merkurynews.biz.id Open in urlscan Pro
2a06:98c1:3120::9  Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/	130 KB 41 KB	612ms 278ms	Document text/html	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7b3f1082d165b0b96a60d64e533d465c7049a64b4c72dba3852df897ee389e1d Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 787f10981b390e35-AMS content-encoding br content-type text/html; charset=UTF-8 date Wed, 11 Jan 2023 16:35:18 GMT link <https://merkurynews.biz.id/wp-json/>; rel="https://api.w.org/" <https://merkurynews.biz.id/wp-json/wp/v2/posts/109318>; rel="alternate"; type="application/json" <https://merkurynews.biz.id/?p=109318>; rel=shortlink nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82nKapBoBZbZdKSt39fHUn7q8KTWenRfvImapHH96CxixMJji54dKl%2Bk9L4kbY9m5DfS8boMV0mbTB%2BAopSBVHV5c4M0wznFi86CqcbQiuydf4ZBqyjxUJ9uxv%2FRATKpHxPaEtigKEgSJfqv1t%2FGEAM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-litespeed-cache miss x-litespeed-cache-control public,max-age=604800 x-litespeed-tag de5_HTTP.200,de5_post,de5_URL.fa060e304ef5e22a6471aba47fec6b4d,de5_Po.109318,de5_ x-pingback https://merkurynews.biz.id/xmlrpc.php
GET H2	200	style.min.css merkurynews.biz.id/wp-includes/css/dist/block-library/	93 KB 13 KB	51ms 47ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Wed, 16 Nov 2022 02:03:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 29677 etag W/"172a9-637444ea-62708f;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPPALI7t6gn2m6LavvNSsAqHpb%2Fd2FUCUym%2B4H2rTe0Q938Pt0bySXcGuHllnq440BkJQS7zMbdW30G08sRbaZyoDexTOzRcaDfmXiys0ON0PjroLmtMn9inbzkd18iYpTgMlxiXptiNlv3BKVl3PhI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 787f1099ee010e35-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:01 GMT
GET H2	200	classic-themes.min.css merkurynews.biz.id/wp-includes/css/	217 B 550 B	118ms 114ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-includes/css/classic-themes.min.css?ver=1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 10 Nov 2022 09:02:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"d9-636cbe2a-52b3a8;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e8SxMXYZX0xcP0LeziiSaw6s81d8DBD8as%2FHDozHxIF%2FfgxhgWcy4oyQTvrb%2BEWqGzHbcV1hqa0jwMvt82uwXI%2FdFBcUc7wK8OH7erm%2Bc0UVwNIswFcGOKS%2FY1hDuetb3KqJLigqfGSI08NWbaQrI4g%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 787f1099ee040e35-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:05 GMT
GET H2	200	wp-automatic.css merkurynews.biz.id/wp-content/plugins/wp-automatic/css/	2 KB 961 B	34ms 31ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash da26f75773d686f672adddeabc4378a593a11845f01c01dbd2c941744d2ff96a Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 29677 cf-polished origSize=2713 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 03 Nov 2022 14:02:30 GMT server cloudflare etag W/"a99-6363c9f6-4305fa;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FqALXz1NWlOJS22zJmIbu2mw4cYVPmotbMfK74IEHGTm8rgWdKGMbyZ6O6TBugOFRR065qt2d%2By7%2B3NMjcCBoJeFA2W7XN2jC92jWZdDpZMF0F7qsFVkmcupqc33YupBkhWkIfGSzuMD7P%2Bwph0bMeg%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 787f1099ee060e35-AMS expires Mon, 09 Jan 2023 05:29:37 GMT
GET H2	200	bootstrap.min.css merkurynews.biz.id/wp-content/themes/newscard/assets/library/bootstrap/css/	141 KB 22 KB	38ms 35ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/bootstrap/css/bootstrap.min.css?ver=4.0.0 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2f8d728d935edbf2aeae36b6b3d96634885dbd474ddd1cc7d80711449109221b Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 339 etag W/"235bf-6363cb4e-4306db;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8wJrccY1BKD%2F2Ik58eoRROHZBXV8dXP7ezYoT9cBWT01A0i8WsKDGa2stSjpt4phcMSWi5GisqDGvbKsDhCSlXIp2XgqNTXZznrY%2B2zmYeBuqLsHXMtua0pxCvylGldt2%2BiSSzvjJJvd4h%2B4JS5ZxP0%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 787f1099ee070e35-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:02 GMT
