www.humansecurity.com Open in urlscan Pro
2606:2c40::c73c:67e3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=
Effective URL:
https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-dep...
Submission: On December 11 via api (December 11th 2023, 10:26:12 am UTC) from ES — Scanned from ES

Summary HTTP 158 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 50 IPs in 5 countries across 37 domains to perform 158 HTTP transactions. The main IP is 2606:2c40::c73c:67e3, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.humansecurity.com.
TLS certificate: Issued by GTS CA 1P5 on November 15th 2023. Valid for: 3 months.

This is the only time www.humansecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2606:2c40::c7... 2606:2c40::c73c:67e3	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
11	2606:4700::68... 2606:4700::6812:82ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6812:5ffd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4fba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7b0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:1484	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.66.97.49 18.66.97.49	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:4341	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	184.31.85.59 184.31.85.59	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a02:26f0:350... 2a02:26f0:3500:11::215:14d3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	13.32.27.19 13.32.27.19	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
10	54.216.59.119 54.216.59.119	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:14::1724:a244	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	54.165.123.166 54.165.123.166	14618 (AMAZON-AES) (AMAZON-AES)
2 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.43.14 13.107.43.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
10	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
2	18.157.106.205 18.157.106.205	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:880f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
1	46.51.146.14 46.51.146.14	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:6dd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:249... 2600:9000:2490:4400:9:14eb:6280:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::ac43:b9b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	143.204.215.84 143.204.215.84	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
158	50

1 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.humansecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2606:2c40::c73c:67e3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.humansecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:5ffd (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh7-us.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4fba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7b0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:1484 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4341 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.85.59 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-85-59.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:11::215:14d3 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

client.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.216.59.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com

s.cdnsynd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:14::1724:a244 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.165.123.166 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-123-166.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.190.10.96 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxxdhgmtcm.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
collector-pxf69i9fy8.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.157.106.205 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-106-205.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:880f (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

001-vjx-104.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.51.146.14 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-46-51-146-14.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:6dd1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:4400:9:14eb:6280:93a1 (United States)

ASN16509 (AMAZON-02, US)

d2i34c80a0ftze.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:b9b (United States)

ASN13335 (CLOUDFLARENET, US)

acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.215.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-84.fra53.r.cloudfront.net

st.fullcircleinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.acsbapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	humansecurity.com go.humansecurity.com www.humansecurity.com	1 MB
13	px-cloud.net client.px-cloud.net — Cisco Umbrella Rank: 6358 collector-pxxdhgmtcm.px-cloud.net collector-pxf69i9fy8.px-cloud.net	150 KB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 5657 c.6sc.co — Cisco Umbrella Rank: 8715 ipv6.6sc.co — Cisco Umbrella Rank: 5852 b.6sc.co — Cisco Umbrella Rank: 3994	22 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 324	251 KB
10	cdnsynd.com s.cdnsynd.com — Cisco Umbrella Rank: 10142	50 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2189	21 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 16106 ws.zoominfo.com — Cisco Umbrella Rank: 4490	32 KB
5	gstatic.com fonts.gstatic.com	106 KB
5	linkedin.com 2 redirects platform.linkedin.com — Cisco Umbrella Rank: 3771 px.ads.linkedin.com — Cisco Umbrella Rank: 327 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	163 KB
4	fullcircleinsights.com st.fullcircleinsights.com — Cisco Umbrella Rank: 94498	5 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2693 www.google.com — Cisco Umbrella Rank: 2	874 B
3	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8411	25 KB
3	google.es www.google.es — Cisco Umbrella Rank: 25078	669 B
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 9979 scout.salesloft.com — Cisco Umbrella Rank: 11992	4 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 75	2 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 9404	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2129	16 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1230 syndication.twitter.com — Cisco Umbrella Rank: 1549	132 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 329	14 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	275 KB
2	acsbapp.com acsbapp.com — Cisco Umbrella Rank: 3785 cdn.acsbapp.com — Cisco Umbrella Rank: 3966	90 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9429	672 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3659	7 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 700 script.hotjar.com — Cisco Umbrella Rank: 933	59 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	16 KB
2	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5546 track.hubspot.com — Cisco Umbrella Rank: 2246	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	89 KB
2	googleusercontent.com lh7-us.googleusercontent.com — Cisco Umbrella Rank: 664	1 MB
1	cloudfront.net d2i34c80a0ftze.cloudfront.net	11 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6459	161 B
1	mktoresp.com 001-vjx-104.mktoresp.com	318 B
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8744	1 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4727	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2128	21 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 548	312 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5536	6 KB
158	37

	Domain	Requested by
29	www.humansecurity.com	go.humansecurity.com www.humansecurity.com
11	cdn.cookielaw.org	www.humansecurity.com cdn.cookielaw.org
10	b.6sc.co	www.humansecurity.com
10	s.cdnsynd.com	www.googletagmanager.com s.cdnsynd.com
5	collector-pxf69i9fy8.px-cloud.net	client.px-cloud.net
5	collector-pxxdhgmtcm.px-cloud.net	client.px-cloud.net
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.humansecurity.com
5	fonts.gstatic.com	fonts.googleapis.com
4	st.fullcircleinsights.com	d2i34c80a0ftze.cloudfront.net
4	ws.zoominfo.com	client.px-cloud.net
3	cdn2.hubspot.net	cdn2.hubspot.net
3	px.ads.linkedin.com	2 redirects snap.licdn.com
3	www.google.es	www.humansecurity.com
3	client.px-cloud.net	www.googletagmanager.com go.humansecurity.com client.px-cloud.net
3	js.zi-scripts.com	go.humansecurity.com js.zi-scripts.com
3	js.hs-banner.com	www.humansecurity.com js.hs-banner.com
3	bat.bing.com	www.humansecurity.com bat.bing.com
3	www.googletagmanager.com	www.humansecurity.com www.googletagmanager.com www.google-analytics.com
2	epsilon.6sense.com	j.6sc.co
2	scout.salesloft.com	scout-cdn.salesloft.com
2	www.google.com	www.humansecurity.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	munchkin.marketo.net	go.humansecurity.com munchkin.marketo.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	platform.twitter.com	www.humansecurity.com platform.twitter.com
2	connect.facebook.net	www.humansecurity.com connect.facebook.net
2	lh7-us.googleusercontent.com	www.humansecurity.com
1	cdn.acsbapp.com	acsbapp.com
1	acsbapp.com	go.humansecurity.com
1	d2i34c80a0ftze.cloudfront.net	www.humansecurity.com
1	track.hubspot.com
1	content.hotjar.io	script.hotjar.com
1	region1.google-analytics.com	www.googletagmanager.com
1	001-vjx-104.mktoresp.com	munchkin.marketo.net
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	px4.ads.linkedin.com	www.humansecurity.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	script.hotjar.com	static.hotjar.com
1	syndication.twitter.com	platform.twitter.com
1	scout-cdn.salesloft.com	go.humansecurity.com
1	tracking.g2crowd.com	go.humansecurity.com
1	static.hotjar.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	j.6sc.co	go.humansecurity.com
1	js.hsleadflows.net	www.humansecurity.com
1	js.hs-analytics.net	www.humansecurity.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	app.hubspot.com	www.humansecurity.com
1	fonts.googleapis.com	www.humansecurity.com
1	static.hsappstatic.net	www.humansecurity.com
1	platform.linkedin.com	www.humansecurity.com
1	go.humansecurity.com
158	54

This site contains links to these domains. Also see Links.

Domain
accessibe.com
docs.humansecurity.com
partners.humansecurity.com
www.facebook.com
twitter.com
www.linkedin.com
www.proofpoint.com
cyberint.com
www.bitdefender.com
malpedia.caad.fkie.fraunhofer.de
perception-point.io
linkedin.com
t.me
support.humansecurity.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
go.humansecurity.com Cloudflare Inc ECC CA-3	`2023-01-20` - `2024-01-19`	a year	crt.sh
www.humansecurity.com GTS CA 1P5	`2023-11-15` - `2024-02-13`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-07-11` - `2024-07-10`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-19` - `2023-12-18`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-14` - `2024-05-13`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
6sc.co R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
client.botchk.net R3	`2023-09-27` - `2023-12-26`	3 months	crt.sh
syndication.twitter.com R3	`2023-12-06` - `2024-03-05`	3 months	crt.sh
*.google.es GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cdnsynd.com R3	`2023-11-30` - `2024-02-28`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
acsbapp.com GTS CA 1P5	`2023-10-28` - `2024-01-26`	3 months	crt.sh
aws-st.fullcircleinsights.com Amazon RSA 2048 M01	`2023-05-30` - `2024-06-26`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Frame ID: DCEE2046FC3D7AD8F8C110792121240C
Requests: 149 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.979019d93e57e124a0ac3dd81bd32027.html?origin=https%3A%2F%2Fwww.humansecurity.com
Frame ID: 8FE5A026CF59EAEE6A80B0C2D939FA59
Requests: 2 HTTP requests in this frame

Frame: blob://https://www.humansecurity.com/0d573998-019c-49ab-98c2-a903d60f6a4a
Frame ID: C5E9FB8317E97E1D5572FD16D37FDB7B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HUMAN Satori Threat Intelligence Alert: Account Takeover Attacks Use ScrubCrypt to Deploy RedLine Stealer MalwareBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJ... Page URL
https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-u... Page URL

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Lightbox (JavaScript Libraries) Expand

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

158
Requests

98 %
HTTPS

69 %
IPv6

37
Domains

54
Subdomains

50
IPs

5
Countries

4166 kB
Transfer

8114 kB
Size

43
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://accessibe.com/blog/knowledgebase/screen-reader-guide
Title: Accessibility Screen-Reader Guide, Feedback, and Issue Reporting

Search URL Search Domain Scan URL

URL: https://docs.humansecurity.com/?utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023
Title: Documentation

Search URL Search Domain Scan URL

URL: https://partners.humansecurity.com/English/?ReturnUrl=%2fEnglish%2fPartners%2fhome.aspx&utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/secure_with_human
Title: This is a title This is a subtitle Some content goes here..

Search URL Search Domain Scan URL

URL: https://twitter.com/SecureWithHUMAN
Title: This is a title This is a subtitle Some content goes here..

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/humansecurityinc/
Title: This is a title This is a subtitle Some content goes here..

