www.cyfirma.com Open in urlscan Pro
2606:4700:10::6816:199e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Submission: On January 03 via api (January 3rd 2025, 5:16:14 pm UTC) from US — Scanned from DE

Summary HTTP 141 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 15 domains to perform 141 HTTP transactions. The main IP is 2606:4700:10::6816:199e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cyfirma.com.
TLS certificate: Issued by WE1 on December 5th 2024. Valid for: 3 months.

This is the only time www.cyfirma.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
105	2606:4700:10:... 2606:4700:10::6816:199e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.18.95.41 104.18.95.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.244.18.122 18.244.18.122	16509 (AMAZON-02) (AMAZON-02)
3	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.186.132 142.250.186.132	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
3	216.58.206.67 216.58.206.67	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
2	142.250.186.136 142.250.186.136	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2620:1ec:29:1... 2620:1ec:29:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
3	23.96.124.156 23.96.124.156	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a01:4f8:231:... 2a01:4f8:231:885::3	24940 (HETZNER-A...) (HETZNER-AS Hetzner Online GmbH)
141	22

105 2606:4700:10::6816:199e (United States)

ASN13335 (CLOUDFLARENET, US)

www.cyfirma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.95.41 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-122.fra56.r.cloudfront.net

in.fw-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.206.67 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.96.124.156 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

w.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:231:885::3 (Ehingen, Germany)

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)

moderate8.cleantalk.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
105	cyfirma.com www.cyfirma.com	5 MB
5	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 625 w.clarity.ms — Cisco Umbrella Rank: 8046	30 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	527 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	2 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36 region1.google-analytics.com — Cisco Umbrella Rank: 3353	22 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	241 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	35 KB
3	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 3147 cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	35 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	22 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3 region1.analytics.google.com — Cisco Umbrella Rank: 4108	992 B
1	cleantalk.org moderate8.cleantalk.org — Cisco Umbrella Rank: 791421	263 B
1	google.de www.google.de — Cisco Umbrella Rank: 10745	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 135	554 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	960 B
1	fw-cdn.com in.fw-cdn.com — Cisco Umbrella Rank: 175424	88 KB
141	15

	Domain	Requested by
105	www.cyfirma.com	www.cyfirma.com
5	www.googletagmanager.com	www.cyfirma.com www.googletagmanager.com www.google-analytics.com
3	w.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
3	cdn.jsdelivr.net	www.cyfirma.com
2	www.clarity.ms	www.cyfirma.com www.clarity.ms
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	challenges.cloudflare.com	1 redirects www.cyfirma.com
1	moderate8.cleantalk.org	www.cyfirma.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.de	www.cyfirma.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.cyfirma.com
1	www.gstatic.com	www.google.com
1	fonts.googleapis.com	www.cyfirma.com
1	www.google.com	www.cyfirma.com
1	cdnjs.cloudflare.com	www.cyfirma.com
1	in.fw-cdn.com	www.cyfirma.com
141	21

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.cyfirma.com WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
*.fw-cdn.com Amazon RSA 2048 M03	`2024-11-23` - `2025-12-21`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
*.google.de WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.cleantalk.org Sectigo RSA Domain Validation Secure Server CA	`2024-09-12` - `2025-09-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Frame ID: 64C6BDFDA449187CD3C9DCB8284DD6F9
Requests: 140 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Inside FireScam : An Information Stealer with Spyware Capabilities - CYFIRMA

Detected technologies

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

141
Requests

98 %
HTTPS

57 %
IPv6

15
Domains

21
Subdomains

22
IPs

4
Countries

6086 kB
Transfer

9043 kB
Size

14
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer.php?u=https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=%27https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/%27&text=Inside-FireScam--An-Information-Stealer-with-Spyware-Capabilities

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/&title=Inside-FireScam--An-Information-Stealer-with-Spyware-Capabilities&source=https://www.cyfirma.com

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyfirma/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyfirma/

Search URL Search Domain Scan URL

URL: https://twitter.com/cyfirma?lang=en

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://challenges.cloudflare.com/turnstile/v0/api.js HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/849bfe45bf45/api.js

Request Chain 128

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&e_ipv6=AQJnCnhIt07AqAAAAZQtKtXUhopW4pwv-CfkDmHNKaBMWAMcenq2C_FSMYMkPE9d

141 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/ 139 KB
40 KB 3339ms
3298ms Document
text/html 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f8cddf0c56bca9b5303db1e205c32efe9dacb5d63782c3a55a977a76022bf49

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.cyfirma.com/
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8fc4a276da0f9745-FRA
content-encoding: br
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
content-type: text/html; charset=UTF-8
date: Fri, 03 Jan 2025 17:16:08 GMT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/" <https://www.cyfirma.com/wp-json/wp/v2/out-of-band/37069>; rel="alternate"; type="application/json" <https://www.cyfirma.com/?p=37069>; rel=shortlink
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H3

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/849bfe45bf45/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js
https://challenges.cloudflare.com/turnstile/v0/g/849bfe45bf45/api.js

46 KB
16 KB

27ms
27ms

Script
application/javascript

104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/849bfe45bf45/api.js
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Protocol: H3
Server: 104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf2059be7007cd21fdd3b5df727b89c8916142f7abadfd46408de17778699fb7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

server: cloudflare
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
content-encoding: br
cross-origin-resource-policy: cross-origin
cf-ray: 8fc4a28bab0f9f24-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 02 Jan 2025 13:52:36 GMT
vary: Accept-Encoding
priority: u=3,i=?0

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
location: /turnstile/v0/g/849bfe45bf45/api.js
cross-origin-resource-policy: cross-origin
cf-ray: 8fc4a28b7aed9f24-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfExtPri
date: Fri, 03 Jan 2025 17:16:08 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

GET
H2 200 970201.js Show response
in.fw-cdn.com/31855454/ 353 KB
88 KB 54ms
19ms Script
text/javascript 18.244.18.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.fw-cdn.com/31855454/970201.js
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0d6cbfad423f414457e84247076eaeea86b8272c22ac17ffac2bc9456cf6bdd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

vary: accept-encoding, Origin
cache-control: max-age=120
content-encoding: br
x-amz-version-id: QMPtZwGwOQ6UmruY2iNVtyStDwkBquXG
etag: W/"aa59d3c45a045910d82fc8e43be99664"
age: 111
via: 1.1 5d328d2e734cff11e41c897ec72f465e.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: VI76yIkI3HGk6k-H2QxqUEpaWDaY6NPCvE3hh2JPqGDqCSTkkZ4e0Q==
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sat, 15 Jun 2024 05:17:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P11
x-amz-server-side-encryption: AES256

GET
H2 200 style.min.css
www.cyfirma.com/my_includes/css/dist/block-library/ 108 KB
14 KB 37ms
33ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/my_includes/css/dist/block-library/style.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1ae43-610b7775e6b00-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 14:33:48 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b6c4e9745-FRA
accept-ranges: bytes
content-length: 14501
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 styles.css
www.cyfirma.com/apps/contact-form-7/includes/css/ 3 KB
1 KB 38ms
34ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/css/styles.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "b4e-610b79c9f2940-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b6c519745-FRA
accept-ranges: bytes
content-length: 1015
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 wpcf7-redirect-frontend.min.css
www.cyfirma.com/apps/wpcf7-redirect/build/css/ 316 B
233 B 38ms
35ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c0647c53dde19cd56b2dfd0626db41f3db20c92984e1e6a4d469c19e4823adf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "13c-610b733b7b140-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 14:14:53 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b6c529745-FRA
accept-ranges: bytes
content-length: 124
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 cleantalk-public.min.css
www.cyfirma.com/apps/cleantalk-spam-protect/css/ 2 KB
878 B 39ms
35ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/cleantalk-spam-protect/css/cleantalk-public.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f2c1f098f7a28dbab913d292da562c06b45d6495ec9a60e6cbc6b99564ef5e4

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "876-61295c58c5780-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Fri, 01 Mar 2024 09:12:14 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b6c549745-FRA
accept-ranges: bytes
content-length: 768
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 cf7msm.css
www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/ 99 B
215 B 41ms
37ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/cf7msm.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

503f9aa8675e396e6feec3369148a12f5c863c5068d573e72a3f2f4d217ac0d3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "63-610b72be8ca80-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 14:12:42 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c559745-FRA
accept-ranges: bytes
content-length: 107
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 style.min.css
www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 2 KB
645 B 39ms
36ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/style.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6b4-610b6dbdc3cc0-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Tue, 06 Feb 2024 13:50:19 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c569745-FRA
accept-ranges: bytes
content-length: 535
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 uacf7-frontend.css
www.cyfirma.com/apps/ultimate-addons-for-contact-form-7/assets/css/ 72 B
200 B 39ms
36ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/ultimate-addons-for-contact-form-7/assets/css/uacf7-frontend.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb159f0e64f868842c4076aa1bad566f788936364cd8766e60e63c61f7b5d88e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "48-61295c6ccc6c0-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Fri, 01 Mar 2024 09:12:35 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c579745-FRA
accept-ranges: bytes
content-length: 92
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 font-awesome.min.css
cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/ 30 KB
7 KB 49ms
19ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"7918-USx9eQM+MCipvmG1QM8aaHDIlvg"
age: 2598426
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220025-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6643
x-jsd-version: 4.7.0