GET H2	200	font-awesome.css merkurynews.biz.id/wp-content/themes/newscard/assets/library/font-awesome/css/	30 KB 7 KB	42ms 39ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bfbb02b2f82750344aa2bc6329085a7550de92926a22a951db6f1629fab862f0 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 29677 cf-polished origSize=37414 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 03 Nov 2022 14:08:14 GMT server cloudflare etag W/"9226-6363cb4e-4306e1;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MWXC7XWtpiC1%2FtjITdf1QpyKOSUfsuaF45TCzJI1EwiVU9vas2NVzdvLcnj27oVs%2FFN1zyHs%2B3a5zNuHwgYYY2s9DxcWfuZIUY9P1066JdOJs2c4seh4Wt9hqUCzP8QjfJGCcuM1rOFyAZJuTmGx7qo%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 787f1099ee080e35-AMS expires Mon, 09 Jan 2023 05:24:01 GMT
GET H2	200	css fonts.googleapis.com/	18 KB 1 KB	120ms 44ms	Stylesheet text/css	2a00:1450:4001:80b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash de2840e655068ead8a764e8d5353ddfefb59d969137b2fa2790aaa7627d091f3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Wed, 11 Jan 2023 16:35:18 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 11 Jan 2023 14:37:57 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 11 Jan 2023 16:35:18 GMT
GET H2	200	style.css merkurynews.biz.id/wp-content/themes/newscard/	93 KB 16 KB	48ms 46ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/style.css?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 95c08b89905979e063ffa5646932676d79ea61ec4e6c901dba05a3ffbf044259 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 29677 cf-polished origSize=118925 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-bgj minify last-modified Thu, 03 Nov 2022 14:08:14 GMT server cloudflare etag W/"1d08d-6363cb4e-3352b3;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NnNzY6NS2wDj1DKdev9EJT4njFnCuRb8fGJroA5OLil5mCiGB6jgK78K7agjGwof8JrxGgWWfUDDF6gZw%2BeQoyb4jiB42h1hf1TnjnilsfvkFSzWiD28ejUis%2F4jdVroJIobpEFzLV2Dcv7mT5eDbOQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 787f1099ee090e35-AMS expires Mon, 09 Jan 2023 05:24:02 GMT
GET H2	200	jquery.min.js Show response merkurynews.biz.id/wp-includes/js/jquery/	88 KB 32 KB	43ms 41ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 10 Nov 2022 09:02:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 29677 etag W/"15e54-636cbe2b-62719b;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WO5HabFMY2WIVZxilceI40rdMFKaCkMpPjviXjnkc0q8%2Bd%2F4H3h%2Bb%2B5rf3Aro9nnWyaHsWp6ZTT4Sm5A0dcGGoLDUpux4KZyXebDzrAsN%2Fc2UYe9XjYETmJf9WUIjQX2%2BUY38pQzCtuwBTHoDS%2B1ZE%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f1099ee0a0e35-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:20:44 GMT
GET H2	200	jquery-migrate.min.js Show response merkurynews.biz.id/wp-includes/js/jquery/	11 KB 5 KB	123ms 121ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 10 Nov 2022 09:02:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2bd8-636cbe2b-627193;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfWjJ3UHoGpBFnFYZHr1e4OkVboHlapeY796izqspD09ru%2FeiRozlXaJHeptdP7SkH8H%2FhA6Fo7841uvphw3z5aZyDOWyIRZcvS9xg4BsegnI9jsNEl504oY%2BvTLN%2B0xA6pvw%2Bp8z8ppGoxlLcaKFww%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f1099ee0c0e35-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:20:44 GMT
GET H2	200	main-front.js Show response merkurynews.biz.id/wp-content/plugins/wp-automatic/js/	1017 B 664 B	36ms 34ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 29677 etag W/"3f9-6363c9f6-430667;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCy78lZygMVSTHnpyFaWsbKoWheoWP3nzHT8pmOsKGMC%2BoCLOGgekvkLo0l4x93kpBu80zIj6sCKxdrSdGZKed4rrHU7NsqP7GT2ZUqmuT8dis8Q6ehCkJiISAxH%2F8jdNZKnlFjSohTfkMS3ztzor0M%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f1099ee0e0e35-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:29:37 GMT