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/threat-insight/new-redline-stealer-distributed-using-coronavirus-themed-email-campaign
Title: Proofpoint

Search URL Search Domain Scan URL

URL: https://cyberint.com/blog/research/redline-stealer/
Title: Cyberint

Search URL Search Domain Scan URL

URL: https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf
Title: BitDefender

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
Title: Malpedia

Search URL Search Domain Scan URL

URL: https://perception-point.io/blog/the-rebranded-crypter-scrubcrypt/
Title: Perception Point

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.scrubcrypter
Title: Malpedia

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Social%20Share%20Buttons&url=https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware&utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023

Search URL Search Domain Scan URL

URL: https://linkedin.com/shareArticle?mini=true&title=Social%20Share%20Buttons&url=https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware&utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware&utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023

Search URL Search Domain Scan URL

URL: https://t.me/share?url=https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware&utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023

Search URL Search Domain Scan URL

URL: https://support.humansecurity.com/hc/en-us?utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023
Title: Docs

Search URL Search Domain Scan URL

URL: https://partners.humansecurity.com/English/?ReturnUrl=%2fEnglish%2fPartners%2fhome.aspx&__hstc=233546881.7f9124919ef436acf331cc4180a46d72.1635342799936.1648671054706.1648675289816.112&__hssc=233546881.12.1648738104896&__hsfp=1741684099&utm_medium=email&utm_source=newsletter&utm_campaign=cyber_newsletter_december_2023
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/humansecurityinc

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls= Page URL
https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&tm=gtmv2&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&tm=gtmv2&cookiesTest=true&e_ipv6=AQKQyULYltoRIgAAAYxYaZvgqSlGaxh70Id5A0cbcjsXKa_torKHvQh6lWDy6Sf1--1V

158 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 302 MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=
go.humansecurity.com/ 726 B
1 KB 346ms
275ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-SHaTb/83sHQaLCDmPEffpROs0AtrqsfBIXVyoEmhIiw=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

cache-control: private, no-cache, no-store, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 833d06e92f172186-MAD
content-security-policy: default-src 'self'; img-src 'self';script-src 'self' 'sha256-SHaTb/83sHQaLCDmPEffpROs0AtrqsfBIXVyoEmhIiw=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self'
content-type: text/html;charset=UTF-8
date: Mon, 11 Dec 2023 10:26:02 GMT
referrer-policy: strict-origin
server: cloudflare
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: a69265516264ca14

GET
H2 200 Primary Request human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware Show response
www.humansecurity.com/learn/blog/ 181 KB
24 KB 475ms
403ms Document
text/html 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5

Requested by

Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d629bd6b315f22c3b961e3585bdf9a3d007d4f382462b8e10bea3e419e83d02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://go.humansecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 833d06eb68091bb4-MAD
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:26:02 GMT
edge-cache-tag: CT-112094911886,CT-112118948376,CT-128929315203,CT-146473801740,CG-5249379964,P-3400937,CW-120410438969,CW-123754977913,CW-63656548895,CW-63656638135,CW-63656840557,CW-64556607012,CW-65170038904,E-115294898870,E-115307132989,E-115307516677,E-115387395449,E-115388248694,E-115450692019,E-115451707707,E-120377909830,E-63463820289,E-63463820290,E-63463820292,E-63463820295,E-63463820302,E-63465666154,E-63656499996,E-63656586570,E-63656625716,E-63656674711,E-63656748821,E-63656841263,E-63656841264,E-68518573488,E-91065958246,E-91065964034,E-99901597287,PGS-ALL,SW-3,GC-63824522935,GC-64692300604,TS-63463820311
etag: W/"ba5a864961954bd30dce69ca92f92194"
last-modified: Mon, 11 Dec 2023 00:18:18 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITpNNx15QwZ83YNMawV4gEY1dy7lB3dxPVIT%2F9DRjFseTtaIx%2BjVhZsnp9m%2FArzFHzf3DnZLDmwayMn63TiQt7FoLhXQFE%2BCr%2FplUevs%2BKQ7JNoqCansS2OZkMf298TvmgQogthetTHEh2PrbYETWXnYqw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: EXPIRED
x-hs-content-id: 146473801740
x-hs-https-only: worker
x-hs-hub-id: 3400937
x-hs-prerendered: Mon, 11 Dec 2023 00:18:18 GMT

GET
H2 200 project.js Show response
www.humansecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 83ms
78ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 b5e354980da78aef02917b4456c540c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1053046
x-amz-cf-pop: MAD56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Je5e%2BPMVNrJdzG2VSrSoOYmDcc%2Fh0V1UJEWqgWoqLZJDjqdYF7yDqylsyqHARoqoAiK8AkNwfQNNrtvH65oVthoSTyRDoP%2F%2Fn7Hn6rkOZzxjQFqE8SLtsus2JY9jdQpyPOuJUKaI2B8Kv4IysbFf2vOwyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 833d06ee0c0c1bb4-MAD
x-amz-cf-id: _e5Wh63tpTqTGv6JfORPu8Yb1yJH7EljtBBtMdX_673xvY8rCtKkcQ==
expires: Tue, 10 Dec 2024 10:26:02 GMT

GET
H2 200 jquery-1.7.1.js Show response
www.humansecurity.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
34 KB 88ms
84ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 bbacf7d4cb14ee5c151294924cf9ea4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1131586
x-amz-cf-pop: MAD56-P2
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v3KjgKv40O0Rcs9Jg8Sf51wHOrRfjyaNtXrE73PyoOcS7%2F24zOQSdlgypzn4K9LhjrHn%2Bv%2FA7LWs%2FGYsUFLIbTR8d1JIqYvJJHt9xZ3LXIp7F1oD%2FIe1BV%2BeUi7%2FIRu6oJrvRsQygty7FCcsRPtSc7Vl2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 833d06ee0c0d1bb4-MAD
x-amz-cf-id: 4plTkOhESATyjHMp0tQzJvxx1N-5HYR3cTG7EDy1wCRw7Eqp9Oc5sw==
expires: Tue, 10 Dec 2024 10:26:02 GMT

GET
H2 200 frontend.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656586570/1698698464930/humansecurity-hs/punch/assets/css/ 43 KB
8 KB 77ms
73ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656586570/1698698464930/humansecurity-hs/punch/assets/css/frontend.min.css

Requested by

Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

afff892691aaab5f3a2c411cb09a2674006120f314eb8ac1fc6efb8c66a1c353

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 206
x-amz-request-id: NM0EFYD1W0WRQYJ8
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b77d3abc0b9bf83fbcfd36a5a1e3ea4c"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698465825
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 f6860256b1898079de872f02c7f7a03c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GaNibL_2mws_6v_lkcwwJfeo4CxpHPWp
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 927cdcc5-ab44-41f2-a2b6-cdba2db861a6
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 199
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Z2G69yUl0xsJn9ywq4ZMvPBxVBISt8HCFQDm93NSKMYALPM9Vyu7IU6pfbjCJH2unSsvh/lLbyQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 927cdcc5-ab44-41f2-a2b6-cdba2db861a6
last-modified: Mon, 30 Oct 2023 20:41:06 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U8i1zdKd3%2F7DGmGM2lcArPzs1AidCh%2BGByWfH3EcRm%2BsGsU1SrUV7m6zJg%2FtgWoWKOCHJSEXMXxvx4%2B9WE24%2F5IkY7iZxV0sqiFOpjrFA2o4c41gzhtXgGe5iSDk9W5LEFglant9R52dl6iq5CWzP%2BnjYA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-2skps
access-control-allow-credentials: false
cf-ray: 833d06ee0bfe1bb4-MAD
x-amz-cf-id: HuLkV78KlvPzRAHaFEFppjTjFrZXpI-jnx9-j5fEAAStfEDtO_TCHA==

GET
H2 200 variables.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820290/1693233181263/humansecurity-hs/assets/css/dist/ 0
1 KB 74ms
71ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820290/1693233181263/humansecurity-hs/assets/css/dist/variables.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
age: 206
x-amz-request-id: NT3B3P1Z7Q2CKBF2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693233181849
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 e21deb2f30f16d84eb8e8fda826091d4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PVtlsZaAUzw31xbOkIyAmX4R8T95ZDvv
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 52739645-208a-4dd7-981f-4f22f611bfe4
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 152
alt-svc: h3=":443"; ma=86400
content-length: 0
x-amz-id-2: 3D1Qxkr6Qj9/grYo+Lf9cUYuzEPEeBg4iE/aJVDuzOWuuMLpZ4BSHNsSRxNOlz/ZPn82HRho95g=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 52739645-208a-4dd7-981f-4f22f611bfe4
last-modified: Mon, 28 Aug 2023 14:33:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0PPw9Xi2t2IfM6Uuodg9l1XOS1YXm6rNBd8TxxaWRHpvjmwG7Kbgjs09xLoDjr5bMGYGSceQxcMyIt4fVkFr6gyTufTsMxEUueFqLfT7Eq0GwLl%2BGSADxl7F8RaYSKZfSjoVFl7sEBCwsZlxQ%2Fv%2BnEAqw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-gb4w5
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 833d06ee0c011bb4-MAD
x-amz-cf-id: Ksvn9OUZxykyH-gDW97BM1vObTvmqmN1HoEjpnEXbSlvgbZRaWk-pQ==

GET
H2 200 main.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1701277807468/humansecurity-hs/assets/css/ 80 KB
19 KB 77ms
73ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1701277807468/humansecurity-hs/assets/css/main.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ba61644902c74195bb51a4e247e181b82ac3d62d307a99c0e8dafaeb0b19c46

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1727
x-amz-request-id: 8NG7YFGBHRQ7CVK2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"dcd91d7f94b4435530de64a051a07a12"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1701277808432
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pMrTtwl1_ZHuRJZNxrw83gYQnAFV9QX3
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 428f17ba-3578-4d91-a4be-aa31af320bcd
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 192
alt-svc: h3=":443"; ma=86400
x-amz-id-2: DM/3NA3H809EzQPpTd1qXj2BIBghd+uVLluwat62kyCV3wjYHBxxWk4ZwS8SGQiq6kZj/Cq/6e0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 428f17ba-3578-4d91-a4be-aa31af320bcd
last-modified: Wed, 29 Nov 2023 17:10:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxlejGg2iD3YC6%2FfJffQ1DcH15D7alfaEb%2B2%2Bc%2FE0gGPYAeA8XB%2F70Wghhm6qfzxucQelgbs7p2q8goGlG11kk8RZG5VHt35fzj%2FmpvYIVD9iZqejJsQt1Lm6Qs1mLMj0dUJ8VAwFMvQGWKhFHw2tW2M%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-mdhhg
access-control-allow-credentials: false
cf-ray: 833d06ee0c051bb4-MAD
x-amz-cf-id: lzMT1Y3AcFeQvhn24xIHgYSFEZK2n1lXaRGvfpd-SoVjfb2LlK0P3g==