GET
H2 200 all.min.css
cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/ 58 KB
13 KB 50ms
21ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"e7a9-pX7mjRFgGw/Y5QN/wkH/ZadURzw"
age: 1447429
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220025-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13056
x-jsd-version: 5.15.4

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/ 99 KB
19 KB 51ms
35ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "630e6e62-4900"
age: 834197
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fLBFQGJmNdn9yazE4IXWtm5dXMtPeSIZtKHlhtJHHJ6BjH9BYZBqpVcgyAi7u2QbyWLuED4L98UPsMLUowVeh8EzRxRmj8LyS3z1pNEFKZiABlLZnFGqXCf6uOVchJpj6YOKscKC"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 24 Dec 2025 17:16:08 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fc4a28b8c2037f7-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18688
server: cloudflare

GET
H2 200 remixicon.css
cdn.jsdelivr.net/npm/remixicon@3.2.0/fonts/ 117 KB
15 KB 48ms
19ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/remixicon@3.2.0/fonts/remixicon.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f317ff168377c5b94d740f17e27e8859d4f89abd2ff2416c0041684adcfa1004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"1d55c-0a0+Yx2s2C7k3XacPCH2+Iflc94"
age: 922311
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css; charset=utf-8
x-served-by: cache-fra-etou8220025-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15081
x-jsd-version: 3.2.0

GET
H2 200 skin.css
www.cyfirma.com/template/ 0
73 B 46ms
44ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/skin.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "0-5e56a3f9b7500"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c619745-FRA
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 blocks.css
www.cyfirma.com/template/assets/css/ 8 KB
2 KB 42ms
40ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/blocks.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

738d4cf265345f71cce17d9a69eb8f20df5de1fa2a6e5be1c6ca76824cf8745a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1e35-5e56a3f9b7500-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c649745-FRA
accept-ranges: bytes
content-length: 1447
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 bootstrap.min.css
www.cyfirma.com/template/assets/css/ 156 KB
23 KB 42ms
40ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/bootstrap.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "26eee-5e56a3f9b7500-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c679745-FRA
accept-ranges: bytes
content-length: 23649
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 fontawesome.min.css
www.cyfirma.com/template/assets/css/ 55 KB
12 KB 44ms
42ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/fontawesome.min.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

425a515894a7215256e54706cc640acbb4fb34fd17eb29b374846d8b106e6f8e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "da62-5e56a3f9b7500-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c689745-FRA
accept-ranges: bytes
content-length: 12157
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 all.css
www.cyfirma.com/template/assets/css/ 77 KB
16 KB 45ms
43ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/all.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4948aa9fd1875b6f894bf7ac085914baf38bc27d8b0699864a849c7b7f233ca7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "135ba-5e56a3f9b7500-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c699745-FRA
accept-ranges: bytes
content-length: 16190
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.fancybox.css
www.cyfirma.com/template/assets/css/ 14 KB
3 KB 45ms
44ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/jquery.fancybox.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf8b2588497dcd12fa96a75731c6ec327491f8d55f18da0af72b70afa6713af

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "382f-5e56a3f9b7500-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c6b9745-FRA
accept-ranges: bytes
content-length: 3486
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 slick.css
www.cyfirma.com/template/assets/css/ 1 KB
640 B 44ms
42ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/slick.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1f806310322c848c4c996ca568a03b3b16cf9487cbccf09aef3cf17e2c643d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "534-5e56a3f9b7500-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c6c9745-FRA
accept-ranges: bytes
content-length: 490
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.mCustomScrollbar.css
www.cyfirma.com/template/assets/css/ 42 KB
4 KB 54ms
53ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/jquery.mCustomScrollbar.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40790d44e3deecffafb17b8cdd23a754eabb0faee9c6dfeb3a3b7b17c2fbaa6a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "a8a2-5e56a3f9b7500-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c6d9745-FRA
accept-ranges: bytes
content-length: 3989
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 custom-style.css
www.cyfirma.com/template/assets/css/ 92 KB
16 KB 52ms
51ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c40ab757e586668e665046ee7b65fadb360379607677de549111d1eb412096fd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "171f5-61593c0a9e740-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 11:03:17 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c6e9745-FRA
accept-ranges: bytes
content-length: 15874
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 new-custom-style.css
www.cyfirma.com/template/assets/css/ 257 B
254 B 55ms
54ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/new-custom-style.css

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8e5aea71b92d5bc2e05586277048d2b3b558e75aa7df216a28e4b77bceecc8d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "101-5e7ed8a4b2840-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 12:51:37 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c709745-FRA
accept-ranges: bytes
content-length: 145
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 responsive.css
www.cyfirma.com/template/assets/css/ 37 KB
8 KB 70ms
68ms Stylesheet
text/css 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/css/responsive.css?v=12.14

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

734eb66ec42044d294644d6e06b73eb7723ec74db2f6dd89c5bc98f0775695cf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "93da-612e6cc157400-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: text/css
last-modified: Tue, 05 Mar 2024 09:52:16 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c729745-FRA
accept-ranges: bytes
content-length: 7610
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.min.js Show response
www.cyfirma.com/template/assets/js/ 87 KB
30 KB 54ms
53ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "15d84-5e56a3f9b7500-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c739745-FRA
accept-ranges: bytes
content-length: 30910
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 devtools-detect.js Show response
www.cyfirma.com/apps/wp-hide-security-enhancer/assets/js/ 1 KB
709 B 73ms
72ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wp-hide-security-enhancer/assets/js/devtools-detect.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa4c3d21c2a86169948b5acc1bf4a8589bd4898c5bca6f46a20ae8727b30179

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "59f-610b7385de0c0-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 14:16:11 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c749745-FRA
accept-ranges: bytes
content-length: 536
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 apbct-public-bundle.min.js Show response
www.cyfirma.com/apps/cleantalk-spam-protect/js/ 68 KB
17 KB 55ms
54ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/cleantalk-spam-protect/js/apbct-public-bundle.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b70afed08e44bc1907904f7e27c6bdd98b8808d18295b603fa173aecbf3a6964

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1107a-61295c58c5780-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: application/javascript
last-modified: Fri, 01 Mar 2024 09:12:14 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c759745-FRA
accept-ranges: bytes
content-length: 17668
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 script.min.js Show response
www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/ 409 B
365 B 54ms
53ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/script.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "199-610b6dbdc3cc0-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 13:50:19 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c789745-FRA
accept-ranges: bytes
content-length: 274
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 81ms
43ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a5b49c3ede14881b4d9672021c7342e63bcb5f64dd42a0958a86af0d4f56d374

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 03 Jan 2025 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81498
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 CyfirmaLogoWhite.svg
www.cyfirma.com/media/2022/08/ 18 KB
7 KB 58ms
57ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/CyfirmaLogoWhite.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07ce60e24df059952c6c4f6a82cdb94603280a563a2c2e467f71dc712d0892a7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"465e-5e5b3d02bee80"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: image/svg+xml
last-modified: Mon, 08 Aug 2022 05:08:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c799745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 selfassessment.png
www.cyfirma.com/media/2024/03/ 2 KB
2 KB 55ms
54ms Image
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/selfassessment.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f0bf6c7c4247fa5a2100058e45c6fe238c225fd1b73233a7dc30281c521926c

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "6a4-613c359382490"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: image/png
last-modified: Sat, 16 Mar 2024 08:59:56 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28b7c7d9745-FRA
accept-ranges: bytes
content-length: 1700
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 en.png
www.cyfirma.com/media/flags/ 1012 B
1 KB 83ms
74ms Image
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/flags/en.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b82368a28809e066c7a394775e69bc6ce1ca857317222b8b0ea4ffe53ae5b5f3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "3f4-5e952de8e2180"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/png
last-modified: Fri, 23 Sep 2022 07:10:14 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cade59745-FRA
accept-ranges: bytes
content-length: 1012
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-fe.jpg
www.cyfirma.com/media/2024/12/ 391 KB
391 KB 26ms
25ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-fe.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6cd673656a4048859af122845ad5f7d86ac43f714ce89aad7eab13ac2e8674f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "61aa6-62a76dcc5f3e0"
age: 6135
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:18 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28bccba9745-FRA
accept-ranges: bytes
content-length: 400038
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-1.jpg
www.cyfirma.com/media/2024/12/ 136 KB
136 KB 40ms
40ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-1.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d16ee2ff38af64ab55af81b6769eb7b149446eb549a54433583cfcc32981e1e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "21fb8-62a76dca1aad0"
age: 1922
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:08 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:16 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28bdcc59745-FRA
accept-ranges: bytes
content-length: 139192
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-2.jpg
www.cyfirma.com/media/2024/12/ 96 KB
96 KB 88ms
78ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-2.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3ff42381c83849f9be96490af5f3f6aee223bc983ef4012f073c652784fb601

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "17e86-62a76dc815578"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:14 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cade69745-FRA
accept-ranges: bytes
content-length: 97926
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-3.jpg
www.cyfirma.com/media/2024/12/ 169 KB
170 KB 85ms
75ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-3.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec13734db304e2f39917a4c0bdf236811465acecfe22473c5d53942228c6e1fe

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "2a5b4-62a76dc653a28"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:12 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cade79745-FRA
accept-ranges: bytes
content-length: 173492
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-4.jpg
www.cyfirma.com/media/2024/12/ 157 KB
157 KB 95ms
86ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-4.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d32b61d0ed9270859bc48aa10bd79611cdb1d645f0e6057cc9c57026e0bdd72