GET		serve.php www.securityweek.com/sites/all/modules/ad/	0 0
GET H2	404	RSS-Icon.png news.google.com/images/	0 0	783ms 653ms	Image text/html	2a00:1450:400d:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://news.google.com/images/RSS-Icon.png Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers
GET H3	200	wp-emoji-release.min.js Show response merkurynews.biz.id/wp-includes/js/	18 KB 5 KB	128ms 126ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 10 Nov 2022 09:02:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"48b9-636cbe2b-52b459;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRgJEKDAGFcRv4t%2BOo23yXaDG8K8ueuZP00C3lwKtFper0ZkrAPS6%2F7vx0bP7qIydRXyA%2BfwmGh6qpiDeRNugjPZ40%2BFLIRE1MHgvzlKBB3QKBZEp%2B9gQW4DFN%2B1eyFhrbRo26CbQ7X6OC1KHge7uoI%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae9251c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:20:57 GMT
GET H3	200	popper.min.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/library/bootstrap/js/	19 KB 7 KB	127ms 125ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/bootstrap/js/popper.min.js?ver=1.12.9 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b4d00640b93ccce21719f7146a3aa2393456c28f5439d12454d839412e0c69f3 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4acc-6363cb4e-4306df;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXFa%2FqZXV3eIReqOcUbMu9MbeLsQkEwJg9OahYhNIlYtUUqS0ujuDn8s%2BELyrGUtVS%2FrMwFV1S3wUrSyUllCaV8NTzB4tnLPqxIoC2EPnsZnBhg%2BdlKZscK1AXOgtAd%2FzQ43ydy4Ud9P3UQcuxZZcb4%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109aa8e31c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:02 GMT
GET H3	200	bootstrap.min.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/library/bootstrap/js/	48 KB 14 KB	36ms 35ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/bootstrap/js/bootstrap.min.js?ver=4.0.0 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 65f97dab23e8383e4f9e5b07722014f704b9cb5dc820086014ec715c55e75e33 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 25354 etag W/"bf06-6363cb4e-4306dd;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5pXaj8MrJfixf1pWhbyMccF%2F3DfcqZOX5EA7THXK8FiWbo8kpjaqMVuVA2%2FSdzZiTCU3YpqWpPqClGe6vMV%2B8O0D9i6Y%2BBovmSDZ%2BnHbFgyEa2aZ%2FsbnTPnhG%2B8jKut0LAYwyVPLVPjEWdi%2FrSsau7M%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ad9161c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:01 GMT
GET H3	200	jquery.matchHeight-min.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/library/match-height/	3 KB 2 KB	57ms 56ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-min.js?ver=0.7.2 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fa87904726726364ad19a7c4b2f2b20ee10637325601b5aa88ed8bfdcb7117a7 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 339 etag W/"d34-6363cb4e-4306eb;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzxjjgsI6kEdykGSaxXtXapDJKeoHQvlMa3UdwhL7JeGpJdtmzqsIESRuWUuZzRhZOajfY%2BjO%2Bio9FPw95YFpWpG9wEBj%2F8yjsfa84%2B%2FRRpjn9s05sxy4maP5sG%2FrcaKrRaLFTESsiyFfVktM9aiRjs%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae9181c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:06 GMT
GET H3	200	jquery.matchHeight-settings.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/library/match-height/	83 B 619 B	118ms 114ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-settings.js?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash df409cda6bae37bf3f3a02f19396eb0437670f49210fe6134de95a908c0cafa4 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"53-6363cb4e-4306ec;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SS7rPWbFSNbNdAWDOEh3t85ZE8SrDyxj7Ayz6abykMoHcmn0hS92dwDiuOBGqehxDRZoEePX%2FJWcaEFMK%2F65tf0x9qzlJfFxkUfTaQ%2FnO%2FHOUPmlbxZtINURgEzfBrsTcO%2Fpctng7SpTkj45EIM9f%2BI%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae91d1c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:03 GMT
