=4&cb=0&ym=0&cu=1587635963397&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745974454%3A138239360681&zMoatPS=nav&zMoatPT=article&zMoatW=7&zMoatH=7&zMoatVGUID=99d32627-0ef5-4895-a281-c48a21346f56&zMoatSN=c&zMoatCURL=zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV=waiting&zMoatMMV_MAX=waiting&zMoatMGV=waiting&zMoatMSafety=waiting&zMoatMData=waiting&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&id=1&bo=23605329&bp=23619609&bd=nav&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=7x7&zMoatSZPS=7x7%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1240%3A1240%3A1729%3A1239&iq=waiting&tt=waiting&tu=waiting&tp=waiting&fs=178191&na=718071492&cs=0&callback=DOMlessLLDcallback_77623167
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/cbsdfp5832910442/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.187.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-187-27.eu-west-1.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
75f82fe22825c6921b812dc62ebdc0f725b1aebca0c242804e8f8862c5ee58fd

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
server
TornadoServer/4.5.3
etag
"0b4b60a276da210c27a84afb3f167e60fd368a5b"
content-type
text/html; charset=UTF-8
status
200
cache-control
max-age=900
timing-allow-origin
*
content-length
125
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSDFPCW2&hp=1&wf=1&vb=9&cm=9&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1587635963511&de=388847418320&m=0&ar=6ba875f-clean&iw=b4c0ffe&q=41&cb=0&ym=0&cu=1587635963511&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=25477209%3A2356361194%3A4745571990%3A138247985744&zMoatPS=bottom&zMoatPT=article&zMoatW=300&zMoatH=250&zMoatVGUID=99d32627-0ef5-4895-a281-c48a21346f56&zMoatSN=c&zMoatCURL=zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads&zMoatDev=Desktop&zMoatAType=content_article&zMoatTest=zdnet&zMoatMMV=waiting&zMoatMMV_MAX=waiting&zMoatMGV=waiting&zMoatMSafety=waiting&zMoatMData=waiting&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&id=1&bo=23605329&bp=23619609&bd=bottom&dfp=0%2C1&la=23619609&zMoatNotCnet=true&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAB=content_article-zdnet&zMoatOrigSlicer1=23605329&zMoatOrigSlicer2=23619609&gw=cbsdfp5832910442&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1240%3A1240%3A1729%3A1239&iq=waiting&tt=waiting&tu=waiting&tp=waiting&fs=178191&na=223765834&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Apr 2020 09:59:23 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 23 Apr 2020 09:59:23 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 0C14 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Thu, 23 Apr 2020 09:06:29 GMT
expires
Fri, 23 Apr 2021 09:06:29 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3174
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
integrator.js
adservice.google.de/adsid/ Frame D0F9 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D0F9 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020042001.js
securepubads.g.doubleclick.net/gpt/ Frame D0F9 		171 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042001.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
sffe /
Resource Hash
0b810c6b83f3d55da4c3e345113ad863901ff3e382e04170817b853f761dd9f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 20 Apr 2020 20:16:23 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
64174