GET
H2 200 single-common.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1693233182285/humansecurity-hs/assets/css/ 16 KB
3 KB 75ms
72ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1693233182285/humansecurity-hs/assets/css/single-common.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e025a11773a5dc34036f1247fa075344263379bd873765e37fc8e5e4e8148786

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1906
x-amz-request-id: AX7F1TCERMWTZ8SG
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"8cac4161dbf64aad3baf5aa5b17bd44e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693233182985
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QVq352KMj2Q0o2Gy6NPZo8aqg2oJSnOz
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 7e4a9dc1-01f2-4425-9277-0c5c7f8830f4
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 158
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3+1QUaTvqWJX0ziwJXO31wcqRQvsri151i/lo2HHe4qtLKw9mfuXEe7tjOyUbVp1RkOpKFOIXVk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7e4a9dc1-01f2-4425-9277-0c5c7f8830f4
last-modified: Mon, 28 Aug 2023 14:33:03 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ffki85AL1QfsZaaFvTB7KmtZoocXU4n4XMhPDL%2FG5iIHSHfd5JfHpfTV1nI0Si9JxCCjUYmkSx2ZCLY0pvJNLPivM1LiOq0NhFURJ6mdYzDsrLilKTvgcAB4KPi7YYPJyzzHE%2BQAhaTxLVThABYsNGL4w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-v96mf
access-control-allow-credentials: false
cf-ray: 833d06ee0c071bb4-MAD
x-amz-cf-id: EJahN7Q0IWdkcE24FbkGQd7xIHL7_SAgeUZD7NctMXyLbQVCAy_ONg==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 124ms
54ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ea1823078c462969eaa59d6ef62623c19d77b72e25a103105b043aefaa0769a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /EzX6ku1+i8ak28m1WuIrw==
age: 16676
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Thu, 07 Dec 2023 03:26:46 GMT
server: cloudflare
etag: 0x8DBF6D457AF2822
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a9e484c0-501e-0040-4683-293ebb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06ee6a4e2195-MAD

GET
H2 200 prism.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065964034/1693233180291/humansecurity-hs/assets/css/dist/ 1 KB
2 KB 82ms
79ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065964034/1693233180291/humansecurity-hs/assets/css/dist/prism.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b17ad6eab5f71934277721a0558d12da27ef1c1d7688d3dc8e8440165902526b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 205
x-amz-request-id: 17XVG2SBP9H2VPA2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"9f0794436f73e871f1d234b0aed34aaf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693233180994
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4AdoQ1qbFlghg5XDq_6m5FKyZgIg_9_9
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c11d8495-0ee9-4763-8b40-3ad41fbb76c9
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 247
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kIIIGcmid7lFek+r0pcsioT97PN6apZh7eHAVZXg6Nw9z2CoHI69FubQvMlFVy3iUsBJ8pvGMVc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c11d8495-0ee9-4763-8b40-3ad41fbb76c9
last-modified: Mon, 28 Aug 2023 14:33:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VntxBF9wszPz7tg0FFnROq9FeUfqWM8DAInvKDcDYDATO8zTtL%2Fj3JCUfasJjtP%2Fp9gPgL18jAruKi157Ah28%2BekT0CJ30OQftJXubZf01Jpm3MN9AYgbMQXgEjMLZ8l9%2BAzVrD7lfISv0EP2h10YBC3Wg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-dfsv7
access-control-allow-credentials: false
cf-ray: 833d06ee0c0a1bb4-MAD
x-amz-cf-id: ZSYJ_WRxCBnP1NGwjxEV9Vsth9c013-mrQY9GDWVVJO29yYQ8AJC5Q==

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 134ms
34ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mdr/6790) /

Resource Hash

4c42962a901819fd2c6b69555f1e115b90f3adbb7900c15b74d9685dd7a039ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 606
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163638
x-li-uuid: AAYMOTg5biDvVYr4GAeLBg==
last-modified: Mon, 11 Dec 2023 10:15:56 GMT
server: ECAcc (mdr/6790)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
x-ec-bbr-enable: 1
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Mon, 11 Dec 2023 11:15:56 GMT

GET
H2 200 js.cookie-min.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/120377909830/1693233183213/humansecurity-hs/assets/js/dist/ 2 KB
2 KB 82ms
80ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/120377909830/1693233183213/humansecurity-hs/assets/js/dist/js.cookie-min.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cac5e10bd3d5631c178a838d415c28b126daca61e10e81e6dc36aa18919174f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1727
x-amz-request-id: MAZW84KFX21NKVZC
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b2d77f293176c0278a1d65d5afe1d1b9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693233183379
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Mon, 11 Dec 2023 10:26:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 29708ecf347192c02a40779f838f2dda.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: LVKDx31g5hiRxJMSIPYCqKTZgOeBIIto
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f9ceb865-03c4-4808-87be-c6d21516eb87
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 165
alt-svc: h3=":443"; ma=86400
x-amz-id-2: SKTgNel4iXW0CUFwq2B9JPV0MUUn02N2ag4xgN7XgQEQH8jjUZKuOme6nEiU9+aQObxwMZUyZ6kKtjbO4ze4g4csX6ZiDRzMId4rksu+mTQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f9ceb865-03c4-4808-87be-c6d21516eb87
last-modified: Mon, 28 Aug 2023 14:33:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9EHsOGFfJIKmouZP0f8vYGC4kn5atW0xiW3ru1NqWy%2BtQ7Qahn1HEiUe%2FbY%2FiMcFVPoVdgKRH%2FtGjaLgXoh6mQBoHk4u%2Buwi1ycwWCIgKAm4oWuqAH%2BNynbePNm3tJmeoWvpHDBT2SsquTsM1o2hMHcPw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials: false
cf-ray: 833d06ee0c0e1bb4-MAD
x-amz-cf-id: MIgoW3ZFD68LIMswgBPOZ08DXePifLPpZ2ERCulrJTgLRkbPyrSc3g==

GET
H2 200 shield-1.png
www.humansecurity.com/hubfs/ 12 KB
13 KB 878ms
876ms Image
image/png 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/shield-1.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

921373b8a29eaf00fbf1cd0564c1ce917fb2a40d6f562c5b88431fe0530ca0bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 274510439642952234785ebfa88c1fc4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-5862207449,P-3400937,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: MAD56-P3
x-amz-request-id: SSDDD13K631ZZGV4
x-amz-version-id: 9.gcTtGdad6IxMaTuMgRoNGBoTuxoK7p
edge-cache-tag: F-5862207449,P-3400937,FLS-ALL
cache-tag: F-5862207449,P-3400937,FLS-ALL
x-cache: Miss from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 12483
x-amz-id-2: gxiX2o0P3LF+R6mw3joixkAcIbksRdWscKdzYT6JGsD/ogRii98GTjqWM6+Cpq329ZW1+wYsWPkEgTLs1yDhk3zGlD8yWMsg
last-modified: Fri, 08 Jun 2018 19:07:22 GMT
server: cloudflare
etag: "a7f612073c41fe336a127bcdc8c85fb1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvEBCgLyI3%2B7WJEQXuQmd18vNFcmti1E2pm%2ByfMyOwHYjvbL4dtILlklQuA9AKrKu0rOY1jFtYD8g69pyUrdrdrOlEEU6RH7IJew8L1kBXVmdrwn28JS9ysJg3s6jKZqWCJDHcyAxCtQiDWjjVgr4r7qJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 833d06ee0c0f1bb4-MAD
x-amz-cf-id: P0yPL619C-RXRJ8LJk0YqVVxZ6WVgwctR8c1KMVZmDlelW6ufpHAWA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 HMN_Blog%20images_2023_ScrubCrypt.jpg
www.humansecurity.com/hubfs/ 1 MB
1 MB 626ms
624ms Image
image/jpeg 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/HMN_Blog%20images_2023_ScrubCrypt.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3d1129b6d17d69fec0fed613460f46eebe608d2182758819371fa8f8eb225ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-146489682239,P-3400937,FLS-ALL
x-amz-request-id: S5M8JS0NJCTZ521M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-146489682239,P-3400937,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "f66c3fc8cf70927900c8499fb488440f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1700592206819
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 96067a94609f0eba55814e78a68eeb7e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FTcherr.uCbuGdjnP0lGs2rPgwupJ7hr
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-146489682239,P-3400937,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1123529
x-amz-id-2: OHGR4ab+3N+6Nh6C/p4D3mHd0lQQwQLUGMroBII9ImTgQG324AqT/2sgg21GC/Al6aA/SCGjTKI=
last-modified: Tue, 21 Nov 2023 18:43:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FRWWNnyskGfuXB7EraECZ%2BSZHPzxFT7rMjlQD4GgP5wOfisqKBUm15pUymnGT9O%2FTvVzS%2FwGkcxBsi0H01KxDyuiLT5%2FfjA1cTQ2KqzIbpV6liYvz%2Bl1GjBy%2F9EmVwYWY0pkQ8q8roozQlupbm24gV0%2FdA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 833d06ee0c111bb4-MAD
x-amz-cf-id: Ul8KDdoXPb0o7CklO0V-QTmKLARoSWxnOKQd0rw79jpsF7HKl1zoYg==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 290ms
34ms Script
application/javascript 2606:4700::6812:5ffd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:5ffd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 2ed4d51c4c82439d51aa53380c830d68.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MAD56-P2
age: 1132607
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZoSNlI8H9p0XxflnOSxDRnbY9zJXOxGndrYtpnkyupjavRp5wDVeAd9dJulILZQO9xxBnOtA1Bf1bsNJy9lOGXH7zjKOwIJ%2BseF3s8M%2Bwoarp0Su3RMM6gLbcE%2BWAO7pocWh6sg%2BEdiMs5USW7vKNMBcyc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 833d06f1ae3b03aa-MAD
x-amz-cf-id: vkn-gTht5HFwaiaySD8hudXc7chyFFZBA62SDRUXx2ms9966wa-_Zw==
expires: Tue, 10 Dec 2024 10:26:03 GMT

GET
H3 200 3400937.js Show response
www.humansecurity.com/hs/scriptloader/ 1 KB
1 KB 409ms
368ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs/scriptloader/3400937.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