GET H3	200	skip-link-focus-fix.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/js/	685 B 916 B	125ms 121ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/js/skip-link-focus-fix.js?ver=20151215 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2ad-6363cb4e-4306d9;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2F9qyftYIWQURgcAWZGct89oN4sw3I1dvZJUtXaj%2FaC7WBCwAshzx5vCcPEKMqIYXj%2BXyy0LyclGbZpwvy9RHYQRRcHut1%2Bt05720dOIN90b3MrYVDLnbgxHH0gy%2FuyKHubVxNWu6EFAVvyRYxMUGfo%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae91e1c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:01 GMT
GET H3	200	comment-reply.min.js Show response merkurynews.biz.id/wp-includes/js/	3 KB 2 KB	131ms 128ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-includes/js/comment-reply.min.js?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 10 Nov 2022 09:02:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"ba5-636cbe2c-52b416;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tG3ZV68g4bFMjez8pZIQ05n2OzDKenApUuu0zd6RjySMb8hFhvDmdgziEwRXrJrF9rhtzFSaOideoG82jxOgua%2BOLx6R6FXC8FNpOatgaqusw13GjPlriGzLFluMu%2FDuiB1p6F2r%2F1TO4TBBC7Jj3AU%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae91f1c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:29:37 GMT
GET H3	200	jquery.sticky.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/library/sticky/	10 KB 3 KB	56ms 53ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/sticky/jquery.sticky.js?ver=1.0.4 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bcf6b9b28cec8958f9d3f3ee39070e85ffd46d670f1f0baa7cd21aa24c188a00 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 25351 etag W/"2765-6363cb4e-4306f4;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dE4FRK4HlS3Qc1p2bR4IWYpUDGmKgDOfIAQIx5SD6Mq%2Bh7DfqbQRNjLfcSlxhkW1GUI2ioWVH2SFmyacNpewjrISa5luLUdsQPUfSEbJD8ANSk8iHePaQDER6jr4KoJ4qsqt3u5%2FLjR5ylg2%2FsLanV0%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae9211c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:01 GMT
GET H3	200	jquery.sticky-settings.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/library/sticky/	903 B 894 B	172ms 169ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/sticky/jquery.sticky-settings.js?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 541ca6ec26c08bae2158496639872bdc573969743cdd364c29e5302376af50d9 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:19 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"387-6363cb4e-4306f3;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXhjaxLbh0Ic0pCH%2FNgyrSYNQme6lA1h7eLOyFOukIEnj9LiFP21CT%2BW8n%2B0b5YjsP7wHbE3IdTLwzTDJNcv2EyGDbX6vzNNuGijEw9O0BgUHLHwjoiRAyq8sP6vHutFFsdS5Djh%2FyTBUYjexqqFfms%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae9221c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:01 GMT
GET H3	200	scripts.js Show response merkurynews.biz.id/wp-content/themes/newscard/assets/js/	2 KB 1 KB	56ms 54ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/js/scripts.js?ver=6.1.1 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f23f4cdc16216e281ece6073441ef19eba319f9a0c01eac33c31782d08812ffc Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 339 etag W/"96c-6363cb4e-4306d8;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpbW%2BlUnmx7lxdysYwAR5sx2BBqLDjaFnCgBlU99clAjKzFS07fEN4gDqN7A6H4DaW1%2FmfJdvGjn5412sRTETsl1USk%2Bd%2Fo0gP0BUXj1XbcjsHrp%2Bb3RX%2B6ksB5MZdLkSDvTrHiIkh%2FKDtH%2F2MdMv3g%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae9231c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:24:01 GMT