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "272ee-62a76dc486f10"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:10 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cade89745-FRA
accept-ranges: bytes
content-length: 160494
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-5.jpg
www.cyfirma.com/media/2024/12/ 36 KB
36 KB 90ms
80ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-5.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f12a70584f1475acc39395c1dd2f5b9756cfdac1c41a78033ba9365d8a43441b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "8f5b-62a76dc2f6cb8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:08 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cade99745-FRA
accept-ranges: bytes
content-length: 36699
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-6.jpg
www.cyfirma.com/media/2024/12/ 72 KB
72 KB 96ms
87ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-6.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14cfef6db2a5d036ff69eefbb5b0a0a9e700d2ccffa1c7ca3f829e9d84893b39

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "11f1d-62a76dc163798"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:07 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadeb9745-FRA
accept-ranges: bytes
content-length: 73501
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-7.jpg
www.cyfirma.com/media/2024/12/ 61 KB
61 KB 93ms
84ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-7.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

701d07ebdc9765a1484e4957f19b87094a092f7a6a96c9e5ecb1fc327f8d1e84

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "f393-62a76dbf5c6e8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:05 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadec9745-FRA
accept-ranges: bytes
content-length: 62355
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-8.jpg
www.cyfirma.com/media/2024/12/ 166 KB
166 KB 105ms
96ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-8.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7adabefeb29d6f5fee70b333c5f79fb40ebc9464a2c2fa816fb2a335a4864d5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "2972b-62a76dbd68eb8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:03 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28caded9745-FRA
accept-ranges: bytes
content-length: 169771
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-9.jpg
www.cyfirma.com/media/2024/12/ 19 KB
20 KB 92ms
83ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-9.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

828a84fffc98a024b659527a9dec9255d35aec177a380dcdcfdf0e52f4612ed2

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "4d86-62a76dba8c7f8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:24:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadef9745-FRA
accept-ranges: bytes
content-length: 19846
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-10.jpg
www.cyfirma.com/media/2024/12/ 44 KB
44 KB 101ms
92ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-10.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7cf6e367dcd653b08b151ed81bdb9fa064b1ec62250bf5de17a1d20d7f9a396

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "b134-62a76db908120"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadf19745-FRA
accept-ranges: bytes
content-length: 45364
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-11.jpg
www.cyfirma.com/media/2024/12/ 59 KB
60 KB 99ms
91ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-11.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a2837a8515e5d154deb5d06ca9d34274d3f7ea6772089e40903d25566209ee3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "edbd-62a76db74cb60"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:56 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadf29745-FRA
accept-ranges: bytes
content-length: 60861
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-12.jpg
www.cyfirma.com/media/2024/12/ 141 KB
141 KB 105ms
96ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-12.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7eb845f2176450b6ed9911836c7c3d5c26b0111ea2c3f5336b6a421aa1ebcd5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "23277-62a76db4cb1c0"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:54 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadf39745-FRA
accept-ranges: bytes
content-length: 143991
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-13.jpg
www.cyfirma.com/media/2024/12/ 65 KB
65 KB 100ms
91ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-13.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a0a82f347da3cbe8daefde448a8fe0a8e07f198eb0b38a5cb4f1ee4930543cd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "102dc-62a76db2b1830"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:51 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadf59745-FRA
accept-ranges: bytes
content-length: 66268
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-14.jpg
www.cyfirma.com/media/2024/12/ 41 KB
42 KB 75ms
67ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-14.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aac9b689f33e16839b4d52720012965130218c4aebb4eaa83fd5bc7e955256ed

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "a55f-62a76db13c388"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:50 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadf79745-FRA
accept-ranges: bytes
content-length: 42335
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-15.jpg
www.cyfirma.com/media/2024/12/ 118 KB
118 KB 103ms
95ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-15.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e744442af7abf940a85aaa54a94e6d1d15e1cd4e0ae7b34b6342c8d12e9b54af

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "1d8af-62a76daf85030"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:48 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadf99745-FRA
accept-ranges: bytes
content-length: 121007
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-16.jpg
www.cyfirma.com/media/2024/12/ 26 KB
26 KB 74ms
65ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-16.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbbd15c0b67d2bbbd3bb265a665f91f7984e5bf766a68292a5fe139b87acf216

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "68f3-62a76dad877d8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:46 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cadfb9745-FRA
accept-ranges: bytes
content-length: 26867
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-17.jpg
www.cyfirma.com/media/2024/12/ 54 KB
55 KB 76ms
68ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-17.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b7a393c51ac2791200ba173adffeacd5164b16ad0e40800c9685925683ff21d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "d9fa-62a76dabe4ca0"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:44 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe039745-FRA
accept-ranges: bytes
content-length: 55802
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-18.jpg
www.cyfirma.com/media/2024/12/ 53 KB
53 KB 77ms
69ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-18.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c9ba892e016444b8e82c38400bf491e574e7ef50b40984997ec915a5f477d3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "d4c1-62a76da9fe760"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:42 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe059745-FRA
accept-ranges: bytes
content-length: 54465
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-19.jpg
www.cyfirma.com/media/2024/12/ 140 KB
141 KB 78ms
70ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-19.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3dd59ea2cc9f2a3e34304bfc384e17d96e0d268704d53ac9736dab494993938

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "231b2-62a76da83b888"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:40 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe089745-FRA
accept-ranges: bytes
content-length: 143794
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-20.jpg
www.cyfirma.com/media/2024/12/ 26 KB
26 KB 81ms
72ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-20.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67f3fb9a8eee64b4be258448c6c66b7ab4361789ef8a700f8411b9ddf1071e32

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "691e-62a76da68d9a0"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:39 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe0a9745-FRA
accept-ranges: bytes
content-length: 26910
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-21.jpg
www.cyfirma.com/media/2024/12/ 121 KB
121 KB 82ms
74ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-21.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d63caece60d11ac11ceb4e510a07bd0ad3eedd56de0dcb9d200f0d555e8ab961

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "1e3ae-62a76da4ae5a8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:37 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe0f9745-FRA
accept-ranges: bytes
content-length: 123822
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-22.jpg
www.cyfirma.com/media/2024/12/ 57 KB
57 KB 130ms
122ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-22.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bafa9547777251a35ecd80ad378641be86a45a984f817fe241c37f26f38623e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "e404-62a76da2fa130"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:35 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe109745-FRA
accept-ranges: bytes
content-length: 58372
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-23.jpg
www.cyfirma.com/media/2024/12/ 146 KB
146 KB 84ms
76ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-23.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f549ccc7a1165ced07515aa1def4dcdaaac6914a2a4d8ec3d5fdd744c9966d47

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "24739-62a76da13d018"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:33 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe119745-FRA
accept-ranges: bytes
content-length: 149305
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-24.jpg
www.cyfirma.com/media/2024/12/ 190 KB
190 KB 85ms
77ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-24.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d375a3e3484f82c09d75e09629a06baa54d2bb6f8b89b36a5469a914cf2fb5b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "2f789-62a76d9fc6bd0"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:31 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe139745-FRA
accept-ranges: bytes
content-length: 194441
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-25.jpg
www.cyfirma.com/media/2024/12/ 219 KB
219 KB 89ms
81ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-25.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4f9657eae062c16fafbb9c80ecf26c82d3e79da691fc5fd203b44dc0e41d3b8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "36b13-62a76d9e03cf8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:30 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe149745-FRA
accept-ranges: bytes
content-length: 224019
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-26.jpg
www.cyfirma.com/media/2024/12/ 116 KB
116 KB 87ms
79ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-26.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96906fafa4f499756a62c882b276e3b1587ebb07c78ed7d7a1659812e5e09952

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "1cf4d-62a76d9a8e500"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:26 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe169745-FRA
accept-ranges: bytes
content-length: 118605
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-27.jpg
www.cyfirma.com/media/2024/12/ 118 KB
118 KB 92ms
85ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-27.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac9381bd329ae74565a630aee5cdbd86ee9df32acfbfe1884c9808462219f755

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "1d65f-62a76d991bf38"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:24 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe179745-FRA
accept-ranges: bytes
content-length: 120415
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-28.jpg
www.cyfirma.com/media/2024/12/ 66 KB
66 KB 127ms
120ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-28.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c156e7557f2bfa58ea627d301e347160cae92fa3ca24dad549e8ba600c47171

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "10927-62a76d97c2bc8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:23 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe199745-FRA
accept-ranges: bytes
content-length: 67879
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-29.jpg
www.cyfirma.com/media/2024/12/ 54 KB
54 KB 127ms
119ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-29.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c5ae59f51691644e2e9cd199ca187b4acb5e7fee601f781d090e0b4ef3ecde5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "d63e-62a76d963d168"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:21 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe1b9745-FRA
accept-ranges: bytes
content-length: 54846
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-30.jpg
www.cyfirma.com/media/2024/12/ 130 KB
131 KB 96ms
89ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-30.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3a1c222916547d115afb16b4dd8ed2a2c1eabed1bed01fdc36f3b4d9e594cdc