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame D0F9 		32 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1997706161660454&correlator=203605688355223&output=ldjh&impl=fifs&adsid=NT&eid=21065918&vrg=2020042001&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200423&iu_parts=8264%2Cuk-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=372x142%2C372x142&prev_scp=env%3Dprod%26session%3Dc%26subses%3D1%26ptype%3Darticle%26vguid%3D99d32627-0ef5-4895-a281-c48a21346f56%7Cenv%3Dprod%26session%3Dc%26subses%3D1%26ptype%3Darticle%26vguid%3D99d32627-0ef5-4895-a281-c48a21346f56&cookie=ID%3Da9279ad3e8b2f709%3AT%3D1587635962%3AS%3DALNI_MYO18kE0rQZI5aEn5ELcTCsa1qpPw&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1587635963&dt=1587635963751&dlt=1587635963047&idt=645&frm=23&biw=1585&bih=1200&isw=371&ish=771&oid=3&adxs=-12245933%2C-12245933&adys=-12245933%2C-12245933&adks=3261246841%2C3261246840&ucis=5fpfqojbse8h%7Cxxm67feh39tw&ifi=1&ifk=416851585&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&dssz=15&icsg=10888&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0%7C0x0&msz=0x0%7C0x0&ga_vid=469234758.1587635964&ga_sid=1587635964&ga_hid=266946827&fws=256%2C256&ohw=0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
9b3e4afde2c40a16b5c54c72ff4246e8f2622cf1c7343495b83b4c138b6859f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
7735
x-xss-protection
0
google-lineitem-id
4746066197,4746066197
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138239375180,138239375540
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020042001.js
securepubads.g.doubleclick.net/gpt/ Frame D0F9 		67 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020042001.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
sffe /
Resource Hash
4e84d85a31c26a182e31a0e7e97f1393690c5b5756a00201ca7752a253c79998
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 20 Apr 2020 20:16:23 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
24855
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame D0F9 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
view
securepubads.g.doubleclick.net/pcs/ Frame 2CF7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuXRyP5hXStZwYsmOTGpmAd-xQa7poW-nOH6mm-REIkYZADG35hL0uNGIkvPKoouyB2YrF6WFaERbceyCIQFw5cp_t28koIPMlj-fYPCHFCkeYhx5JjDmn6Xa9SSNQh9Oa4i331VCjd50QjpywYYYCYmdQ6Y5Lf-LBREM3hZ6_AktN57OGZfmX2tq0JpYkC6LrRZH0ZLIGnZXZYPwBLRV0NDwDm4MdN50raifp1HyKB27upleaHinocU4kXHp7YJU3ZlyPKpfl2&sig=Cg0ArKJSzO6-aWjrjXErEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 2CF7 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame 2CF7 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
osd.js
www.googletagservices.com/activeview/js/current/ Frame D0F9 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
70d5c45513d094e7ee22b3553952f0a228600dfbde43d810d36e46e07bf2f319
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28351
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame FB11 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss1rypYxr-r9ndPl2JOaJMpFXahUJP1y6IZrrGV4K7xVp0ddlqy-xF7oRezJA2yjeAphc17rxp6WrhwI2MgHNGHcvp7YxgghbX5ohMFrA6P4e2YF7WJWZLe8l5irP07qW4B91sR1zYzRHcwozSJykiWJVx3KFg6to0gAn1TcQTqQUjRv4Fg-Xa64fAecV9L2DuSh6sM96gRXtusH4Fvn-A3QfSVhHzi1Dqlx1t8JDMusNGu95RlDHxGaKc-8w3uFfe9lf3HhIDT&sig=Cg0ArKJSzPxWo5YuemFaEAE&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f194.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame FB11 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1587382633128681"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28798
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:23 GMT
moatad.js
z.moatads.com/cbsdfp5832910442/ Frame FB11 		314 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbsdfp5832910442/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.213.165.236 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-165-236.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 16:53:28 GMT
server
AmazonS3
x-amz-request-id
16527437E01AE058
etag
"2615d14012bc2e6c09dcdff2dd6bcd8e"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=47256
accept-ranges
bytes
content-length
107119
x-amz-id-2
jftwYDrCRlQ1DOA+PaFkNjvT5SKuZI1E+FWsTtfNi7UCDD41RqQdnuAs+/D8uk1OIPjBU5u8bpA=
/
6852bd09.akstat.io/ 		0
354 B 		Other