GET H3	200	akismet-frontend.js Show response merkurynews.biz.id/wp-content/plugins/akismet/_inc/	10 KB 4 KB	121ms 119ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1669997695 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT content-encoding br cf-cache-status HIT last-modified Fri, 02 Dec 2022 16:14:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"29ed-638a247f-334e41;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h2EMAa6iL3f4D%2FwsPd8tAUnMgTKg6BnnNl88vL3PwLnFS6fr2dj7smKokAXT%2BPcHlG7v5kSEKS%2F3%2FPH0qVgxucv%2BByUvTquL49%2FD%2FsLhQ6%2FcSnW0v3Cwju1flKXoyftVDVvr1vpVhwu2WL5FMZHkhLk%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 787f109ae9261c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 09 Jan 2023 05:29:37 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	161ms 46ms	Font font/woff2	2a00:1450:400d:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://merkurynews.biz.id accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 04 Jan 2023 19:33:00 GMT x-content-type-options nosniff age 594138 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 04 Jan 2024 19:33:00 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	172ms 57ms	Font font/woff2	2a00:1450:400d:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://merkurynews.biz.id accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 04 Jan 2023 19:33:08 GMT x-content-type-options nosniff age 594130 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15860 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 04 Jan 2024 19:33:08 GMT
GET H2	200	like.php Show response www.facebook.com/plugins/ Frame 096F	0 3 KB	165ms 113ms	Document text/html	2a03:2880:f145:82:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.securityweek.com%2Fpypi-users-targeted-powerat-malware&layout=button_count&show_faces=true&width=120&action=recommend&font=tahoma&colorscheme=light&height=21 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://merkurynews.biz.id/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control private, no-cache, no-store, must-revalidate content-length 0 content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; content-type text/html;charset=utf-8 cross-origin-opener-policy same-origin-allow-popups date Wed, 11 Jan 2023 16:35:18 GMT expires Sat, 01 Jan 2000 00:00:00 GMT pragma no-cache report-to {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]} x-content-type-options nosniff x-fb-debug G1g7SF+XfNqqzz35dao6tra3L3Lt5cxvynBot0c8j9XnBwW4A3SSO9UqrkwqHYDS/vV0sy0FLiun4PpyjFj0rw== x-xss-protection 0
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	16 KB 16 KB	203ms 97ms	Font font/woff2	2a00:1450:400d:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://merkurynews.biz.id accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 04 Jan 2023 19:34:12 GMT x-content-type-options nosniff age 594066 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15920 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 04 Jan 2024 19:34:12 GMT
GET H3	200	fontawesome-webfont.woff2 merkurynews.biz.id/wp-content/themes/newscard/assets/library/font-awesome/fonts/	75 KB 76 KB	122ms 121ms	Font font/woff2	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Request headers Referer https://merkurynews.biz.id/wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1 Origin https://merkurynews.biz.id accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT cf-cache-status HIT last-modified Thu, 03 Nov 2022 14:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "12d68-6363cb4e-4306e7;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIRQnhKcihUJOz0JrPS%2FJ9OHWiCHs%2FXw1bBqavpdH3meaotnJxRgTB8PepPrEkon5ptTiK64y9NKlU6UIHLQe3vbje7vjwkq6U2FNAoycFC%2FV518fEgimm3zLax3xRB3f8fleJlxTAax%2BQVA1nt81Wg%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control public, max-age=43200 accept-ranges bytes cf-ray 787f109b09471c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 77160 expires Mon, 09 Jan 2023 05:24:07 GMT