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "20945-62a76d949bda0"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:20 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe1c9745-FRA
accept-ranges: bytes
content-length: 133445
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-31.jpg
www.cyfirma.com/media/2024/12/ 40 KB
40 KB 100ms
93ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-31.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a474c925d69520d6666bf70aa76da51dc23a9b6cf8505f67b3c712a7e3c3f4b6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "a027-62a76d92512e8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:17 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe1f9745-FRA
accept-ranges: bytes
content-length: 40999
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-32.jpg
www.cyfirma.com/media/2024/12/ 18 KB
18 KB 129ms
122ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-32.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb17cf62574cb51f34c7ad058f3a5c3ff430caacfc1041e72d21b2576d959e9d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "4690-62a76d9068e68"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:15 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe209745-FRA
accept-ranges: bytes
content-length: 18064
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-33.jpg
www.cyfirma.com/media/2024/12/ 38 KB
39 KB 101ms
94ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-33.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5bf2e001adc50ef1abb6d29721125ea681e946bdd4cbe4d6c5cc40cbbcce7f6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "99be-62a76d8f000f8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:14 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe239745-FRA
accept-ranges: bytes
content-length: 39358
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-34.jpg
www.cyfirma.com/media/2024/12/ 66 KB
66 KB 127ms
120ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-34.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9faf62e7e91228ac39e16a442b2defb297a79481a0f4d585212096ec86b3b67b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "1078f-62a76d8d53980"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:12 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe259745-FRA
accept-ranges: bytes
content-length: 67471
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-35.jpg
www.cyfirma.com/media/2024/12/ 35 KB
35 KB 127ms
120ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-35.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb743d232861a0c1a1b91571e6c4ff123bb915d4625ad09cbfb531abe1ba2422

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "8b0a-62a76d8b4e810"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:10 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe299745-FRA
accept-ranges: bytes
content-length: 35594
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-36.jpg
www.cyfirma.com/media/2024/12/ 66 KB
66 KB 126ms
119ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-36.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

996ac62dfea50a946b373eb93dc4f46ddb797e0a748ec21f5f9fb289834dc92e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "10726-62a76d8992e68"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:08 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe2b9745-FRA
accept-ranges: bytes
content-length: 67366
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-37.jpg
www.cyfirma.com/media/2024/12/ 51 KB
51 KB 126ms
119ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-37.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f02d6218cd553a52908c96adfe586399eabfd58653dec12eb3a64674feebbc6

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "cc32-62a76d8813d80"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:07 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe2d9745-FRA
accept-ranges: bytes
content-length: 52274
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-38.jpg
www.cyfirma.com/media/2024/12/ 47 KB
47 KB 127ms
121ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-38.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97c8bb58bf86f8ca8807de2d4b52947fb6e0f55dd63147cf28d013db44102ac3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "bb60-62a76d86725d0"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:05 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe2e9745-FRA
accept-ranges: bytes
content-length: 47968
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-39.jpg
www.cyfirma.com/media/2024/12/ 52 KB
52 KB 147ms
140ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-39.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c281bcc7f18919a0614a8ed0b2fc82fea15109576bd506c8a2df479e2ecdfb8e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "d045-62a76d84987c8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:03 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe309745-FRA
accept-ranges: bytes
content-length: 53317
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-40.jpg
www.cyfirma.com/media/2024/12/ 49 KB
49 KB 149ms
142ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-40.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4039b5fdeed16a7f0efd4c317fc7eea6eee5c2cb15aec8f334fd1b6011aa3041

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "c536-62a76d825ea98"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:23:01 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe339745-FRA
accept-ranges: bytes
content-length: 50486
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-41.jpg
www.cyfirma.com/media/2024/12/ 46 KB
46 KB 127ms
121ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-41.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

103e301c55d6aa84b6888f586aab1de3df2a855a8367ed85ccf9a2bb8dce857e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "b7c1-62a76d80402e8"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:22:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe389745-FRA
accept-ranges: bytes
content-length: 47041
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-42.jpg
www.cyfirma.com/media/2024/12/ 181 KB
182 KB 127ms
120ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-42.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcc284393ee1b6146e83ae622187f302c15094e4dfe8e81c3305fc288941b998

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "2d59d-62a76d7e60720"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:22:56 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe3a9745-FRA
accept-ranges: bytes
content-length: 185757
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 inside30-43.jpg
www.cyfirma.com/media/2024/12/ 232 KB
233 KB 126ms
120ms Image
image/jpeg 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/12/inside30-43.jpg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

024f3907954fcad2a47bf2182f6a76102a4199b1393862a61fb3d4a2736c3d6f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-bgj: h2pri
etag: "3a1ac-62a76d7c53c98"
age: 1923
cf-cache-status: HIT
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/jpeg
last-modified: Mon, 30 Dec 2024 06:22:54 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe3c9745-FRA
accept-ranges: bytes
content-length: 237996
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 linkedin-in.svg
www.cyfirma.com/media/2024/03/ 692 B
544 B 160ms
154ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/linkedin-in.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc3b59c278627cdb29d8975817ed927204ced9233e8776df01625d775637d226

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"2b4-6149f439e8de0"
age: 4098
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Mar 2024 07:22:07 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe419745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 facebook-f.svg
www.cyfirma.com/media/2024/03/ 563 B
500 B 127ms
121ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/facebook-f.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a11f55caea154cdc5bb990fbc8cfcca5bacdde16cc1fb7bcd6d594576d65a812

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"233-6149f4381b710"
age: 4098
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Mar 2024 07:22:05 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe469745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 x-twitter.svg
www.cyfirma.com/media/2024/03/ 564 B
459 B 127ms
121ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/x-twitter.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3eede500590266592b52e0bb9b9ce990674d3c692e6291f19fa2ed2973789cd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"234-6149f435ee8e8"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Mar 2024 07:22:02 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe489745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 Singapore.svg
www.cyfirma.com/media/2022/08/ 2 KB
749 B 126ms
120ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/Singapore.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c57362794ada29200eaf4fe57394ee81787ad537dc2bf73eae86954954b9beb3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"637-5e6cec945ce80"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe499745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 IN.svg
www.cyfirma.com/media/2022/08/ 1 KB
699 B 131ms
125ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/IN.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2134b4b272bc464e6e24c4349d5ad4b2046234f8dc1291e8127e4c52d6c1723

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"566-5e6cec945ce80"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe4b9745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 JP.svg
www.cyfirma.com/media/2022/08/ 459 B
322 B 128ms
122ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/JP.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4ca6310bab0846e407ba41ba9664c5a1e35ec39abaf980849ea7eb101416499

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"1cb-5e6cec945ce80"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Aug 2022 06:44:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe4f9745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 US.svg
www.cyfirma.com/media/2022/08/ 2 KB
1 KB 140ms
134ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/US.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84cc57d3cc87630aa3180ee548f38d33ea73969ff46765d7446e07df029abfd3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"8be-5e6cec95510c0"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Aug 2022 06:44:59 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe509745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 DE.svg
www.cyfirma.com/media/2022/08/ 882 B
517 B 138ms
133ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2022/08/DE.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5d082a8a8042007ac2f3b4e5e0eee1f0b24d8d5c1fbf304275ef72d87a11d07

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"372-5e6cec95510c0"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Aug 2022 06:44:59 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe519745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 KR.svg
www.cyfirma.com/media/2024/03/ 3 KB
1 KB 133ms
128ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/KR.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

759975539752ee86c2b252c115886ddf8ec8b9eaefd05dfb858db0f8f4a042a5

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"b80-613c99c0290c0"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Sat, 16 Mar 2024 16:28:07 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe539745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 AU.svg
www.cyfirma.com/media/2024/03/ 3 KB
1 KB 127ms
122ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/AU.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b905e0fbcc7a6ad1c69672ccd6782c66b23f9393b79de7b58f24eb631cc1dccf

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"b3c-613c99b9c3d70"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Sat, 16 Mar 2024 16:28:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe549745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 TW.svg
www.cyfirma.com/media/2024/03/ 1 KB
1 KB 136ms
131ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/TW.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b37d315dcea0fbeea45df259f6e857e674da51c9618efc9928b6cd5205189da

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"599-613c99bdda3a0"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Sat, 16 Mar 2024 16:28:04 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe559745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 VN.svg
www.cyfirma.com/media/2024/03/ 663 B
476 B 128ms
122ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/VN.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dcab65b9993e052b1144e982a61f761add74cd404b717830a3449d7f2d4c522

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"297-613c99b857568"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Sat, 16 Mar 2024 16:27:58 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe569745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 AE.svg
www.cyfirma.com/media/2024/03/ 961 B
591 B 138ms
133ms Image
image/svg+xml 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/03/AE.svg

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a98855ff9dd707b642bd4510039182325edbd4a1bf745eccde5a0a1d15b5b783

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"3c1-613c99bbfbf48"
age: 4098
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/svg+xml
last-modified: Sat, 16 Mar 2024 16:28:02 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe589745-FRA
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 iso-27001.png
www.cyfirma.com/media/2023/12/ 51 KB
51 KB 134ms
129ms Image
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2023/12/iso-27001.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86e08c2b8e9027640e44408d0840e35f8d3ea353352aeed3aa390f78ad96d23b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "cad1-60d909f2bee20"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/png
last-modified: Thu, 28 Dec 2023 11:57:37 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe5a9745-FRA
accept-ranges: bytes
content-length: 51921
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 eugdpr.png
www.cyfirma.com/media/2024/02/ 78 KB
78 KB 130ms
125ms Image
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/02/eugdpr.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4e4572b48ee33a09c5296563555166ea2bedc103f79e046748d39ab86dc8591