General
Check archive.org
Download Go to
Full URL
https://6852bd09.akstat.io/
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:181::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Thu, 23 Apr 2020 09:59:23 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Thu, 23 Apr 2020 09:59:23 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020041602&jk=2759763276195385&bg=!m5ilmIBYPYgnDezxA2ACAAAAs1IAAAAJmQFZDt5rhIe-Kdt0y2i_3WuWvc0eIJUT1gyB-bJOX3r6ULkGDGKQkN7o8c7AXfiLY6peKLaBC3OBX0_h1FaK1l6SWWBnkr3tViwCQ0HABb2EuktRaFw2S4MNEb96JpgPYKvFEnxcSJzVVQjq9-VUZBD8NtcTXAb86Uj8NHeJQre34ud1waFnWZImAb2KeJRyKdtntbNcOJmaHtZIW4HVSX92A5lVKKSYS2NuRxslOAYXVKeldDAQQwAE4qVlGHaWvqQGb_AiuiE8RdfEPIikdMvjhsgXBGXZTWqPcQuB9bsWDUUsvu6QwG4p1w2oK78NKdqspKy21qAyEFiYLmJ9waUaXUl67aReJ61fjjH-AMrBAfTonTmDOl9N8t9_tQ0KIOVzWmRaIBG54gmAklwKrl1pfxFb4ZLgXaIKFQ6JfUNLehZ_dfNuv8TaNkTp6EUHTEt_EbLRoR5cbgRv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Apr 2020 09:59:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame D0F9 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020042001&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c804ef3ab26ba84c608ca3b9af579eac9a1bf970947bd3b235ad39a5a46b13f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Apr 2020 09:59:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5174
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D0F9 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020042001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 09:59:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Thu, 23 Apr 2020 09:59:24 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame CAB5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Thu, 23 Apr 2020 09:06:29 GMT
expires
Fri, 23 Apr 2021 09:06:29 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3175
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
gen_204
pagead2.googlesyndication.com/pagead/ Frame D0F9 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020042001&jk=1997706161660454&bg=!DwylDBRYrUpniCrrxvICAAAANlIAAAAKmQFfPrT0yf_XZH0nHvHyYHVUwh7ZorhKi2auiupKG8hXbuAp0elPhRI_F3JgvdMvfineK879junH5nuEP3SD76UqejaT4wbziZjk_owpoQnM_LwcUE7izHTb90KjSnFBLEIHwTNJGm5LbOvfuNP7Tt200khIn7UegJwvYAfGMMUl8H7WCeSVZ4ed9bXBm8cyaJEBDUcJGOuGkW9d6NXthh_GrXZI6jUVkshOz8pOvi1aT6t2Zt6d5yp-RhCbXRG6Q-ejr3oNZQhWkmyEbDfzU7DGWs2CsgEuaAImt2MJztrk7Ba4z2tqPcRcflQNUdToXS0VeUknHTL-AS-SiXFHa_8iEQDgUOg78L9aCF7SgnM-eLz3LwtO67HnKR_FVC3j73-NNf3H2TR11_6qJBAbSOomprJvoiy-zDuIoilyyThUk933cn3BM_H5GDO0ZW5MlZ2Mo2qWl0bVlJ63mFHaeI_t
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Apr 2020 09:59:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| cbsoptanon object| soastaTracking object| ZdnetPageVars object| ZdnetFunctions number| BOOMR_lstart object| _sf_async_config number| _sf_startpt object| _cbq object| knownServiceWorkers object| BidBarrel function| UUIDv4 string| __tealium_data_guid object| utag_data function| requirejs function| require function| define string| _cbsotstate object| BOOMR object| BOOMR_mq object| __core-js_shared__ function| setImmediate function| clearImmediate object| pbjs object| _pbjsGlobals object| adFlow object| googletag object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| $ function| jQuery object| Modernizr number| _sf_endpt function| blankAdCallback function| CbsMoatListener function| moatYieldReady function| setMoatPrebidData object| jQuery1830868970386847062 function| jsonFeed number| BOOMR_configt object| _bmrEvents object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| otStubData object| CryptoJS object| mPulseApp undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| isDomless undefined| documentReferrer undefined| isBeta undefined| viewHash undefined| pxSrc undefined| px object| Moat#G26 object| MoatSuperV26 object| MoatNadoAllJsonpRequest_53160917 