GET H2	200	picture-142.jpg www.securityweek.com/sites/default/files/imagecache/auth_story/pictures/	2 KB 2 KB	75ms 36ms	Image image/jpeg	2606:4700:20::6818:a103 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.securityweek.com/sites/default/files/imagecache/auth_story/pictures/picture-142.jpg Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::6818:a103 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 78e5b6479049226309646920eaf8f85a521a66edfaa4f7446409678639580bbd Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:18 GMT cf-cache-status HIT age 288020 cf-polished origSize=2275 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1908 cf-bgj imgq:100,h2pri last-modified Wed, 31 Aug 2016 11:41:29 GMT server cloudflare etag "3c191c-8e3-53b5c9400d9a0" vary Accept-Encoding content-type image/jpeg cache-control max-age=1209600 accept-ranges bytes cf-ray 787f109b59b70e00-AMS expires Thu, 19 Jan 2023 16:49:10 GMT
GET H2	404	tag_icon.jpg news.google.com/images/	0 0	176ms 79ms	Image text/html	2a00:1450:400d:80d::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://news.google.com/images/tag_icon.jpg Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers
GET H2	200	js15_as.js Show response s10.histats.com/	11 KB 4 KB	185ms 33ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL https://s10.histats.com/js15_as.js Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:29:08 GMT content-encoding br last-modified Thu, 16 Apr 2020 10:44:16 GMT x-cacheable Matched cache x-cdn-pop-ip 51.254.41.128/25 etag "-375139978" content-type text/javascript x-cdn-pop rbx1 accept-ranges bytes content-length 4364 x-request-id 109871458
GET H3	200	10-players-who-set-career-high-scoring-numbers-1024x576.jpg merkurynews.biz.id/wp-content/uploads/2023/01/	104 KB 104 KB	172ms 172ms	Image image/jpeg	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://merkurynews.biz.id/wp-content/uploads/2023/01/10-players-who-set-career-high-scoring-numbers-1024x576.jpg Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 832637eb2c0714f20210164d6e02eefaac8fdae9a6b1ffc47942dacff5cf936c Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:19 GMT cf-cache-status MISS last-modified Wed, 11 Jan 2023 16:34:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "19f48-63bee50c-672d08;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAG12m2nTahvfF%2FnIzevoMrAHketNeAqslMoGqfZUfn2h3AmeWKw1%2B9GFfhMvth95QN9onLY9JjgAleOYWFmIAjUEEZEpPF9acrLSb%2FVCwumBuEF%2BM5I514yvedx%2Bp6EjMeprjhKTHCL3Fe%2BPA6Y6gY%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=43200 accept-ranges bytes cf-ray 787f109b29611c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 106312 expires Thu, 12 Jan 2023 04:35:18 GMT
GET H3	200	Prithvi-Shaw-Shaw-after-a-record-379-against-Assam-1024x576.jpg merkurynews.biz.id/wp-content/uploads/2023/01/	52 KB 53 KB	158ms 157ms	Image image/jpeg	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://merkurynews.biz.id/wp-content/uploads/2023/01/Prithvi-Shaw-Shaw-after-a-record-379-against-Assam-1024x576.jpg Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d71fa618c75d4b29ad7398e13472717fc70015970d71ed31f33b33bc26308764 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:19 GMT cf-cache-status MISS last-modified Wed, 11 Jan 2023 16:33:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "d197-63bee4ca-672d00;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zy2UPcdBVInmcNdQx3mgvgr6e2ZSi2ZW1vwUwTNEbbh2mHKWoCNmbt1BwajjigVuMY9kLbTMNLO5zWRT8T3q8kR08ug5YeNxxBKkvdm7kV4utpdW5e2zy4oxdhtyX%2BPs%2B%2BYGrBv2IT6q81VSOpDoeTU%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=43200 accept-ranges bytes cf-ray 787f109b29631c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 53655 expires Thu, 12 Jan 2023 04:35:18 GMT