276783685956b2260ae97e06af66ce87eebfbe8d3f77fc4defb3e0b232c9003d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8209ac83-e953-4a49-a03d-2baa65ac8e40
content-encoding: br
x-envoy-upstream-service-time: 7
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8209ac83-e953-4a49-a03d-2baa65ac8e40
last-modified: Mon, 11 Dec 2023 10:22:37 GMT
server: cloudflare
x-trace: 2B29CBD0AA236722D0DD57897FDA9CDF0880268C07000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6ffdd984b9-fj99g
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a3Qaett3pNRAeWLT4ia5sSVPNcu0EzJV7wB2T0gvMj4zw99hXkP2tSoveO64U06w1siueyBnZpI6FTL7sa5PM34PWTEI%2B%2FRh3Urs%2FaxL4N5O94yOo1Lo2WogJTtksuFUP9UuFl%2Fzj4jzH9wBgclDpZlJ2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 833d06f0788a03fe-MAD
expires: Mon, 11 Dec 2023 10:27:03 GMT

GET
H3 200 index.js Show response
www.humansecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 157ms
116ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 c19df961760c76bdd5a67949a9005b8c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1138675
x-amz-cf-pop: MAD56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DrG%2B3nNe2P47kenO4EmO8nF7BBy4FxhsZOtd0PqeTJFy14mna%2FMWQC7dmx2l1lHUZtAiouUlGP8pUEtn1CKhBvkWA%2FWAcYuz7SN8R8Ka4HB3LT8n2XOBO2lNTiDjfNr78dVjpDctOLphRY%2FFq%2FezKDRbZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 833d06f0788b03fe-MAD
x-amz-cf-id: b_hy0hmkdh-SWOQA-HScQL0AtCz1GYb3qVYa0lnQrAm2zPTqI8fCiw==
expires: Tue, 10 Dec 2024 10:26:02 GMT

GET
H3 200 prism.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065958246/1693233184177/humansecurity-hs/assets/js/dist/ 21 KB
8 KB 219ms
168ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/91065958246/1693233184177/humansecurity-hs/assets/js/dist/prism.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

439042e0204db71db38bb4cbe130c3e520d35a14c2d9f65200308eaf1886eb64

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1907
x-amz-request-id: NT3BMJK8DQ028QH0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e04540ffd56a0772a80fe4364a8bf233"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693233184509
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zkFy2U0v.jSQC8vEXzv06RDRCJ.ugkoT
x-amz-cf-pop: IAD61-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 457d7526-aacf-414e-99c0-7a659d12dc4d
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3aQREEilN2g9SWyyxJ/F956UbhVkHnjrfjTfAPBpuy3bHqAQGjGoaX100gYv4fh++r5zTHPlYtg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 457d7526-aacf-414e-99c0-7a659d12dc4d
last-modified: Mon, 28 Aug 2023 14:33:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ox11QJwALM6ywu9Ace0GWPuVnrghCkqgDc3oQAmXdGFLIluSU7Pzk3tdOk77lGh0h8AtupgJN0452Vv%2BL%2FQ8pxMXXIiI0dGmotTsAs4tRWbG34Rw9%2FIe7lm3sfzxEaBDkfCcZQ5DzpennKlrgGnU5YdgwA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-gb4w5
access-control-allow-credentials: false
cf-ray: 833d06f0787d03fe-MAD
x-amz-cf-id: IB2gcwkvs93oVCF_cvI_hXttYwwGAEHU-9Z9iDAQ1lyp9bt1SbmF7g==

GET
H3 200 lightbox-combo.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307516677/1698698455711/humansecurity-hs/punch/assets/css/dist/ 8 KB
3 KB 222ms
171ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307516677/1698698455711/humansecurity-hs/punch/assets/css/dist/lightbox-combo.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

671367c3c0e84517f31e61945cd9ba416f89eb653dbc3c4d1828518ef5c627e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 206
x-amz-request-id: PASM0C7CFF9QAAZ1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"3d743ab0a1949bb9ac17908aa63faff8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698456389
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 b140d5b0fbed1dab248b0959f44a7944.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ELy4NSaJEl78PQk9TJ5aF_svDOrYHxB1
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: dd301117-ec4f-43ff-8be3-d1289dbe67e5
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 340
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JF5hlrdxEduJuoZo1jHSoE4VNEMjCjij4q4CBtLmHrucC8V7O1WN0Ml4cOm+IAjtiST3GOZB73g=
x-evy-trace-route-configuration: listener_https/all
x-request-id: dd301117-ec4f-43ff-8be3-d1289dbe67e5
last-modified: Mon, 30 Oct 2023 20:40:57 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UxnqzfB4EC5vKmaFACFbZjhfiBGABTCBNejFGRfL1tOJAzRgIphGnOIytFZI4F6w8bblQs%2FmUB9sftXgbyqEbTp9RHBZwTGPDDKlM%2B5kIOo%2BwTI%2BbcxdImRU96jsjub9cQrQkNRwmOOYI9QWzkhFftXqlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-b6rgr
access-control-allow-credentials: false
cf-ray: 833d06f0787f03fe-MAD
x-amz-cf-id: wqoSCVgaH6WWGA7fHwGSF29JJJrhLtaxtAMsRHsKCJsRj8JvT-B83A==

GET
H3 200 bulma-grid.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841263/1698698444648/humansecurity-hs/punch/assets/css/dist/ 26 KB
4 KB 222ms
171ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841263/1698698444648/humansecurity-hs/punch/assets/css/dist/bulma-grid.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

78142c1a0831423d3fee5308b442b24659445ac8d7c34b92bde6624cc012f4e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 206
x-amz-request-id: A80WN3212A4VWNMP
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"7e59b5a4545779f41e2037e047741bac"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698445418
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 6946167499a4b8f515865d62f0b0b284.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9qYDnhWep0M62FVMJnv5CyhdEIgIEl8a
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 90a8ff02-d8f0-4b65-b478-93bcc5f52113
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 196
alt-svc: h3=":443"; ma=86400
x-amz-id-2: T//fONkfxXTIC9UQuIjeMnrIXvn+p9wDj9Wjx4u4CWGg+/H988if7/3aE1L6cDpAhsHUkuY0PfI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 90a8ff02-d8f0-4b65-b478-93bcc5f52113
last-modified: Mon, 30 Oct 2023 20:40:46 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6oUPUYSPeLNcJmWN1zXNugZhhmNVwMi26GQ9xLu55Z43ahJUzqdg093rAg4IeLBNNUQv%2Bjjkydj4Iaqh0umTRYXO6tU2o0sFhh%2FHt9SeMycUigu4nN1817E3upsMrJg2N2XRNDpa4oABvbbNTV8hm9TsFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-vbm4n
access-control-allow-credentials: false
cf-ray: 833d06f0788003fe-MAD
x-amz-cf-id: bRl3lO3U2OBnpfvwxGhKU7trSF1c-t4voWKF6Lh5i0kDeyo_IS15ew==

GET
H3 200 flickity.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841264/1698698444616/humansecurity-hs/punch/assets/css/dist/ 2 KB
2 KB 223ms
172ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656841264/1698698444616/humansecurity-hs/punch/assets/css/dist/flickity.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27d001801da9af0f66dfdc4b42a2a22ef3c91682ec36157d1e38c9c75e16bef6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 206
x-amz-request-id: 25P81HKWGYFXTPM3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b75662d6f54e7a5c27d147376632748f"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698445246
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 dd8234c537f24852341189e294a7180a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Nbji9Bjxg49HIGnuSoWxjDbh9B0ruDRH
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ed00e7e4-9b7c-4533-a1c6-ce3edb0e514e
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 195
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UfTkqIArmggaJaxt+LTTkBWGgJtG/K1bu4jEaDGR3+6u9e8b16LRUF88L2S6+YrpuSmotfASOyg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ed00e7e4-9b7c-4533-a1c6-ce3edb0e514e
last-modified: Mon, 30 Oct 2023 20:40:46 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3kh%2B5CZss0q7Iu5Og5UzD2XwezH34SNFg%2BvVeboCi2yHr8wJbH3Q2OvWiRUntIcBAR1uACQe4kgtBbzkeoZhP6%2BY2JoYUI8JhBqVIH9WKKOCU%2FKDo72%2FNkXHozkS8Kz1w%2ButsQPN%2FP6p71A4QzLHyqlpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-b6rgr
access-control-allow-credentials: false
cf-ray: 833d06f0788103fe-MAD
x-amz-cf-id: xByks6FaWwr5QgfS-D51YDNRTLF_x-VJF7oMI8wdRb22om7Ubo1HUg==

GET
H3 200 custom.min.css
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115450692019/1698698457814/humansecurity-hs/assets/css/dist/ 0
1 KB 226ms
175ms Stylesheet
text/css 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115450692019/1698698457814/humansecurity-hs/assets/css/dist/custom.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
age: 1907
x-amz-request-id: JY3A3QT1EJJS8M4X
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698458499
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yPbyfUQgByZmsXz3Bv8lGkrQvoYQGHox
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a587a369-9a1f-4000-90e0-9c03126f2e08
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
content-length: 0
x-amz-id-2: vCWkH/YdShgSyHrb3yMEgQnVpANTTI7ltTHFy9b1An/hCGhopCKw6mGGPTgdO+wK686CJIWZuAw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a587a369-9a1f-4000-90e0-9c03126f2e08
last-modified: Mon, 30 Oct 2023 20:40:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWPyjn48YWGWu%2F5ZBgkugK4tHc6e34QG23JJBKAqQywKgRCz1tlsH5abFQo%2BZ2UfxgCG06QnqFvmpDvszJ0CwAdcBcGqkg3JWFHvahvtbCSC0F3UGw7KYOebXRxfcg6iXNTzAhDsGhrUgbHFLBzEctQBXA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-dfsv7
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 833d06f0788203fe-MAD
x-amz-cf-id: mRawhyB38StkYWgHrXB8aZzBLR3IUkftnR6x31SJ78KsN45x0BdV2A==

GET
H3 200 lazy-loading.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/ 3 KB
3 KB 227ms
176ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0d54140c9e5b41f4f5f8fd5583a8ae657452e2bec968966ab70c26d5ae77719