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "13635-61049b2b42398"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/png
last-modified: Thu, 01 Feb 2024 03:36:17 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe5c9745-FRA
accept-ranges: bytes
content-length: 79413
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 iso4001-w.png
www.cyfirma.com/media/2024/02/ 16 KB
16 KB 138ms
133ms Image
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/02/iso4001-w.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

108def0528b188d78212d66957bd99f7bef9309a3e697f78c8a0255fa10fec87

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "3f17-6104a41a5a130"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/png
last-modified: Thu, 01 Feb 2024 04:16:15 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe5f9745-FRA
accept-ranges: bytes
content-length: 16151
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 AICPASOC.png
www.cyfirma.com/media/2024/05/ 78 KB
78 KB 128ms
124ms Image
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/media/2024/05/AICPASOC.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a9166d49e739e0f1b735aa60f31faf2f7efd09b50101d9bac4a255ba17724ef

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "13683-6189df8a11bc0"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: image/png
last-modified: Fri, 17 May 2024 03:30:20 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe609745-FRA
accept-ranges: bytes
content-length: 79491
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 index.js Show response
www.cyfirma.com/apps/contact-form-7/includes/swv/js/ 11 KB
4 KB 33ms
33ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/swv/js/index.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "2b6d-610b79c9f2940-gzip"
age: 4105
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c4d8c9745-FRA
accept-ranges: bytes
content-length: 3212
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 index.js Show response
www.cyfirma.com/apps/contact-form-7/includes/js/ 13 KB
4 KB 36ms
36ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7/includes/js/index.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "337e-610b79c9f2940-gzip"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 14:44:13 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c5d969745-FRA
accept-ranges: bytes
content-length: 4191
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 wpcf7r-fe.js Show response
www.cyfirma.com/apps/wpcf7-redirect/build/js/ 8 KB
2 KB 42ms
32ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/wpcf7-redirect/build/js/wpcf7r-fe.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1f8a-610b733b7b140-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 14:14:53 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dcc9745-FRA
accept-ranges: bytes
content-length: 1617
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 cf7msm.min.js Show response
www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/ 5 KB
2 KB 42ms
33ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/apps/contact-form-7-multi-step-module/resources/cf7msm.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cba79732c9d0e64aa7a033590990e73fe8bbf3da12e72a0376cd68aeda1acbfb

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "1457-610b72be8ca80-gzip"
age: 4104
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 14:12:42 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dce9745-FRA
accept-ranges: bytes
content-length: 2020
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
992 B 54ms
26ms Script
text/javascript 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

ESF /

Resource Hash

991c3b1f33fc557b49fcb401b5183e090f837fb70fe5bc422d9fe23c879d2d4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Fri, 03 Jan 2025 17:16:09 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 particles.js Show response
www.cyfirma.com/template/assets/js/ 22 KB
6 KB 45ms
36ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/particles.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b336cf8710d8097c7de836d5534ff7c803b00c260c9500a4cb4b95f1905230c1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "591e-5e56a3f9b7500-gzip"
age: 4103
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dcf9745-FRA
accept-ranges: bytes
content-length: 5721
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.matchHeight-min.js Show response
www.cyfirma.com/template/assets/js/ 3 KB
1 KB 46ms
36ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.matchHeight-min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ab9a2fb6fb65ca5debaa8686408bab41a073db2d5abcf0db248279d944ac51

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "d29-5e56a3f9b7500-gzip"
age: 4103
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dd19745-FRA
accept-ranges: bytes
content-length: 1372
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 bootstrap.min.js Show response
www.cyfirma.com/template/assets/js/ 58 KB
15 KB 44ms
34ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/bootstrap.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

974e81270e14d0829929fe7cf9e20bd0ad6c651a6c4203b6799740b970174a52

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "e6b4-5e56a3f9b7500-gzip"
age: 4102
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dd39745-FRA
accept-ranges: bytes
content-length: 15406
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.custom-scroll.min.js Show response
www.cyfirma.com/template/assets/js/ 44 KB
13 KB 45ms
36ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.custom-scroll.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "b1a7-5e56a3f9b7500-gzip"
age: 4101
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dd69745-FRA
accept-ranges: bytes
content-length: 12940
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 jquery.fancybox.js Show response
www.cyfirma.com/template/assets/js/ 60 KB
19 KB 45ms
36ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/jquery.fancybox.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

539f5ac9dfd20b0944a5dcbf121289df379e4197e9263006b96b931c7bc18c5b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "f154-5e56a3f9b7500-gzip"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dd79745-FRA
accept-ranges: bytes
content-length: 19666
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 slick.js Show response
www.cyfirma.com/template/assets/js/ 42 KB
10 KB 45ms
36ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/slick.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e55b451621a060d376f1b31af3b370ea3d65ab7532ca82e875e52882deefbae

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "a88a-5e56a3f9b7500-gzip"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28c8dd89745-FRA
accept-ranges: bytes
content-length: 10485
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 custom.js Show response
www.cyfirma.com/template/assets/js/ 5 KB
1 KB 92ms
83ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/js/custom.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

290dc8deb77632ee52a3e08c01def62f5fb715b5c85fbc4afaa99a3c8b4d1a4e

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "144a-5e8a21454c8c0-gzip"
age: 4101
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 12:15:07 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cade49745-FRA
accept-ranges: bytes
content-length: 1318
x-xss-protection: 1; mode=block
server: cloudflare

GET d13fdae9-e61a-4ba7-98bb-f2afeaee531c
https://www.cyfirma.com/ 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 272 KB
90 KB 68ms
36ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ad2bc490df445dcad39f8e53a08c16e10c761c56fdc4d4a01c9105c1da3beda9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 03 Jan 2025 15:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 91386
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
960 B 60ms
22ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f6b0065281112e3226ef9b71a169eb71de2c25a092da72d926f8d0314437d3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 03 Jan 2025 15:29:56 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 404 footerbg.png
www.cyfirma.com/template/assets/media/2022/09/ 3 KB
3 KB 2598ms
2595ms Image
text/html 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cyfirma.com/template/assets/media/2022/09/footerbg.png

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

168214fa87227f735c673910500462053313d0439bbf222d328532fd1ee0e23b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/template/assets/css/custom-style.css?v=11.73

Response headers

content-encoding: br
cf-cache-status: EXPIRED
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Fri, 03 Jan 2025 17:16:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: DENY
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800, must-revalidate
pragma: no-cache
cf-ray: 8fc4a28cbe639745-FRA
access-control-allow-origin: https://www.cyfirma.com/
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v22/ 8 KB
8 KB 41ms
13ms Font
font/woff2 216.58.206.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://fonts.googleapis.com/

Response headers

age: 287568
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 31 Dec 2025 09:23:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 31 Dec 2024 09:23:21 GMT
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

GET
H2 200 fa-light-300.woff2
www.cyfirma.com/template/assets/fonts/ 153 KB
154 KB 119ms
118ms Font
font/woff2 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-light-300.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99bbc5cbd07c3d36c28f1a02bc0f1e7e7f3f4423ec93f07a13ffc884b8aa1a34

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://www.cyfirma.com/template/assets/css/all.css

Response headers

cf-cache-status: HIT
etag: "26534-5e56a3f9b7500"
age: 6515
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: font/woff2
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe659745-FRA
accept-ranges: bytes
content-length: 156980
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v22/ 8 KB
8 KB 48ms
20ms Font
font/woff2 216.58.206.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f3.1e100.net

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://fonts.googleapis.com/

Response headers

age: 287992
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 31 Dec 2025 09:16:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 31 Dec 2024 09:16:17 GMT
last-modified: Wed, 04 Dec 2024 06:53:49 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7840
x-xss-protection: 0
server: sffe

GET
H2 200 fa-solid-900.woff2
www.cyfirma.com/template/assets/fonts/ 115 KB
115 KB 103ms
102ms Font
font/woff2 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-solid-900.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47c58e41e2f38d9813c39b6641c96e12408522bf774779cb58973f67303875a7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://www.cyfirma.com/template/assets/css/all.css

Response headers

cf-cache-status: HIT
etag: "1cb70-5e56a3f9b7500"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: font/woff2
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cbe679745-FRA
accept-ranges: bytes
content-length: 117616
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 fa-brands-400.woff2
www.cyfirma.com/template/assets/fonts/ 70 KB
71 KB 142ms
141ms Font
font/woff2 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/template/assets/fonts/fa-brands-400.woff2

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/template/assets/css/all.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3eb2d0caf3502359966882d146b1a75e34bf933cbdace1c286395ea3fd1f567

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://www.cyfirma.com/template/assets/css/all.css

Response headers

cf-cache-status: HIT
etag: "119bc-5e56a3f9b7500"
age: 1923
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: font/woff2
last-modified: Thu, 04 Aug 2022 13:23:00 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28cee7e9745-FRA
accept-ranges: bytes
content-length: 72124
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v22/ 8 KB
8 KB 39ms
12ms Font
font/woff2 216.58.206.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@200;300;400;500;600;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://fonts.googleapis.com/

Response headers

age: 288987
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 31 Dec 2025 08:59:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 31 Dec 2024 08:59:42 GMT
last-modified: Wed, 04 Dec 2024 06:54:05 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7748
x-xss-protection: 0
server: sffe