GET H3	200	Edmunds-Highlights-Key-Auto-Tech-Trends-at-CES-2023.jpg merkurynews.biz.id/wp-content/uploads/2023/01/	31 KB 32 KB	140ms 140ms	Image image/jpeg	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://merkurynews.biz.id/wp-content/uploads/2023/01/Edmunds-Highlights-Key-Auto-Tech-Trends-at-CES-2023.jpg Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5e3231f67a42683854dfac912a9667ede8606d9e31313f5d98e1150d420f707 Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:19 GMT cf-cache-status HIT last-modified Wed, 11 Jan 2023 16:32:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "7d23-63bee486-6682d1;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSkMEPgqHKO0a1cwx0AJ2a65Tf%2BznsohselTOEnG%2BBCZfuW32ZqmXjQQHYkahg99usUT4HXsjH85nVMPFBAvB%2BZyk1%2FumLiCTjGOO%2BS%2FWOltqwf1IqCvb6Ouo6rdBjtNNJXD77IRhhc6fnWon%2FRxkMU%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=43200 accept-ranges bytes cf-ray 787f109b29661c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 32035 expires Thu, 12 Jan 2023 04:32:59 GMT
GET H3	200	Did-Diamond-of-Diamond-and-Silk-die-from-COVID-19.jpg merkurynews.biz.id/wp-content/uploads/2023/01/	53 KB 54 KB	183ms 183ms	Image image/jpeg	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://merkurynews.biz.id/wp-content/uploads/2023/01/Did-Diamond-of-Diamond-and-Silk-die-from-COVID-19.jpg Requested by Host: merkurynews.biz.id URL: https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3b8978583497c8f2eb8dd48f2dfc2b3f857d2829a6c36829017c5615b244185a Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/pypi-users-targeted-with-powerat-malware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 11 Jan 2023 16:35:19 GMT cf-cache-status HIT last-modified Wed, 11 Jan 2023 16:30:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "d406-63bee43e-672cf4;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EVD4J5qvEf2yTXdrwkMGBE4Es1eAbhHgNhtF4d2A2AN2QngKB7YaUbGhG%2FTY6OCQBydjEQhf1H80NJICZNatOC4xhuNiSvwb8oqr1eP2TXTSixbefQy0wwxazwqZsUsWqAQ9jiFE3PN%2BpCqg3HaSCzU%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=43200 accept-ranges bytes cf-ray 787f109b29681c18-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 54278 expires Thu, 12 Jan 2023 04:31:56 GMT
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/	50 B 184 B	361ms 110ms	Script text/html	149.56.240.131 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?4661649&@f16&@g1&@h1&@i1&@j1673454919105&@k0&@l1&@mPyPI%20users%20targeted%20with%20PoweRAT%20malware&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:26402575&@b3:1673454919&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fmerkurynews.biz.id%2Fpypi-users-targeted-with-powerat-malware%2F&@w Requested by Host: s10.histats.com URL: https://s10.histats.com/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 149.56.240.131 Montreal, Canada, ASN16276 (OVH, FR), Reverse DNS ns534299.ip-149-56-240.net Software / Resource Hash b4f4d4e31f8e81bd72fe2d289a08bc97b127af12f110007aaaa2abe7712c3bfe Request headers accept-language nl-NL,nl;q=0.9 Referer https://merkurynews.biz.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 11 Jan 2023 16:35:19 GMT Connection close Content-Length 50 Content-Type text/html;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

www.securityweek.com

URL

https://www.securityweek.com/sites/all/modules/ad/serve.php?o=image&a=1296