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 206
x-amz-request-id: WSBSNRE2055ADDN1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"4bad0a4c32f8ed6cc9ae26f79403ba1d"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698445767
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 16dfaf786e60aa9bf3b94684a08564c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Yf5CV0qo3j47sw1HNl1JCGV8Teo7T9N0
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e924d496-ec09-48d9-9092-fa47900aa579
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 182
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +pizeFidw2hO/Vxq8cS4+lSY0NZwb4sBSgfsPz+t7GhVyq21N2ZcLP+zd9HR73loMjD9coWPGaI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: e924d496-ec09-48d9-9092-fa47900aa579
last-modified: Mon, 30 Oct 2023 20:40:46 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaxjNEZC19ht%2F7hNFhBAD%2BY093MP5SWtCq5Faz7o2w7kh43vSKLIRK1xAvDTToxYPapZ7JJD3AeDY9BYgJ1amM7EC1NLv%2FaUsNIy%2BFDn14FUERUYcKXdtGUtKsSKUOaoPNIyfMRJ%2FLTws%2BodOwDepLbSrw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-7wfmg
access-control-allow-credentials: false
cf-ray: 833d06f0788303fe-MAD
x-amz-cf-id: lHWoB3LNaQLjJcpmFVhkLmtAPP1BvBN5Q2BtBk2784_pQuUeHZMOoQ==

GET
H3 200 jquery.magnificpopup.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656499996/1698698454228/humansecurity-hs/punch/assets/js/dist/ 20 KB
9 KB 169ms
118ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656499996/1698698454228/humansecurity-hs/punch/assets/js/dist/jquery.magnificpopup.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a123eebd3f1e4f9b4641216ddc8aee3dd0ecc035cc9d2f6ed7b92c979fccc326

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 205
x-amz-request-id: TRH24GP3WMTS1MBX
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"23546b2633cc3b557bb3a13ac0d1c719"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698454685
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Z8c.zQZTpLTR3hloB_6tTCMVZf7YWzdO
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9531ca79-5972-4357-877e-3563a6e1524e
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: wpKTJwEUGioJ7jc6o5z6ZCpeYqZX9qqozyALa2v5WZVAZIk2fc32i6kNDixnLL1WpTRQB7gm60c=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9531ca79-5972-4357-877e-3563a6e1524e
last-modified: Mon, 30 Oct 2023 20:40:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F50YdtISC4U4ulwxWCHQSwDXGN1nMgqglqCSCXVwmvICaCacXM6DYMLuVdS7nil4wdfKwm291d1ZdwnTMo1pDphaOML3Q3WqaK9PFeCKLhbh8s6nhDb1bKhCWh23%2B22V3iwey5c5UP3xu2%2BEeImOww51Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-bz2xv
access-control-allow-credentials: false
cf-ray: 833d06f0788403fe-MAD
x-amz-cf-id: XUV1QuP3qu_An-frXHYHgNnsAHTVUZP20GSUtcX3fAuC0ZcbJ4AOqA==

GET
H3 200 lightbox-combo.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115294898870/1698698465768/humansecurity-hs/punch/assets/js/dist/ 24 KB
10 KB 229ms
179ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115294898870/1698698465768/humansecurity-hs/punch/assets/js/dist/lightbox-combo.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54922aed651f983596d7c4d47b075f10dfa004fffe6c60c15c59ecdc1856529f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 205
x-amz-request-id: CEMNNXHKWZ8GRSSZ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"687a6f388e56976362f732fa3410027c"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698466182
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 3f2e448716e86a35bb027a469c98be3c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Z2qYXgQrn1sAYMgJaB4fmdRWcdJjRpcy
x-amz-cf-pop: IAD61-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1852796f-e634-4b95-bf2f-9ee23df0fb22
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 204
alt-svc: h3=":443"; ma=86400
x-amz-id-2: i+DXOAl5D01gyEXKegSeVRwTAee3LLiinJwkszEDQuXuTCcSnKQMze4VMvDebum1g6F7QbEoiVo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1852796f-e634-4b95-bf2f-9ee23df0fb22
last-modified: Mon, 30 Oct 2023 20:41:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6CTh%2Fnf2lp8gFZ2kjr6%2FN45zOLlGNNoxz9ojfIRXJbwaBBA3x8g2RjpWu4OdTfs%2BMj%2Fc3MWBdWAq56zYoV4rzvJHMDuQm545HVQrKt1b%2Fg3Anm46DFqOTKLHavBksxWj4INcpkUMI6u7HsKLbS4lSVcqtA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-rfdpm
access-control-allow-credentials: false
cf-ray: 833d06f0788503fe-MAD
x-amz-cf-id: 63a5ASdjVDqHIJJ1XBqaG8QNF4wTU2tomFnzpIViuebC7vQ4B7MFMQ==

GET
H3 200 flickity-combo.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656625716/1698698450031/humansecurity-hs/punch/assets/js/dist/ 67 KB
19 KB 226ms
180ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656625716/1698698450031/humansecurity-hs/punch/assets/js/dist/flickity-combo.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3b1eb7d0f0f9f6b02dc4d100a34d5ed61b9b22e284ef8b8fc16dee56cb0453

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 205
x-amz-request-id: A80HT5BZ5S3KZWXH
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0b1204d9265290f1b3d4250e491d06dd"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698450553
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 eb9a7c491927f70f3921f0803caae61c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GimN2TGknN6ISiFH7QYtlMG3s3fZ.Bow
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4949031d-627c-454a-bbdd-fde319a7d2d0
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 03nd0Amh8dIwSi4WIFWiF40Qs5rtJXeFirni5eltpKcJQxYtd6/94RiEHQu3VYVMBeBc3bNhPDALOiRKV0zHE32ZR04lHHAFl1Cuhlyg8RU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4949031d-627c-454a-bbdd-fde319a7d2d0
last-modified: Mon, 30 Oct 2023 20:40:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g1fgnfSJUdT0054%2FHNeEXzn6Wz1Qy409Vb3ThoxNelzu5D8ZkaaQyMv0Gu3ELIgxgr9cfsV6cKyZWLQLONCrTOheCLghOUwMfH2seP0Bw4Nj0JFcmSHBT3MYmQQgsa06KPuTA0kFTbdlX9uT0xt%2BTh4XLA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-b6rgr
access-control-allow-credentials: false
cf-ray: 833d06f0788603fe-MAD
x-amz-cf-id: mwtf8S7dgjV5yo5LzMuZnjirNGz3LgNYVzn_mmJzgSDrLhbNkP2G6w==

GET
H3 200 frontend.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656674711/1698698447070/humansecurity-hs/punch/assets/js/ 7 KB
4 KB 227ms
182ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63656674711/1698698447070/humansecurity-hs/punch/assets/js/frontend.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd5e60442181c68a2711c4a407db551e51e0af167f16b86775ceb7e56679a045

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1728
x-amz-request-id: A80SSPX2NEHT5YYZ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a4f49c0d3a6711894e9c55d1c0c7de21"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1698698447313
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 3fad6888361bd8bcd9c5b458635f78d0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9kHHRG.4lQ.A7FuJiqDBrnDLMH9bi.w1
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5d2a6872-1ad0-421a-8fec-aef6ea28a52c
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 160
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GsyIYw3YjcYrrClPMFuDnImB0tgpMtNQB7jUnNpnMZPTX30JPT2xBhl1qSQhiS3KR9xv2dp/hFs=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5d2a6872-1ad0-421a-8fec-aef6ea28a52c
last-modified: Mon, 30 Oct 2023 20:40:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkyxKkbQRKyhDkiEONUoagz49d64p2WCbcAHSodpIVST3DLUvQqwhgH5s0AW5bahZ9%2BEngPzeWtKYD4stQWsdxs4IEU%2BHjDDFt%2ByMDMbO4jNNNUp%2FOU3WnyifKmPYYqVI%2Ff67vtMq821uNoCEWmyf%2FB9dg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-b6rgr
access-control-allow-credentials: false
cf-ray: 833d06f0788703fe-MAD
x-amz-cf-id: HVD3nN2x6zvzVVmqtLuOlSjhQMUYpOqrF82HoOfWao-g2NFa0AApgQ==

GET
H3 200 main.min.js Show response
www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820292/1701277809330/humansecurity-hs/assets/js/ 5 KB
3 KB 250ms
204ms Script
application/javascript 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820292/1701277809330/humansecurity-hs/assets/js/main.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d651066ec06c641549632f4776b2cdbf638ca0786adf1c58f44a2728daed9b00

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 205
x-amz-request-id: 8NGCTB9N8W5245YG
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"685174d68af17bd7d0e6a28ceb5be545"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1701277809525
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: vY8wV06NgfCiTijo9TsZU9.WhSQoNj73
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 47c35a1f-09cc-487d-bbfc-23f413e4b194
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 213
alt-svc: h3=":443"; ma=86400
x-amz-id-2: wHcv4FQG1WiCNxuhVpecwwJZbaR4ENSHXVSMsJo/wawhEPTf0rYgb63o/H5nllhXzqzGl/uQfTE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 47c35a1f-09cc-487d-bbfc-23f413e4b194
last-modified: Wed, 29 Nov 2023 17:10:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdlDl8r7q5hwNTfEiAebkDYqs%2BA7t5H2muTA5FgHPfEeEfhc1RwsgFx8gbt4gk%2F9lVSd01Vv7ZqKgzixKCeMMfh2jRhFLU8szVZAhtow8M%2Bihu19Y65WqSYIzbz3SWfg%2Fb%2BchpOA18%2BCGqQXqjiAPfxvBw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-pbvdq
access-control-allow-credentials: false
cf-ray: 833d06f0788803fe-MAD
x-amz-cf-id: HT20mdKKt5UyJWAV7Zq_UgBio1_3hNM5HPBnvvta1FqrTK3TVy004Q==

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1 KB 210ms
70ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap

Requested by

Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1701277807468/humansecurity-hs/assets/css/main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b01d8e5687c5757ac34e6e52cb8e7d87963a1d621786a27046e225c7911cb705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/63463820289/1701277807468/humansecurity-hs/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 11 Dec 2023 10:26:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 10:26:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Dec 2023 10:26:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 311 KB
102 KB 432ms
137ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e551ed351d139ea878170841c997646dd69fe6772b726a06bd01a18e1a79ea04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103673
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 11 Dec 2023 10:26:03 GMT

GET
H2 200 10c1c946-3ec8-49a0-92ce-5be53945f2bc.json Show response
cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/ 4 KB
2 KB 206ms
60ms XHR
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/10c1c946-3ec8-49a0-92ce-5be53945f2bc.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4a42e8f77ed647b32311ffc6b611bdc77b6296726e51cfc958ac736c63a6654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 70094
content-md5: gKPVf/0JY7LPyMXBubVDLg==
content-length: 1651
x-ms-lease-status: unlocked
last-modified: Mon, 10 Jul 2023 18:48:56 GMT
server: cloudflare
etag: 0x8DB817650AF29D1
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1d2a2bae-c01e-000f-5871-224fef000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06f0cab82faf-MAD
expires: Tue, 12 Dec 2023 10:26:03 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 352ms
67ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 11 Dec 2023 10:26:02 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D6D0709BB948461A8ABE82BFBFC59722 Ref B: LON04EDGE0712 Ref C: 2023-12-11T10:26:03Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H3 200 Single-Post-Hero-Bg@1x.jpg
www.humansecurity.com/hubfs/Website%20Assets/Backgrounds/ 15 KB
17 KB 224ms
202ms Image
image/webp 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/Website%20Assets/Backgrounds/Single-Post-Hero-Bg@1x.jpg