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/ 549 KB
218 KB 91ms
44ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderInvisibleReCaptcha&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8694091227f6f34a6acb8dda867cab6f129cb19ee794a75ebd434793d4066e5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.cyfirma.com
Referer: https://www.cyfirma.com/

Response headers

content-encoding: gzip
age: 4686
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Sat, 03 Jan 2026 15:58:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 15:58:03 GMT
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 222469
x-xss-protection: 0
server: sffe

GET
H2 200 wp-emoji-release.min.js Show response
www.cyfirma.com/my_includes/js/ 18 KB
5 KB 67ms
66ms Script
application/javascript 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/my_includes/js/wp-emoji-release.min.js

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "4904-610b772012080-gzip"
age: 6515
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript
last-modified: Tue, 06 Feb 2024 14:32:18 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a28d3e9e9745-FRA
accept-ranges: bytes
content-length: 5039
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 apbct_get_pixel_url Show response
www.cyfirma.com/wp-json/cleantalk-antispam/v1/ 80 B
969 B 1468ms
1468ms XHR
application/json 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/wp-json/cleantalk-antispam/v1/apbct_get_pixel_url

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/apps/cleantalk-spam-protect/js/apbct-public-bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31074dacb904fcaa16b70f4642243eb71f444f0a84fcda9b7b70f7ef3a683c56

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-WP-Nonce: 5dc050bdd2
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

x-robots-tag: noindex
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
content-encoding: br
cf-cache-status: DYNAMIC
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff, nosniff
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
expires: Thu, 19 Nov 1981 08:52:00 GMT
x-wp-nonce: 5dc050bdd2
date: Fri, 03 Jan 2025 17:16:10 GMT
content-type: application/json; charset=UTF-8
vary: Origin
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-frame-options: DENY
link: <https://www.cyfirma.com/wp-json/>; rel="https://api.w.org/"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
allow: POST
cf-ray: 8fc4a28d3e9b9745-FRA
access-control-allow-origin: https://www.cyfirma.com
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 381 KB
124 KB 62ms
61ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&l=dataLayer&cx=c&gtm=457e4cc1za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b9457f1201e34f36980b7e2c0da9410d36b3d095da1d27f615725128b331b289

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 126910
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 64ms
21ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-80179732-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: gzip
age: 5548
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Fri, 03 Jan 2025 17:43:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 15:43:41 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 324 KB
107 KB 57ms
57ms Script
application/javascript 142.250.186.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c&gtm=45He4cc1v852032066za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

fd4258c855f994d97af2f7cc8ee37e566bce728938ec6b6be8b6b2b1bc5fe42e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109943
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 19 KB
8 KB 77ms
17ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GT46FN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

vary: Accept-Encoding
cache-control: max-age=82948
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 7404
date: Fri, 03 Jan 2025 17:16:09 GMT
last-modified: Wed, 18 Dec 2024 09:08:52 GMT
content-type: application/javascript;charset=utf-8
x-edgeconnect-midmile-rtt: 0, 0
x-edgeconnect-origin-mex-latency: 470, 470
x-amz-server-side-encryption: AES256

GET
H2 200 jg2ucp2q3y Show response
www.clarity.ms/tag/ 553 B
810 B 281ms
203ms Script
application/x-javascript 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jg2ucp2q3y
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ff94d4d6b846f9738100250c7104c2d48a1d62d14bda43994fa9142b5cb57124

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 553
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/x-javascript
x-azure-ref: 20250103T171609Z-17f9fbfbcd7gp6kjhC1FRA793w0000000p3000000000269n

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 19ms
19ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: max-age=86106
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Fri, 03 Jan 2025 17:16:09 GMT
last-modified: Mon, 02 Dec 2024 10:13:56 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
419 B 23ms
22ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=71665133&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&ul=de-de&de=UTF-8&dt=Inside%20FireScam%20%3A%20An%20Information%20Stealer%20with%20Spyware%20Capabilities%20-%20CYFIRMA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=943280258&gjid=1469700311&cid=33287834.1735924569&tid=UA-80179732-4&_gid=1944264184.1735924569&_r=1&gtm=457e4cc1za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&jsscut=1&npa=1&z=456760725

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cyfirma.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.cyfirma.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
86 B 23ms
23ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=71665133&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&ul=de-de&de=UTF-8&dt=Inside%20FireScam%20%3A%20An%20Information%20Stealer%20with%20Spyware%20Capabilities%20-%20CYFIRMA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=657457942&gjid=483282015&cid=33287834.1735924569&tid=UA-80179732-4&_gid=1944264184.1735924569&_r=1&_slc=1&gtm=45He4cc1n815GT46FNv852032066za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&npa=1&z=678814637

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

bb2ccb10404cc6a241da8ff58b2ccb32e483c021f9123c09d4e5f565af4fc718

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cyfirma.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.cyfirma.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 15
server: Golfe2

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 385 KB
126 KB 45ms
45ms Script
application/javascript 142.250.186.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3237ac35fb0e6bd818e05bf4969ba6fc8446dc788a88af73c914637293ff8f4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 03 Jan 2025 17:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 128767
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
813 B 222ms
171ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.cyfirma.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 00062ad06f5306ddf6d74d85f6af9c9e
x-msedge-ref: Ref A: 979ED00413A847E0A86A39D350A7277C Ref B: FRAEDGE1710 Ref C: 2025-01-03T17:16:09Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYq0G9TBt32102F9q+cng==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&e_i...

0
266 B

226ms
185ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&e_ipv6=AQJnCnhIt07AqAAAAZQtKtXUhopW4pwv-CfkDmHNKaBMWAMcenq2C_FSMYMkPE9d
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D65ED3628CBF4B4789AA13F81EB0AAE6 Ref B: FRAEDGE1215 Ref C: 2025-01-03T17:16:09Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYq0G9WkIT+SQNiKjz+dg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4091476&time=1735924569413&url=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&e_ipv6=AQJnCnhIt07AqAAAAZQtKtXUhopW4pwv-CfkDmHNKaBMWAMcenq2C_FSMYMkPE9d
x-msedge-ref: Ref A: FCDE065BCB2D458ABC68ABDCC5E91CAA Ref B: FRAEDGE1515 Ref C: 2025-01-03T17:16:09Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYq0G9TA9CfPOCX1NpvMA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 03 Jan 2025 17:16:09 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.59/ 67 KB
28 KB 46ms
46ms Script
application/javascript 2620:1ec:29:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.59/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jg2ucp2q3y
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 83146c62110f911cbc9e66daa824d1f4e1d8f8aa6508aa45fe061932db65fa27

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

x-azure-ref: 20250103T171609Z-17f9fbfbcd7gp6kjhC1FRA793w0000000p3000000000269t
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DD267192E6C672"
x-fd-int-roxy-purgeid: 0
x-ms-request-id: f2f16797-e01e-0003-509c-58cfbf000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 27 Dec 2024 12:25:39 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 62ms
22ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KBLXRB4PTX&gtm=45je4cc1v897044746z8852032066za200zb852032066&_p=1735924568961&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=33287834.1735924569&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1735924569&sct=1&seg=0&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&dt=Inside%20FireScam%20%3A%20An%20Information%20Stealer%20with%20Spyware%20Capabilities%20-%20CYFIRMA&en=page_view&_fv=1&_ss=1&tfd=4090
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c&gtm=45He4cc1v852032066za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cyfirma.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
554 B 79ms
26ms Ping
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KBLXRB4PTX&cid=33287834.1735924569&gtm=45je4cc1v897044746z8852032066za200zb852032066&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KBLXRB4PTX&l=dataLayer&cx=c&gtm=45He4cc1v852032066za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cyfirma.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 59ms
38ms Image
image/gif 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KBLXRB4PTX&cid=33287834.1735924569&gtm=45je4cc1v897044746z8852032066za200zb852032066&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=653921998

Requested by

Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 03 Jan 2025 17:16:09 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 23ms
22ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XN67BK9M7N&gtm=45je4cc1v9135687612za200&_p=1735924568961&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=33287834.1735924569&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1735924569&sct=1&seg=0&dl=https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F&dt=Inside%20FireScam%20%3A%20An%20Information%20Stealer%20with%20Spyware%20Capabilities%20-%20CYFIRMA&en=page_view&_fv=1&_ss=1&tfd=4134
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XN67BK9M7N&l=dataLayer&cx=c&gtm=457e4cc1za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cyfirma.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 03 Jan 2025 17:16:09 GMT
content-type: text/plain
server: Golfe2

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
279 B 510ms
297ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.59/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Fri, 03 Jan 2025 17:16:10 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 177ms
176ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cyfirma.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 04E82512E3E943D7B18779CD0FB017F9 Ref B: FRAEDGE1515 Ref C: 2025-01-03T17:16:09Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYq0G9ZWJc83O5qpEahPQ==
x-li-proto: http/2
access-control-allow-origin: https://www.cyfirma.com
x-cache: CONFIG_NOCACHE
date: Fri, 03 Jan 2025 17:16:09 GMT
vary: Origin