object| Moat#PML#26#1.2 boolean| Moat#EVA object| MoatDataJsonpRequest_53160917 object| moatPrebidApi number| google_srt undefined| google_measure_js_timing object| Optanon object| OneTrust object| adsbygoogle number| __google_ad_urls_id number| google_unique_id object| gaGlobal undefined| easyXDM object| AudEng object| URS function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter number| BOOMR_onload function| Waypoint object| debug string| adBlockCookieValue object| $tealium boolean| searchOpen object| $lastFocusedInput string| pageType string| waypointContextKey undefined| _ function| Hls undefined| uuid function| addResizeListener function| removeResizeListener object| cvui object| uvpjs function| Class object| mpulseUserTiming object| ampInaboxIframes object| ampInaboxPendingMessages object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| GoogleGcLKhOms object| DOMlessLLDcallback_77623167 function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_image_requests

13 Cookies

Domain/Path Name / Value
.zdnet.com/ Name: RT
Value: "z=1&dm=zdnet.com&si=d41b699f-e9e9-440d-ade9-5a19d09d9d58&ss=k9clgji4&sl=1&tt=1c0&bcn=%2F%2F6852bd09.akstat.io%2F&ld=1c4"
.zdnet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Thu+Apr+23+2020+11%3A59%3A22+GMT%2B0200+(Central+European+Summer+Time)&version=5.15.0&landingPath=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fhackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C5%3A0&hosts=H123%3A1%2CH296%3A1%2Ckad%3A1%2Cykx%3A0%2CH74%3A0%2Cnhp%3A0%2CH314%3A0%2CH378%3A0%2Cycm%3A0%2CH551%3A0%2Cqgc%3A0%2CH33%3A0%2Cevp%3A0%2Cmsc%3A0%2CH38%3A0%2CH59%3A0%2Csbj%3A0%2CH82%3A0%2CH93%3A0%2CH98%3A0%2CH663%3A0%2Cwll%3A0%2Cshp%3A0%2Ciwd%3A0%2Cocn%3A0%2Cxol%3A0%2Cldx%3A0%2CH134%3A0%2Cgbj%3A0%2Cxuc%3A0%2CH148%3A0%2Cket%3A0%2Cyhw%3A0%2Cowg%3A0%2Caau%3A0%2CH194%3A0%2Cxzz%3A0%2Cgos%3A0%2Ckij%3A0%2Cyon%3A0%2Cqqh%3A0%2CH215%3A0%2CH229%3A0%2Cbjv%3A0%2Cgny%3A0%2Cfgh%3A0%2Ckbc%3A0%2Cezx%3A0%2Clbl%3A0%2Cjyk%3A0%2CH250%3A0%2Cpmv%3A0%2CH262%3A0%2CH270%3A0%2Clzu%3A0%2Cpve%3A0%2CH276%3A0%2Ctch%3A0%2Cxmd%3A0%2Ciax%3A0%2Cqnc%3A0%2CH315%3A0%2Cuxy%3A0%2Cumx%3A0%2CH333%3A0%2CH335%3A0%2CH338%3A0%2Ccnd%3A0%2Cobo%3A0%2CH355%3A0%2CH360%3A0%2Ctas%3A0%2Cqtj%3A0%2Ceod%3A0%2Cxxp%3A0%2Czmt%3A0%2Cmym%3A0%2CH387%3A0%2Cmdi%3A0%2Ciex%3A0%2Chqo%3A0%2CH407%3A0%2CH411%3A0%2Crjz%3A0%2CH412%3A0%2CH420%3A0%2CH430%3A0%2Cwit%3A0%2Clvb%3A0%2CH456%3A0%2CH458%3A0%2CH463%3A0%2CH464%3A0%2Cdmn%3A0%2CH475%3A0%2CH477%3A0%2CH594%3A0%2Cfst%3A0%2Cyxb%3A0%2Ceri%3A0%2CH518%3A0%2Cpcn%3A0%2Cjva%3A0%2Cndb%3A0%2Czmy%3A0%2CH545%3A0%2CH554%3A0%2CH566%3A0%2Czou%3A0%2Cdzf%3A0%2Cyon%3A0%2Cdmn%3A0%2Ckuw%3A0%2Cndb%3A0&legInt=
.zdnet.com/ Name: arrowImpCnt
Value: 1
.zdnet.com/ Name: fly_preferred_edition
Value: eu
.zdnet.com/ Name: fly_default_edition
Value: eu
www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads Name: pv
Value: 1
.zdnet.com/ Name: fly_device
Value: desktop
.zdnet.com/ Name: fly_geo
Value: {"countryCode": "de"}
.zdnet.com/ Name: nemo_highlander
Value: share_bar:3:control
.zdnet.com/ Name: zdnetSessionCount
Value: 1
.zdnet.com/ Name: zdnetSessionStarted
Value: true
www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads Name: zdnet_ad
Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22uk%22%2C%22subses%22%3A%221%22%2C%22session%22%3A%22c%22%7D
.zdnet.com/ Name: arrowImp
Value: true

28 Console Messages

Source Level URL
Text
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 298)
Message:
Found registered service worker: [object ServiceWorkerRegistration]
console-api info URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 283)
Message:
Registration of service worker /service-worker.js successful with scope:https://www.zdnet.com/
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: _injectQueryStringGCP functional