Requested by

Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1693233182285/humansecurity-hs/assets/css/single-common.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b84398de46283985db9507da817ab6fd1c66687b7b9f6d1bf3e0de29bc2b3e28

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/hs-fs/hub/3400937/hub_generated/template_assets/115451707707/1693233182285/humansecurity-hs/assets/css/single-common.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-115446220894,FD-65670907291,P-3400937,FLS-ALL
age: 1906
x-amz-request-id: WEA0XZF1K1BRGVDV
x-amz-server-side-encryption: AES256
edge-cache-tag: F-115446220894,FD-65670907291,P-3400937,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Single-Post-Hero-Bg@1x.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "dd6b6465df335a37717da6c525533fc1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684015842832
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 942bd6c761a03db10eeb06f36c8562f4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CdDX03HZKu6sllEw2p2ZvE8w0miVHEku
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=34092
x-cache: Miss from cloudfront
cache-tag: F-115446220894,FD-65670907291,P-3400937,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 15628
x-amz-id-2: 0W7oYp9koY252hOL0eLpfUtX6kny5oNV2os23WmjNp4eqtdmN2xqvP4Uvm9JDovQemQU52R4D9g=
last-modified: Sat, 13 May 2023 22:10:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GV036B3bxPWC3sq4BvOpV2kLRiTfWkApA2Ss1IXlDAiY0IU9A6Rg14MK3tX431dJQBOn%2F4hAPZ0yI13IL94hpjbbB8neaV2ZDV%2B1Lnkh6H4LnZvaiPw50PNZsIiQTW13B5pWRomBStr5xIZzTVfLtsAEwg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 833d06f0889703fe-MAD
x-amz-cf-id: uYKrg2AlLOAYHGg6MaJsfilQZpNgFW8TCUu71vRE7WMvkMK_LiEhUw==

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 409ms
147ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 11:42:02 GMT
x-content-type-options: nosniff
age: 341041
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21724
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 11:42:02 GMT

GET
H2 200 7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 510ms
249ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:27:00 GMT
x-content-type-options: nosniff
age: 298743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21144
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:43:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 23:27:00 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 21 KB
21 KB 378ms
117ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:15:27 GMT
x-content-type-options: nosniff
age: 256236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21440
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:46:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 11:15:27 GMT

GET
H2 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v12/ 20 KB
21 KB 376ms
115ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:22:08 GMT
x-content-type-options: nosniff
age: 3835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20960
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:18:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 09:22:08 GMT

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da31b307de5b846844535120ed1f2061759f2bd4061b1e9afbfad493b9077317

Request headers

Referer
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: font/truetype;charset=utf-8

GET
H3 200 HUMAN_Guide_2023-Holiday-Readiness-with-GCP_Thumnail.png
www.humansecurity.com/hubfs/ 59 KB
60 KB 145ms
142ms Image
image/webp 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/HUMAN_Guide_2023-Holiday-Readiness-with-GCP_Thumnail.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c1810340f174c7b6c869da26bfb8c174de1cc7087adae140d85e822fe2127f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-131239878554,P-3400937,FLS-ALL
age: 178413
x-amz-request-id: E8FNV34RDYC11ZEZ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-131239878554,P-3400937,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="HUMAN_Guide_2023-Holiday-Readiness-with-GCP_Thumnail.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "b99a501b64dd30589882136eb80490d6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692727508824
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 942bd6c761a03db10eeb06f36c8562f4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KexLUmugVY1coi_GuIztahl9sN3CnG2h
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=104240
x-cache: RefreshHit from cloudfront
cache-tag: F-131239878554,P-3400937,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 60268
x-amz-id-2: BDWnIZX+Q/lstKnGRhAQjmyK5WC6DvxKz0W6OTrG100VnbYssSMIYQ4eqaz1IhBlUsYKm25cL28=
last-modified: Tue, 22 Aug 2023 18:19:06 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QfNIrI32O8rHJzNig0qulL6R3GqJlsaTGA%2B0JbwDwToYvM6dKSs0WefetRXotVF1Gb5Qysa%2FVRdsM%2FIClhZqDojf65mgTBKru15dG8Gq9OFsYvs5HNetgCWe7UZwl1rTt81pKvGcbL8zjFhC200pTntJYw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 833d06f0f92903fe-MAD
x-amz-cf-id: 9npZFHklbZ-DgmQ77n5YUtiuVmPs8vuKWUFnLZBRrk9V34NUK5C5kg==

GET
H3 200 HUMAN_Report_2023-Bad-Bot-Holiday-Report@2x_thumbnail.jpg
www.humansecurity.com/hubfs/ 15 KB
16 KB 178ms
176ms Image
image/webp 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/HUMAN_Report_2023-Bad-Bot-Holiday-Report@2x_thumbnail.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a829e72b4b812afffd783bdbb1955c9dc162897cd089f84fcd966bce8f4c689

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-129273736200,P-3400937,FLS-ALL
age: 1131082
x-amz-request-id: H7QTV08DBHZRAAHF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-129273736200,P-3400937,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="HUMAN_Report_2023-Bad-Bot-Holiday-Report@2x_thumbnail.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "7248f2dfcc3ff294cd69f4f571e04fe2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691602089052
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 02f18a297253b2e336ff43d5a9bf889c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pUHHHCXVi0UCtA7ymGsMOEYYgLi2wCJM
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=89932
x-cache: Miss from cloudfront
cache-tag: F-129273736200,P-3400937,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 14926
x-amz-id-2: OWFhkj9sB8hAwmHD0CamdbQzIpBikCYpNbTR9Gi0HEYnOdzYSCEDVW3uYwENMHDUglmju+INSK0=
last-modified: Wed, 09 Aug 2023 17:28:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tB1puN3IJAdeDrwa5S8DxOvraQmLe1JOW1ytQCmuH3uZSZSYHt2TXWTWpakiN%2F3i7ih6CeXyO2CgfwANjVjn0vI3%2B1ToyG4Qqkx0Q8d8cw4qF77JyBsyGM8SiJMKoxrF6POP3mCr3TiYUeRri6Bz0NnEkg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 833d06f0f92b03fe-MAD
x-amz-cf-id: a1jmE8rFFR28yDjMfN__ab_yNkFJ3bxgb3p-Tl79VXpVmzbyawSg5g==

GET
H3 200 HUMAN_Ebook_CISOs-Guide-to-Frad-Prevention_Thumbnail.png
www.humansecurity.com/hubfs/ 41 KB
42 KB 179ms
177ms Image
image/webp 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/HUMAN_Ebook_CISOs-Guide-to-Frad-Prevention_Thumbnail.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c89fde8de5179fe3688ab8130fe3f87d9e349d8df226fda5b1d5c62cb341f80f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-136449987097,P-3400937,FLS-ALL
age: 964127
x-amz-request-id: CT2VGT8CKRYR8C2M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-136449987097,P-3400937,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="HUMAN_Ebook_CISOs-Guide-to-Frad-Prevention_Thumbnail.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "d89ef27e0be06d6f01d7cf412e8916e8"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1695657016325
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 96067a94609f0eba55814e78a68eeb7e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XpTnatLp9JBlpmwjN1n8ss3wdTytH1ry
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=74082
x-cache: Miss from cloudfront
cache-tag: F-136449987097,P-3400937,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 41802
x-amz-id-2: 2vTyPPnAhspenOWVkpn68Ye7TuCzag1X/wocL2wwzElDvRZeUqOmwVgZhlhxVzb8AypzuGddk7I=
last-modified: Mon, 25 Sep 2023 15:50:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqLZcZrenDWwKQEWszLMuLkt9exQOdgduUAp%2FSmMbRoBSg6Mh%2FVVwMMxlV4FG3O5S0j%2B26WKiy%2BvVRcRyi4k%2BG3I5Wwh9GkFm4EV8s6VBKuRhIpCXuQ9jDhM%2FmboSexWdpu%2FZRk2E8f7LTMRetH0UTSN%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 833d06f0f92d03fe-MAD
x-amz-cf-id: gvfY6nwT0vkBPS9ZO2j1MD-6o4o4jzT_wsOixUvssS3yB7SJQmdg8w==

GET
H3 200 Human-sample-menu-img.png
www.humansecurity.com/hubfs/ 40 KB
41 KB 189ms
186ms Image
image/webp 2606:2c40::c73c:67e3
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.humansecurity.com/hubfs/Human-sample-menu-img.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2580bceeed19faa6167d76f4ee0682676956cab8b582c3cd14b163af46d4f5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65181481088,P-3400937,FLS-ALL
age: 206
x-amz-request-id: 7ZX7HR4X80JPY3QR
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65181481088,P-3400937,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Human-sample-menu-img.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "16cc4768db24cc9cf01059ba4d85a618"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1643668447424
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 274510439642952234785ebfa88c1fc4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FliBcfKN47l4IQdKscEjRIwVxujWKTnP
x-amz-cf-pop: MAD56-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=72564
x-cache: RefreshHit from cloudfront
cache-tag: F-65181481088,P-3400937,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 40528
x-amz-id-2: n1D1kOKej+x4WwaLzENrCigdKEAXgGpyDn6QXKFMheleUZmRonWksEG1SLBG6lcD9Qw220igBAcZA3XW5DEb098sgkurLkmS
last-modified: Mon, 31 Jan 2022 22:34:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sKM8KloQrOyRO2bIEzqpReFcjM%2FSbCw%2FF%2FGu2odLLeCWqi4dh6JnEK4plFc2%2FdEZN7vV7geiLB2%2FhVTOG38eiJdCtUPmfZ1z%2F5n465%2BoemUm1iT%2F7t87tnk8dxV%2BW6GmzVLJmL1Ua9JgQ5St3IiCxnvNGw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 833d06f0f92e03fe-MAD
x-amz-cf-id: vUp1C5PLE1w0WO_K0NuNb2zJQKGIl4MP2-gQPGNKcMRXPFVxFM2NWg==