GET
H/1.1 200
OK d3fc253c929591c3b62980901fca03de.gif
moderate8.cleantalk.org/pixel/ 43 B
263 B 46ms
13ms Image
image/gif 2a01:4f8:231:885::3
HETZNER-AS Hetzne...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://moderate8.cleantalk.org/pixel/d3fc253c929591c3b62980901fca03de.gif
Requested by: Host: www.cyfirma.com
URL: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a01:4f8:231:885::3 Ehingen, Germany, ASN24940 (HETZNER-AS Hetzner Online GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/

Response headers

X-Server-IP: 2a01:4f8:231:885::3
Content-Length: 43
Date: Fri, 03 Jan 2025 17:16:10 GMT
Content-Type: image/gif
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
279 B 104ms
103ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.59/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Fri, 03 Jan 2025 17:16:11 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 fevicon-black.png
www.cyfirma.com/media/2020/03/ 5 KB
5 KB 30ms
29ms Other
image/png 2606:4700:10::6816:199e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cyfirma.com/media/2020/03/fevicon-black.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:199e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47cd1bd50cbb69fd9eb4be85e06efc3fb46d41d0f5ddfe4ff97f96efa99e101a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Response headers

cf-cache-status: HIT
etag: "1444-5e56a38cff480"
age: 7007
expect-ct: enforce, max-age=43200, report-uri="https://www.cyfirma.com/report"
x-content-type-options: nosniff
date: Fri, 03 Jan 2025 17:16:11 GMT
content-type: image/png
last-modified: Thu, 04 Aug 2022 13:21:06 GMT
vary: Accept-Encoding
x-frame-options: DENY
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
cache-control: max-age=28800
cf-ray: 8fc4a29cdc699745-FRA
accept-ranges: bytes
content-length: 5188
x-xss-protection: 1; mode=block
server: cloudflare

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
279 B 120ms
119ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.59/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://www.cyfirma.com/

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://www.cyfirma.com
Date: Fri, 03 Jan 2025 17:16:13 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.cyfirma.com
URL: blob:https://www.cyfirma.com/d13fdae9-e61a-4ba7-98bb-f2afeaee531c