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_chartbeat performance
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_tealium functional
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 30)
Message:
Loading iframes
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_urban_airship targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_sharebar social
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_sharebar social
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_taboola targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_async_load targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 167)
Message:
%c One Trust color:#000;border-radius:3px;background-color:hsl(161, 100%, 94%); Added to Scripts Queue: script_medusa_recommendation targeting
console-api log (Line 71)
Message:
blank creative loaded: 138239360681 (7 x 7, pos=nav, slot=nav-ad)
console-api log (Line 71)
Message:
blank creative loaded: 138239338545 (970 x 66, pos=top, slot=leader-plus-top)
console-api log (Line 71)
Message:
blank creative loaded: 138239321463 (300 x 250, pos=top, slot=mpu-plus-top)
console-api log (Line 71)
Message:
blank creative loaded: 138239321448 (300 x 250, pos=middle, slot=mpu-middle)
console-api log (Line 71)
Message:
blank creative loaded: 138239368367 (641 x 321, pos=top, slot=inpage-video-top)
console-api log (Line 71)
Message:
blank creative loaded: 138247985744 (300 x 250, pos=bottom, slot=mpu-bottom)
console-api log (Line 71)
Message:
blank creative loaded: 138239344481 (11 x 11, pos=top, slot=sharethrough-top)
console-api log (Line 71)
Message:
blank creative loaded: 138239338263 (970 x 66, pos=bottom, slot=leader-plus-bottom)
console-api log URL: https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/(Line 164)
Message:
Dynamic Showcase Center container ::: creative id = 138247024569
console-api log (Line 71)
Message:
blank creative loaded: 138239375180 (372 x 142, pos=, slot=dynamic_showcase__0)
console-api log (Line 71)
Message:
blank creative loaded: 138239375540 (372 x 142, pos=, slot=dynamic_showcase__1)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6852bd09.akstat.io
adservice.google.be
adservice.google.com
adservice.google.de
at.cbsi.com
c.go-mpulse.net
cdn.cookielaw.org
fiaqj6absjkbikqbasqbgoaafbpkczx2-pa8c7c-c42a8fb19-clienttons-s.akamaihd.net
geo.moatads.com
geolocation.onetrust.com
kjtbhbaxguu4sxvbm35a-pa8c7c-fad013e97-clientnsv4-s.akamaihd.net
mb.moatads.com
packetstormsecurity.com
pagead2.googlesyndication.com
production-cmp.isgprivacy.cbsi.com
px.moatads.com
rev.cbsi.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
urs.zdnet.com
vidtech.cbsinteractive.com
www.googletagservices.com
www.zdnet.com
z.moatads.com
zdnet1.cbsistatic.com
zdnet2.cbsistatic.com
zdnet3.cbsistatic.com
zdnet4.cbsistatic.com
104.96.151.249
151.101.65.188
152.195.132.202
172.217.21.194
198.84.60.198
23.213.165.236
23.53.41.201
23.53.41.203
2606:4700:10::6814:b844
2a00:1450:4001:81e::2002
2a00:1450:4001:821::2001
2a01:4a0:1338:28::c38a:ff12
2a02:26f0:6c00:181::11a6
2a04:4e42:1b::444
2a04:4e42:1b::645
2a04:4e42:3::444
35.190.38.167
52.50.187.27
54.77.161.100
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
058595b0d8a9f821fe2cd890c8e1a6fd2e13366fcbb4654301d408cdb94a3c4f
0b810c6b83f3d55da4c3e345113ad863901ff3e382e04170817b853f761dd9f0
1724d7fd70903754d6f29172f2ac879dc6dab79df6c4c78ed06f45c0f117e15c
18a55e7bcc430701ed2ce74ce34f8592214be86ec6cae2e10cc04736d2541c35
1c0ccb11374e2374cb7a52c792ffe07d9203d28d4ad97623bcf27bc58d2513f9
1cfb698b1d1a71effcb5f6c15aa5a1dd567b319e1f5f66c8132a72522dcdda6e
1d93d85e9887c861e43962220f8ae363c16197932c5ffa3620eb42bb3c216a99
1df152c5f79010dd701eceeabbf5fae49f8b375b625f2a5d7f8a8fbe11b92f2b
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
23f840d3af4c53adb0b257825bdf850cdc954c8927e9b9a0e74a3c82f955c429