GET
H2 200 BAnAmr93uTb_-YcOqzQhIRUAS9X5f_o6ypFRmm3pnBBqDK-3Ki18C7696t6MD377EqWPFNZWaXpUPtOoRVcoX_1NJhqSOodCBqNPrgdKYgDXpf6SB-2GDdqKLuIkdvvsVphcGwXsk9zeiV3TL5CrfnE
lh7-us.googleusercontent.com/ 861 KB
861 KB 863ms
523ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/BAnAmr93uTb_-YcOqzQhIRUAS9X5f_o6ypFRmm3pnBBqDK-3Ki18C7696t6MD377EqWPFNZWaXpUPtOoRVcoX_1NJhqSOodCBqNPrgdKYgDXpf6SB-2GDdqKLuIkdvvsVphcGwXsk9zeiV3TL5CrfnE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

616805c817166b2e84970050b9befb647a561ef191e6b426505f0c551c72030e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Untitled.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 881575
x-xss-protection: 0
expires: Tue, 12 Dec 2023 10:26:03 GMT

GET
H2 200 Q7V0Hv6rx_18pgp-2wKzmSdUdmzhCztnuDF1-_O0dXruWB9SCI2f9KnW5dLfxNA0MosXmCZt3H1mtl_cYh56BvXLLOlZX8L9lOkygXZmTTN3WE07Hu81R1G7fQlrHhnCGisQiUxASgJ9jvqdlz_v4wU
lh7-us.googleusercontent.com/ 174 KB
175 KB 613ms
273ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh7-us.googleusercontent.com/Q7V0Hv6rx_18pgp-2wKzmSdUdmzhCztnuDF1-_O0dXruWB9SCI2f9KnW5dLfxNA0MosXmCZt3H1mtl_cYh56BvXLLOlZX8L9lOkygXZmTTN3WE07Hu81R1G7fQlrHhnCGisQiUxASgJ9jvqdlz_v4wU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

87e7b7c7451d079fc49d7a692e4c8ad44315d8bbe3ce8d40fc1e56c79a729088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="Untitled.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 178453
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 12 Dec 2023 10:26:03 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 350ms
129ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fc983eeaef602a2a60c0cb3ad4e90053a4fb2ebbe39a95934f7fdc2366365fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 11 Dec 2023 10:26:03 GMT
content-md5: dbqBm6+9hS/JOp/SmQSJqw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints
x-fb-debug: XQjGIci4nZMa0deZ6hsD65sSTbrXI0gCiDCdfbm2krgTVxUlkw5TOnsxzy5PFsOwLwH6N1ytWx6GAj4gDbzG7A==
x-fb-content-md5: b65661af5e205f70ed4b14172146d33f
cross-origin-opener-policy: same-origin-allow-popups
etag: "cea6b359d7aaa3a96fdcab2d3a8073de"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:43:36 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 469ms
42ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mdr/668D) /
Resource Hash: 25ddd86f5287d140be6921358b86bc0577b4e434dc0c92adf5537b07f8a7692a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Mon, 11 Dec 2023 10:26:03 GMT
Content-Encoding: gzip
Age: 112
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27594
Last-Modified: Fri, 08 Dec 2023 15:37:51 GMT
Server: ECS (mdr/668D)
Etag: "f97cd33462674ffa90e36fef4d921711+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 350ms
222ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3400937&callback=jsonpHandler

Requested by

Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1947ed59-560c-4f5b-b037-50b9d69102cc
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=833d06f3383a5e16&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 1947ed59-560c-4f5b-b037-50b9d69102cc
server: cloudflare
x-trace: 2BD6FF08E3E252778A21553C2DC825707FD2AFC988000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-rjqc8
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 833d06f3383a5e16-MAD

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 67 B
312 B 183ms
55ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ccfd8491a4f2101549ea6031091edc3616340f714216323f1f604f674749239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 833d06f47a5037c7-MAD
access-control-allow-headers: Content-Type

GET
H2 204 97050842.js Show response
bat.bing.com/p/action/ 0
117 B 74ms
62ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/97050842.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 11 Dec 2023 10:26:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9FC88071B46A4FA6B57900330B3D38DB Ref B: LON04EDGE0712 Ref C: 2023-12-11T10:26:03Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 81ms
72ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=97050842&Ver=2&mid=94a0270d-b94c-42ed-9851-0766ab3b786e&sid=afcad930980f11eebbe1d5ff03280461&vid=afd7d0d0980f11ee868f6305e99e4aaa&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&p=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&r=https%3A%2F%2Fgo.humansecurity.com%2F&lt=1195&evt=pageLoad&sv=1&rn=730832

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 11 Dec 2023 10:26:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B34E8D966F474B4F94230FD700C752E1 Ref B: LON04EDGE0712 Ref C: 2023-12-11T10:26:03Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 3400937.js Show response
js.hs-analytics.net/analytics/1702290300000/ 66 KB
21 KB 327ms
171ms Script
text/javascript 2606:4700::6810:4fba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1702290300000/3400937.js
Requested by: Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/scriptloader/3400937.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d55d865de6a1ed121dbef7a289cd97ce22289ddc7cc4659f0804954427bbdb0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: SP70MAZCTNJ1WTAD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: fd86a60d-e3ff-4a05-9e2b-11e1e2044fc4
x-envoy-upstream-service-time: 26
x-amz-id-2: OnoPvA3qVx6p05VKllGdu+lM+iPaBzZZUVzvi45z7odyM+fgcMXDfmKUFOXL4jZf0CEWeKULc6o=
x-evy-trace-listener: listener_https
x-request-id: fd86a60d-e3ff-4a05-9e2b-11e1e2044fc4
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 15 Nov 2023 17:16:06 GMT
server: cloudflare
etag: W/"ec761dbdaff091f50d8fdff6fc0010f9"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-fd6fb8679-vfzwq
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 833d06f65c9986cc-MAD
expires: Mon, 11 Dec 2023 10:31:03 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 234ms
79ms Script
application/javascript 2606:4700::6812:7b0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/scriptloader/3400937.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7b0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a59a536f6a35976c81d050cc1f734740643674e9736ae066f85213a5535e7a0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 48461
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1291/bundle/main/lead-flows-release.js&cfRay=833867d2298d5e17-MAD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c314aa317d74a89c787c3c4a9d2fd97c"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1291/bundle/main/lead-flows-release.js
date: Mon, 11 Dec 2023 10:26:03 GMT
x-amz-version-id: QUNwK0xemzsIqupWMH2b5phjsLRnkTKD
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: a567d768-167c-4e5e-8791-601829cbb911
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 12
x-evy-trace-route-configuration: listener_https/all
x-request-id: a567d768-167c-4e5e-8791-601829cbb911
last-modified: Mon, 04 Dec 2023 12:11:15 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-rjqc8
cf-ray: 833d06f6587569e8-MAD
x-amz-cf-id: Qr-Z9kubz_wgUMcu-s4BYNuBxCxPqp2Nrzhid2U6keNYkS9cckbDpA==

GET
H2 200 3400937.js Show response
js.hs-banner.com/ 60 KB
16 KB 203ms
48ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3400937.js
Requested by: Host: www.humansecurity.com
URL: https://www.humansecurity.com/hs/scriptloader/3400937.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c75be566e7acb975a7ff713df6bcb93f7db75f622863200c0d11ee2a302217ab

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
x-amz-version-id: .E7XtoknZ1OfcFg0SisuWFLR8a3evcLl
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: NTH8S99GGGT3KTED
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 366bdbe7-c46f-4ccb-8932-7ff1968ab961
age: 205
x-envoy-upstream-service-time: 35
x-amz-id-2: sIHOokmCU+FRSfRw3otLL0De4GVPLAhdJUF91UwejvUh4yIJIM2ehhMVtMbItUt7uVOBQS7vEQo=
x-evy-trace-listener: listener_https
x-request-id: 366bdbe7-c46f-4ccb-8932-7ff1968ab961
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 13 Jul 2023 01:03:26 GMT
server: cloudflare
etag: W/"eb444a2c2e9dfeb288e0490da25ccfe0"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.humansecurity.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6849bc8697-28qjm
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 833d06f65cbc37d3-MAD
expires: Mon, 11 Dec 2023 10:27:38 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202303.2.0/ 400 KB
97 KB 63ms
55ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8e166157d90ed13492b8627e50c606aeab874cd0a5d6ed3b7c8a7988a3d46d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Sw59qQKTUz8IJh2hCY03KQ==
age: 15550
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 98810
x-ms-lease-status: unlocked
last-modified: Tue, 16 May 2023 03:39:51 GMT
server: cloudflare
etag: 0x8DB55BF34FA32B5
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b7b472a4-301e-0079-5d1c-12c5a7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06f5ae392195-MAD

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 304 KB
86 KB 193ms
100ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=ce637470df6de9f71f70bb9837c25d95

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d19641168b88316a302b822322ba73fcb03f210ca269dc2460e6d14815eb9a52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 11 Dec 2023 10:26:03 GMT
content-md5: MbKMHxstry/uFPjrfwOK6w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87803
reporting-endpoints
x-fb-debug: QPpnFbft+Fypgbx1fauG4hlxDkcpdbdnST97tl+lvBKH8Sihx2dNZivrAw4lUZUiNsiZNtVSQ+UIrvk9W9zumQ==
x-fb-content-md5: f8709c2a0a32bca57aba32c985bbbbc8
cross-origin-opener-policy: same-origin-allow-popups
etag: "9e2d61ce6566df636d4f818a7297d2a5"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 10 Dec 2024 10:14:43 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 163ms
53ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15ebddd8f42a017abf38230bbefe743a7a4daeeeec69785baf43ce930d3de6ff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
x-amz-version-id: d0fvXwBE1KKHAVrX57LqVGhiliHVZHvh
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Thu, 16 Nov 2023 09:35:17 GMT
server: cloudflare
via: 1.1 8692422a46e533f30b9ae6995938ab04.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD53-P3
etag: W/"84c587b3edbc3a49ffac053ea2e2f6f6"
age: 59050
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cf-ray: 833d06f658a62f92-MAD
x-amz-cf-id: vLclhXobJexKRgC4HqdSwkzjFdNoV509SGza9VOfksBVdWsGGDJexg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 280 KB
92 KB 132ms
62ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-59DHKRCY6M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2eb345a641bc3ef5bdbcea292d072b6f8d211a5468ea041a404d60657114684b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 11 Dec 2023 10:26:03 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 63 KB
17 KB 354ms
70ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

a9e9d5d62bdbbe46fee9a3a0ba4c2d7fe5a6f4b53c10df3ac7d34796ffb7c96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Nov 2023 18:58:50 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "656789ea-fdc2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17428
expires: Mon, 11 Dec 2023 10:26:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 266ms
57ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 11 Dec 2023 09:48:18 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2266
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 11 Dec 2023 11:48:18 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/878225418/ 4 KB
2 KB 304ms
96ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/878225418/?random=1702290363821&cv=11&fst=1702290363821&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v830094232&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&ref=https%3A%2F%2Fgo.humansecurity.com%2F&hn=www.googleadservices.com&frm=0&tiba=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&auid=194970871.1702290364&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc87bbee4d860782ded090f1ada538b42cd0810e8a729755c5fa1c8cfc01af47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1568
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
807 B 257ms
54ms Script
application/javascript 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d59318dbc0445735297ba2e769e2bc60358a0abfafe66f503ddc0a09610c28b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Dec 2023 09:10:47 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=81833
accept-ranges: bytes
content-length: 597