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyfirma.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6gn507qcpbp0fkcop3rheg21jq
.cyfirma.com/	1970-01-21 10:57:40	Name: _fw_crm_v Value: 91934ece-7346-44cf-c6b8-a37dd7725ce7
www.cyfirma.com/	1970-01-21 02:58:09	Name: first_session Value: %7B%22visits%22%3A1%2C%22start%22%3A1735924568954%2C%22last_visit%22%3A1735924568954%2C%22url%22%3A%22https%3A%2F%2Fwww.cyfirma.com%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F%22%2C%22path%22%3A%22%2Fresearch%2Finside-firescam-an-information-stealer-with-spyware-capabilities%2F%22%2C%22referrer%22%3A%22%22%2C%22referrer_info%22%3A%7B%22host%22%3A%22%22%2C%22path%22%3A%22blank%22%2C%22protocol%22%3A%22about%3A%22%2C%22port%22%3A80%2C%22search%22%3A%22%22%2C%22query%22%3A%7B%7D%7D%2C%22search%22%3A%7B%22engine%22%3Anull%2C%22query%22%3Anull%7D%2C%22version%22%3A0.4%7D
.cyfirma.com/	1970-01-21 02:13:30	Name: _gid Value: GA1.2.1944264184.1735924569
.cyfirma.com/	1970-01-21 02:12:04	Name: _gat_gtag_UA_80179732_4 Value: 1
.www.cyfirma.com/	1970-01-21 11:48:04	Name: _ga Value: GA1.3.33287834.1735924569
.www.cyfirma.com/	1970-01-21 02:13:30	Name: _gid Value: GA1.3.1944264184.1735924569
.www.cyfirma.com/	1970-01-21 02:12:04	Name: _gat_UA-80179732-4 Value: 1
.cyfirma.com/	1970-01-21 11:48:04	Name: _ga_KBLXRB4PTX Value: GS1.1.1735924569.1.0.1735924569.60.0.0
.cyfirma.com/	1970-01-21 11:48:04	Name: _ga Value: GA1.1.33287834.1735924569
.linkedin.com/	1970-01-21 10:57:40	Name: bcookie Value: "v=2&322d7124-64ce-4611-83c0-2131b5fd113d"
.linkedin.com/	1970-01-21 06:31:16	Name: li_gc Value: MTswOzE3MzU5MjQ1Njk7MjswMjFrAUtuUdZLBt6WZDzL3LY8rFeXzCfJp5Dwdv56zT+VpQ==
.linkedin.com/	1970-01-21 02:13:30	Name: lidc Value: "b=TGST04:s=T:r=T:a=T:p=T:g=3357:u=1:x=1:i=1735924569:t=1736010969:v=2:sig=AQFlIGGa207pFEfxr1OfKif-7BJxZ-2v"
.cyfirma.com/	1970-01-21 11:48:04	Name: _ga_XN67BK9M7N Value: GS1.1.1735924569.1.0.1735924569.0.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.cyfirma.com/template/assets/media/2022/09/footerbg.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://beta05.cyfirma.com https://in.fw-cdn.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.cyfirma.com https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
challenges.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
in.fw-cdn.com
moderate8.cleantalk.org
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
snap.licdn.com
stats.g.doubleclick.net
w.clarity.ms
www.clarity.ms
www.cyfirma.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.cyfirma.com
104.17.25.14
104.18.95.41
13.107.42.14
142.250.185.163
142.250.186.132
142.250.186.136
18.244.18.122
2001:4860:4802:34::36
2001:4860:4802:36::178
216.58.206.67
23.96.124.156
2606:4700:10::6816:199e
2620:1ec:21::14
2620:1ec:29:1::45
2a00:1450:4001:803::2008
2a00:1450:4001:80b::200a
2a00:1450:4001:81c::2003
2a00:1450:400c:c06::9d
2a01:4f8:231:885::3
2a02:26f0:3500:10::210:a99
2a04:4e42:400::485
0085adfd2d08a45f62a06d8f3f969ddc4a94ebe8d226511db90aa038f11ed180
01b035efb5dfa529c512f82962ed633328222da6f33c224244806d4798c67349
024f3907954fcad2a47bf2182f6a76102a4199b1393862a61fb3d4a2736c3d6f
07ce60e24df059952c6c4f6a82cdb94603280a563a2c2e467f71dc712d0892a7
0a9166d49e739e0f1b735aa60f31faf2f7efd09b50101d9bac4a255ba17724ef
0d6cbfad423f414457e84247076eaeea86b8272c22ac17ffac2bc9456cf6bdd7
0f8cddf0c56bca9b5303db1e205c32efe9dacb5d63782c3a55a977a76022bf49
103e301c55d6aa84b6888f586aab1de3df2a855a8367ed85ccf9a2bb8dce857e
108def0528b188d78212d66957bd99f7bef9309a3e697f78c8a0255fa10fec87
14cfef6db2a5d036ff69eefbb5b0a0a9e700d2ccffa1c7ca3f829e9d84893b39
168214fa87227f735c673910500462053313d0439bbf222d328532fd1ee0e23b
1a2837a8515e5d154deb5d06ca9d34274d3f7ea6772089e40903d25566209ee3
1aa4c3d21c2a86169948b5acc1bf4a8589bd4898c5bca6f46a20ae8727b30179
1aeb9107928bb523947c28e17358efb50a07b942e15ed0a72259a5794ea2ca96
1bafa9547777251a35ecd80ad378641be86a45a984f817fe241c37f26f38623e
1c156e7557f2bfa58ea627d301e347160cae92fa3ca24dad549e8ba600c47171
1dcab65b9993e052b1144e982a61f761add74cd404b717830a3449d7f2d4c522
290dc8deb77632ee52a3e08c01def62f5fb715b5c85fbc4afaa99a3c8b4d1a4e
2a0a82f347da3cbe8daefde448a8fe0a8e07f198eb0b38a5cb4f1ee4930543cd
31074dacb904fcaa16b70f4642243eb71f444f0a84fcda9b7b70f7ef3a683c56
3237ac35fb0e6bd818e05bf4969ba6fc8446dc788a88af73c914637293ff8f4c
3b37d315dcea0fbeea45df259f6e857e674da51c9618efc9928b6cd5205189da
3c5ae59f51691644e2e9cd199ca187b4acb5e7fee601f781d090e0b4ef3ecde5
3d16ee2ff38af64ab55af81b6769eb7b149446eb549a54433583cfcc32981e1e
3f0bf6c7c4247fa5a2100058e45c6fe238c225fd1b73233a7dc30281c521926c
4039b5fdeed16a7f0efd4c317fc7eea6eee5c2cb15aec8f334fd1b6011aa3041
40790d44e3deecffafb17b8cdd23a754eabb0faee9c6dfeb3a3b7b17c2fbaa6a
425a515894a7215256e54706cc640acbb4fb34fd17eb29b374846d8b106e6f8e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47c58e41e2f38d9813c39b6641c96e12408522bf774779cb58973f67303875a7
47cd1bd50cbb69fd9eb4be85e06efc3fb46d41d0f5ddfe4ff97f96efa99e101a
4948aa9fd1875b6f894bf7ac085914baf38bc27d8b0699864a849c7b7f233ca7
4e55b451621a060d376f1b31af3b370ea3d65ab7532ca82e875e52882deefbae
4f2c1f098f7a28dbab913d292da562c06b45d6495ec9a60e6cbc6b99564ef5e4
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
503f9aa8675e396e6feec3369148a12f5c863c5068d573e72a3f2f4d217ac0d3
539f5ac9dfd20b0944a5dcbf121289df379e4197e9263006b96b931c7bc18c5b
63ab9a2fb6fb65ca5debaa8686408bab41a073db2d5abcf0db248279d944ac51
67f3fb9a8eee64b4be258448c6c66b7ab4361789ef8a700f8411b9ddf1071e32
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593
701d07ebdc9765a1484e4957f19b87094a092f7a6a96c9e5ecb1fc327f8d1e84
734eb66ec42044d294644d6e06b73eb7723ec74db2f6dd89c5bc98f0775695cf
738d4cf265345f71cce17d9a69eb8f20df5de1fa2a6e5be1c6ca76824cf8745a
759975539752ee86c2b252c115886ddf8ec8b9eaefd05dfb858db0f8f4a042a5
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79c9ba892e016444b8e82c38400bf491e574e7ef50b40984997ec915a5f477d3
7cf8b2588497dcd12fa96a75731c6ec327491f8d55f18da0af72b70afa6713af
7d375a3e3484f82c09d75e09629a06baa54d2bb6f8b89b36a5469a914cf2fb5b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
7f02d6218cd553a52908c96adfe586399eabfd58653dec12eb3a64674feebbc6
828a84fffc98a024b659527a9dec9255d35aec177a380dcdcfdf0e52f4612ed2
83146c62110f911cbc9e66daa824d1f4e1d8f8aa6508aa45fe061932db65fa27
84cc57d3cc87630aa3180ee548f38d33ea73969ff46765d7446e07df029abfd3
8694091227f6f34a6acb8dda867cab6f129cb19ee794a75ebd434793d4066e5a
86e08c2b8e9027640e44408d0840e35f8d3ea353352aeed3aa390f78ad96d23b
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8b7a393c51ac2791200ba173adffeacd5164b16ad0e40800c9685925683ff21d
8c1f806310322c848c4c996ca568a03b3b16cf9487cbccf09aef3cf17e2c643d
8f6b0065281112e3226ef9b71a169eb71de2c25a092da72d926f8d0314437d3f
96906fafa4f499756a62c882b276e3b1587ebb07c78ed7d7a1659812e5e09952
974e81270e14d0829929fe7cf9e20bd0ad6c651a6c4203b6799740b970174a52
97c8bb58bf86f8ca8807de2d4b52947fb6e0f55dd63147cf28d013db44102ac3
991c3b1f33fc557b49fcb401b5183e090f837fb70fe5bc422d9fe23c879d2d4c
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
996ac62dfea50a946b373eb93dc4f46ddb797e0a748ec21f5f9fb289834dc92e
99bbc5cbd07c3d36c28f1a02bc0f1e7e7f3f4423ec93f07a13ffc884b8aa1a34
9c0647c53dde19cd56b2dfd0626db41f3db20c92984e1e6a4d469c19e4823adf
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
9d32b61d0ed9270859bc48aa10bd79611cdb1d645f0e6057cc9c57026e0bdd72
9faf62e7e91228ac39e16a442b2defb297a79481a0f4d585212096ec86b3b67b
a11f55caea154cdc5bb990fbc8cfcca5bacdde16cc1fb7bcd6d594576d65a812
a3eb2d0caf3502359966882d146b1a75e34bf933cbdace1c286395ea3fd1f567
a474c925d69520d6666bf70aa76da51dc23a9b6cf8505f67b3c712a7e3c3f4b6
a5b49c3ede14881b4d9672021c7342e63bcb5f64dd42a0958a86af0d4f56d374
a5d082a8a8042007ac2f3b4e5e0eee1f0b24d8d5c1fbf304275ef72d87a11d07
a7cf6e367dcd653b08b151ed81bdb9fa064b1ec62250bf5de17a1d20d7f9a396
a7eb845f2176450b6ed9911836c7c3d5c26b0111ea2c3f5336b6a421aa1ebcd5
a98855ff9dd707b642bd4510039182325edbd4a1bf745eccde5a0a1d15b5b783
aac9b689f33e16839b4d52720012965130218c4aebb4eaa83fd5bc7e955256ed
ac9381bd329ae74565a630aee5cdbd86ee9df32acfbfe1884c9808462219f755
ad2bc490df445dcad39f8e53a08c16e10c761c56fdc4d4a01c9105c1da3beda9
b2134b4b272bc464e6e24c4349d5ad4b2046234f8dc1291e8127e4c52d6c1723
b23a5e62bb16bd36bfa1555d3f741821201496ac4b6d2cc974549568adadec88
b336cf8710d8097c7de836d5534ff7c803b00c260c9500a4cb4b95f1905230c1
b3eede500590266592b52e0bb9b9ce990674d3c692e6291f19fa2ed2973789cd
b70afed08e44bc1907904f7e27c6bdd98b8808d18295b603fa173aecbf3a6964
b82368a28809e066c7a394775e69bc6ce1ca857317222b8b0ea4ffe53ae5b5f3
b905e0fbcc7a6ad1c69672ccd6782c66b23f9393b79de7b58f24eb631cc1dccf
b9457f1201e34f36980b7e2c0da9410d36b3d095da1d27f615725128b331b289
bb2ccb10404cc6a241da8ff58b2ccb32e483c021f9123c09d4e5f565af4fc718
bc3b59c278627cdb29d8975817ed927204ced9233e8776df01625d775637d226
bcc284393ee1b6146e83ae622187f302c15094e4dfe8e81c3305fc288941b998
bf2059be7007cd21fdd3b5df727b89c8916142f7abadfd46408de17778699fb7
c281bcc7f18919a0614a8ed0b2fc82fea15109576bd506c8a2df479e2ecdfb8e
c3a1c222916547d115afb16b4dd8ed2a2c1eabed1bed01fdc36f3b4d9e594cdc
c40ab757e586668e665046ee7b65fadb360379607677de549111d1eb412096fd
c57362794ada29200eaf4fe57394ee81787ad537dc2bf73eae86954954b9beb3
c5bf2e001adc50ef1abb6d29721125ea681e946bdd4cbe4d6c5cc40cbbcce7f6
cb17cf62574cb51f34c7ad058f3a5c3ff430caacfc1041e72d21b2576d959e9d
cba79732c9d0e64aa7a033590990e73fe8bbf3da12e72a0376cd68aeda1acbfb
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3ff42381c83849f9be96490af5f3f6aee223bc983ef4012f073c652784fb601
d4ca6310bab0846e407ba41ba9664c5a1e35ec39abaf980849ea7eb101416499
d63caece60d11ac11ceb4e510a07bd0ad3eedd56de0dcb9d200f0d555e8ab961
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3dd59ea2cc9f2a3e34304bfc384e17d96e0d268704d53ac9736dab494993938
e4e4572b48ee33a09c5296563555166ea2bedc103f79e046748d39ab86dc8591
e4f9657eae062c16fafbb9c80ecf26c82d3e79da691fc5fd203b44dc0e41d3b8
e6cd673656a4048859af122845ad5f7d86ac43f714ce89aad7eab13ac2e8674f
e744442af7abf940a85aaa54a94e6d1d15e1cd4e0ae7b34b6342c8d12e9b54af
e8e5aea71b92d5bc2e05586277048d2b3b558e75aa7df216a28e4b77bceecc8d
eb159f0e64f868842c4076aa1bad566f788936364cd8766e60e63c61f7b5d88e
ec13734db304e2f39917a4c0bdf236811465acecfe22473c5d53942228c6e1fe
ecac4fc801141ce552220be4bb12969e2ee625e2cf08cf0edbac579a279b28f1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f12a70584f1475acc39395c1dd2f5b9756cfdac1c41a78033ba9365d8a43441b
f317ff168377c5b94d740f17e27e8859d4f89abd2ff2416c0041684adcfa1004
f549ccc7a1165ced07515aa1def4dcdaaac6914a2a4d8ec3d5fdd744c9966d47
f7adabefeb29d6f5fee70b333c5f79fb40ebc9464a2c2fa816fb2a335a4864d5
f7bb442b06bfb13ecfee3c3ec2b6b19440a33e080ca9378f8d6f161281bd01ed
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb743d232861a0c1a1b91571e6c4ff123bb915d4625ad09cbfb531abe1ba2422
fbbd15c0b67d2bbbd3bb265a665f91f7984e5bf766a68292a5fe139b87acf216
fd4258c855f994d97af2f7cc8ee37e566bce728938ec6b6be8b6b2b1bc5fe42e
fd8027b53a97cbd5782e85c5908e563c39776703ff9279f50658e630927b4167
ff94d4d6b846f9738100250c7104c2d48a1d62d14bda43994fa9142b5cb57124

www.cyfirma.com Open in urlscan Pro 2606:4700:10::6816:199e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

141 Requests

98 %HTTPS

57 %IPv6

15 Domains

21 Subdomains

22 IPs

4 Countries

6086 kBTransfer

9043 kBSize

14 Cookies

6 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cyfirma.com Open in urlscan Pro
2606:4700:10::6816:199e Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

98 %
HTTPS

57 %
IPv6

15
Domains

21
Subdomains

22
IPs

4
Countries

6086 kB
Transfer

9043 kB
Size

14
Cookies

141 HTTP transactions
0 data transactions