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| _wpemojiSettings undefined| $ function| jQuery string| ars object| _Hasync function| Popper object| bootstrap object| twemoji object| wp object| addComment function| b2a function| a2b string| ai_block_class_def function| ai_set_cookie function| ai_get_cookie function| ai_load_cookie object| $jscomp function| ai_process_elements object| targetNode object| config function| ai_adsense_callback object| observer object| Arrive function| ai_process_element_lists function| getAllUrlParams function| b64e function| b64d object| ai_front undefined| Cookies function| AiCookies function| ai_check_block function| ai_check_and_insert_block function| ai_get_cookie_text function| ai_insert function| ai_insert_code function| ai_insert_list_code function| ai_insert_viewport_code function| ai_insert_adsense_fallback_codes function| ai_insert_code_by_class function| ai_insert_client_code boolean| ai_process_elements_active function| MobileDetect boolean| ai_js_code object| button function| ai_process_rotation function| ai_process_single_rotation function| ai_process_rotations function| ai_process_rotations_in_element function| ai_process_lists function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues function| arrive function| unbindArrive function| leave function| unbindLeave

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstCfa4661649 Value: 1673454919105
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstCla4661649 Value: 1673454919105
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstCmu4661649 Value: 1673454919105
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstPn4661649 Value: 1
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstPt4661649 Value: 1
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstCnv4661649 Value: 1
			merkurynews.biz.id/	1970-01-20 17:36:30	Name: HstCns4661649 Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://news.google.com/images/tag_icon.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://news.google.com/images/RSS-Icon.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
merkurynews.biz.id
news.google.com
s10.histats.com
s4.histats.com
www.facebook.com
www.securityweek.com
www.securityweek.com
149.56.240.131
2606:4700:20::6818:a103
2a00:1450:4001:80b::200a
2a00:1450:400d:80d::2003
2a00:1450:400d:80d::200e
2a03:2880:f145:82:face:b00c:0:25de
2a06:98c1:3120::9
46.105.201.240
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2f8d728d935edbf2aeae36b6b3d96634885dbd474ddd1cc7d80711449109221b
3b8978583497c8f2eb8dd48f2dfc2b3f857d2829a6c36829017c5615b244185a
541ca6ec26c08bae2158496639872bdc573969743cdd364c29e5302376af50d9
5734f1b66dcb622529d435aba20990813d43553f949bc0813719b4e7d1252527
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
65f97dab23e8383e4f9e5b07722014f704b9cb5dc820086014ec715c55e75e33
78e5b6479049226309646920eaf8f85a521a66edfaa4f7446409678639580bbd
7b3f1082d165b0b96a60d64e533d465c7049a64b4c72dba3852df897ee389e1d
832637eb2c0714f20210164d6e02eefaac8fdae9a6b1ffc47942dacff5cf936c
95c08b89905979e063ffa5646932676d79ea61ec4e6c901dba05a3ffbf044259
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b4d00640b93ccce21719f7146a3aa2393456c28f5439d12454d839412e0c69f3
b4f4d4e31f8e81bd72fe2d289a08bc97b127af12f110007aaaa2abe7712c3bfe
b5e3231f67a42683854dfac912a9667ede8606d9e31313f5d98e1150d420f707
bcf6b9b28cec8958f9d3f3ee39070e85ffd46d670f1f0baa7cd21aa24c188a00
bfbb02b2f82750344aa2bc6329085a7550de92926a22a951db6f1629fab862f0
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767
d71fa618c75d4b29ad7398e13472717fc70015970d71ed31f33b33bc26308764
da26f75773d686f672adddeabc4378a593a11845f01c01dbd2c941744d2ff96a
de2840e655068ead8a764e8d5353ddfefb59d969137b2fa2790aaa7627d091f3
df409cda6bae37bf3f3a02f19396eb0437670f49210fe6134de95a908c0cafa4
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f23f4cdc16216e281ece6073441ef19eba319f9a0c01eac33c31782d08812ffc
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fa87904726726364ad19a7c4b2f2b20ee10637325601b5aa88ed8bfdcb7117a7