2bf78db102c9d6e84c8e86cd2bd6134383688ae866a991028728b62f482358ab
2c804ef3ab26ba84c608ca3b9af579eac9a1bf970947bd3b235ad39a5a46b13f
38b105aaaea628c1b123cc6c484b947929d2465ad1b01ac0c9342ba21f6d5336
3e197065a7140de42dd208e9d62e19a1dffb7849965296e2c57fa2d12fa692ae
3e739d0fcd6811c6f2c97393b66431eda17c61ebbdd01b88344e90a7a7a90c0b
48b9b9c50fd14ec46d7bafe5857e5aeeb945e25a79f678f31f02d2c2761e5971
4e4d8109d379b0330b898e12260ed88cadda9c0697564df4aeac894f36e5db45
4e84d85a31c26a182e31a0e7e97f1393690c5b5756a00201ca7752a253c79998
5105b8eee102f736f17890d756756585008ab8a096c380dbda779247e8964ac7
5343bfe5831996d45ff0866a47e37479c7cf5b961dc0a543ed9ee928f1549a7d
609cd922ed1b5a07ead4cd6c6ff375f35bef52962ccca9433927e7fe84279e35
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
67f54c287bc5ce7e574c48f9a1d806e36fb4fba3112b49bff6c366eb23ae13c6
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6c9ba076312d706e7a2c79aa15b2c7a50610191232a333f5504e8d8eded22ed7
70d1b63641ae86512ee80c400ae1c15c7b5d723d2c9517a75f7637b22707e13f
70d5c45513d094e7ee22b3553952f0a228600dfbde43d810d36e46e07bf2f319
7444a4f95aa54b94261f01f7bc26d3fcd45f723643698a54412fc8dea4267179
744ae87db00be85a6a482a3e8036f81aafaa7754be29b05a2330d0fbc8fea803
75f82fe22825c6921b812dc62ebdc0f725b1aebca0c242804e8f8862c5ee58fd
78f6f98c51a18c6cb355a576bb80ee274c17a4bdd1c7b3300cf2c47ad57eadf1
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
824e2ec0553bc582c02673a30139ac8fe4a6485943d64d32dfb7ae5a83efbe92
82bbd04adfca6dbbc54fbcff55f4db8bc1f66d7ccfe36820480be504d94d905d
83cbc7b54092b1bc2080b2ef7a7096e2c125a21a8b58895fa2cccd7e0a03d89d
855c06f4b56fa7a093b41eee5d00e50735c9cfb08c16bb8fbf518365ce804f34
8bb184667d003389ad5cb0c15e7df00c2bd8ffb8b74f514ffdae6e90ca6b6156
8e00ebebe053ff93e139bab1a80ced2517b33572ab374ae641e0e1cfed58d8e0
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54
96eec2195ea9f4028709cfca9d9ba8195fb54a1196cc100944798e46d9c23e40
9aa78b89d6962ca7c0196027ff48d9af7f04d9c3097d5529071a6e0642808d05
9b3e4afde2c40a16b5c54c72ff4246e8f2622cf1c7343495b83b4c138b6859f5
9cdc047556347546740925a2f73094df2f1b74793496727128c3ec1df6d08994
a0aa48808ddef7604ba969db62e4af3a2ba001b7a8751823cf0ab2d430308ea5
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
aae80f26c8e332c3c12a4844c46012692eb9cb9ffe2f7ee391d16e0312da1604
ac4b2de5fae00b4449bf2a06f618eb66df1e3465ea8c6dec34b5be42d87f7be6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b18ef7898c68f185595b98ae3484d569ad5599e6e2e0c261105f6e76b5977e4d
b2a8c25716b5fc79cad44721da262069633a0a215b4fc15a483e58e54a7d08c1
b37f511be983e8dbafb0a6ec4ba2710468eb35312e3b28c622e806ed88e1b196
be3a5f2df80210a6c25938d4ac55e4d51d790b40193ce64c2606618f4b46105a
c840af2963c98ac6d0739a188c8c02f81a14b0a351fac4c878e7047e0d2797ce
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
ceffb891c3e1891757ead2e7e41497adc13abca0d14d7f58d20e3aa8d5aee108
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2e9551716429ed6958d4f3c78ba255418d10f709da06e51dcbbeb168fce8691
d2fe67ecc4354b214728e0a7d75b67536a78f6b575080b589d54a1937fc46b41
d9fd30a7e44563b9265683a887105a89e936636f06dc525d88aae50194852d85
de538a62257057626ff3689528e255f7a67482f33987fea0e0085da48281d016
df255e2f7f9fd8c86ec6b227d9b3d2f8b3501188802e75a5009cbf9ba6f4eab7
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e13a522607a6aa275416565aa38e464c73b950ac3c99f490a96d78860cc84e2a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60d72219eb682a93fea26976d93acbe542afdd65065fd1e05c393d8dd996a30
e7feb1384d2175253d0749fb7bba1cb865b9c725d3a93599fbd874af6c4d00b0
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
ec5ed25e5dd18e0c1793e781cfd53e87a2e984d362195e4dd1684c907376bf44
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
fe1244a9a19db22f8fcc8a0663bf6ddde0699b7d9bcd4dfbd2ffbaeae2a26b33
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097