GET
H2 200 hotjar-3389720.js Show response
static.hotjar.com/c/ 9 KB
4 KB 223ms
47ms Script
application/javascript 18.66.97.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3389720.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-49.fra56.r.cloudfront.net

Software

Resource Hash

d39349e3fa22866d083e3065c3c9e0a55f5efc23516993cc5ce5f64a3364dcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 11 Dec 2023 10:26:03 GMT
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 5
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/1c78d205a5367110e155ace065f4db25
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: MOoOCnq6ox-Z_TC7dK-tAK6XBfRxMONS_LVLVb7irMD_Vis12ABqQA==

GET
H2 200 5210.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 285ms
162ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/5210.js?p=https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&e=

Requested by

Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 3e9605c5-915b-4c38-94fe-f3ec9138e89c
x-runtime: 0.003542
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 833d06f7b8355e12-MAD

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 270ms
35ms Script
application/javascript 2606:4700::6811:4341
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: J9FWN4V8MFDZBS37
age: 4836
alt-svc: h3=":443"; ma=86400
x-amz-id-2: e8H3Lp/nVsbLWZoceCC2uH2jRmAsTPqZKbGVif1bfQvzKh2lziiuBUE2zKENc0QRlpwrM4oo58A=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 833d06f8595b8674-MAD
expires: Mon, 11 Dec 2023 14:26:04 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 260ms
87ms Script
application/x-javascript 184.31.85.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-85-59.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Mon, 11 Dec 2023 10:26:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 main.min.js Show response
client.px-cloud.net/PXxDhGmtcm/ 165 KB
74 KB 328ms
47ms Script
application/javascript 2a02:26f0:3500:11::215:14d3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:11::215:14d3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cca669b9ec3ba9fe4847b07552d42e71179264201e58573e736714c906d4f771

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
etag: "294c7-M2ncpqa3+fFvi0KmEdWHn7e0fuY"
x-px-hash: ZWYwMGI3MWRmYWExOGZiYmY0ZGU0Y2M3MGVjNDJiODg2MmE5ZDkxYWNhMWJhZmY0ZGQ5YTg3MGU4Y2E4ZDU4MQ==
vary: Accept-Encoding
active-cdn: Akamai
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
content-length: 75240

GET
H2 200 main.min.js Show response
client.px-cloud.net/PXf69I9fY8/ 164 KB
73 KB 389ms
119ms Script
application/javascript 2a02:26f0:3500:11::215:14d3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Requested by: Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:11::215:14d3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 671cbddf551402cbb9ffcdbcf6cf16299a715f0e0ce9fa409a47c6c93720373f

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
etag: "28f50-TaegBk2UApOhGL50s6Mr0Qu6EgY"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
content-length: 74784

GET
H/1.1 200
OK widget_iframe.979019d93e57e124a0ac3dd81bd32027.html Show response
platform.twitter.com/widgets/ Frame 8FE5 319 KB
104 KB 37ms
32ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.979019d93e57e124a0ac3dd81bd32027.html?origin=https%3A%2F%2Fwww.humansecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mdr/668F) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 240419
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 11 Dec 2023 10:26:03 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Fri, 08 Dec 2023 15:37:03 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mdr/668F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
X-EC-BBR-Enable: 1
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/00f3a755-1fe4-4724-a84f-485fd8516370/ 66 KB
14 KB 54ms
54ms Fetch
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/10c1c946-3ec8-49a0-92ce-5be53945f2bc/00f3a755-1fe4-4724-a84f-485fd8516370/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b54028de37c84f4aeca11a73d1b1e1bd07de8ef2bc096281b432e497f9dd0ec9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 70094
content-md5: 6PLJEspOGyE/L+rXgCYpCg==
content-length: 14030
x-ms-lease-status: unlocked
last-modified: Mon, 10 Jul 2023 18:49:00 GMT
server: cloudflare
etag: 0x8DB8176530CBDC9
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 130bcd46-401e-0073-2a82-136110000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06f68d442faf-MAD
expires: Tue, 12 Dec 2023 10:26:03 GMT

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
131 B 154ms
137ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/3400937.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a6e0042d-638d-4c78-9335-6115e9fdcc39
x-envoy-upstream-service-time: 19
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a6e0042d-638d-4c78-9335-6115e9fdcc39
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.humansecurity.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-fd6fb8679-smrrp
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 833d06f869632183-MAD

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 231ms
123ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.humansecurity.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 833d06f77fd62183-MAD
content-length: 0
content-type: application/octet-stream
date: Mon, 11 Dec 2023 10:26:04 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-fd6fb8679-smrrp
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 058be8ee-f157-4bab-9258-1885355c67c5
x-request-id: 058be8ee-f157-4bab-9258-1885355c67c5

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
444 B 282ms
219ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6d437eab4e6ca18ad217ea9a8434aa3151574f11d142759aaf67394a0080dc25

Request headers

visited_url: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
Authorization: Bearer a6151318a91681741142
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
via: 1.1 98a649570d251d2758f5b0b084e2a774.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-amz-cf-pop: MAD53-P3
x-powered-by: Express
etag: W/"cb-PRYoIJ8hbRNgXQ6RZeN9lnXzdKg"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 833d06f948cb1bb4-MAD
x-amz-cf-id: gTavQi1_f4fFLV1y6F19At3mjPZNsyBk1-tA8_o0EpH-ifEv84oCVQ==
apigw-requestid: PxiFfiaxPHcESig=

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 303ms
203ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: PxiFcgowvHcESQQ=
cf-cache-status: DYNAMIC
cf-ray: 833d06f77d381bb4-MAD
date: Mon, 11 Dec 2023 10:26:04 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 4fe08c05b7ff5ae3c519e29292acc772.cloudfront.net (CloudFront)
x-amz-cf-id: esgpTWRCUPk3ZpJKlqnH5NYEzJFQnRNovKFy4uT4VDUInjoU__cDTg==
x-amz-cf-pop: MAD53-P3
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202303.2.0/assets/ 13 KB
3 KB 58ms
32ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.2.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: pRHDWyQMLvXwKY458EnqRw==
age: 70095
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3019
x-ms-lease-status: unlocked
last-modified: Tue, 16 May 2023 03:39:45 GMT
server: cloudflare
etag: 0x8DB55BF315FAED9
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: d02713e6-a01e-006b-348f-22be77000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06f74e9d2faf-MAD

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202303.2.0/assets/v2/ 61 KB
12 KB 59ms
34ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: obw5M94dAr0Gi2p2lbQQ/g==
age: 70095
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12544
x-ms-lease-status: unlocked
last-modified: Tue, 16 May 2023 03:39:48 GMT
server: cloudflare
etag: 0x8DB55BF32AEE4B7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0537a9fe-c01e-0099-3adb-12463e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06f74ea02faf-MAD

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202303.2.0/assets/ 21 KB
4 KB 60ms
35ms Fetch
text/css 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 70095
x-ms-lease-status: unlocked
last-modified: Tue, 16 May 2023 03:39:56 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 008b0490-e01e-0018-5d64-23e6e4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 833d06f74ea32faf-MAD

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 8FE5 869 B
657 B 326ms
104ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=871a2f1695e24be0b2ff2c9ca0187a70cbfd58a1

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.979019d93e57e124a0ac3dd81bd32027.html?origin=https%3A%2F%2Fwww.humansecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-response-time: 103
date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Mon, 11 Dec 2023 10:26:04 GMT
server: tsa_f
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 3fa844332d1445d3
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 85f0b09f02d7aa1894e3b79454262e2ec719572603627e35fc2ca2c050ecb1e2
content-length: 337

POST
H2 204 collect
region1.analytics.google.com/g/ 0
258 B 272ms
42ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-59DHKRCY6M&gtm=45je3bt0v881684866z8830094232&_p=1702290362840&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=6960982.1702290364&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1702290364&sct=1&seg=0&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2094
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-59DHKRCY6M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 274ms
44ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-59DHKRCY6M&cid=6960982.1702290364&gtm=45je3bt0v881684866z8830094232&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-59DHKRCY6M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
107 B 309ms
81ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-59DHKRCY6M&cid=6960982.1702290364&gtm=45je3bt0v881684866z8830094232&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1774044571

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 48ms
33ms Image
image/svg+xml 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 26959
x-ms-lease-status: unlocked
last-modified: Thu, 07 Dec 2023 03:26:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 716dae57-a01e-006b-18c9-28be77000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 833d06f86a952195-MAD

GET
H2 200 7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 82ms
67ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600;700;800&family=Barlow:wght@300;400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.humansecurity.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 01:09:44 GMT
x-content-type-options: nosniff
age: 206180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21796
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:35:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 Dec 2024 01:09:44 GMT

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
489 B 72ms
0ms Fetch
image/svg+xml 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 70094
x-ms-lease-status: unlocked
last-modified: Thu, 07 Dec 2023 03:26:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a73b8882-e01e-0008-0bd3-28238c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 833d06f8a8c82faf-MAD

GET
H2 200 HUMAN_logo_horiz_black.jpg
cdn.cookielaw.org/logos/bdc406fe-f273-4909-9374-53fa72f05678/f00e5254-ffda-4283-935d-86b9a91dc6c1/2bf04d17-0bd6-46fa-8a3b-648dbd5086cf/ 108 KB
108 KB 124ms
30ms Image
image/jpeg 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/bdc406fe-f273-4909-9374-53fa72f05678/f00e5254-ffda-4283-935d-86b9a91dc6c1/2bf04d17-0bd6-46fa-8a3b-648dbd5086cf/HUMAN_logo_horiz_black.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31bffb649cd812a3e720b1838c910fe359aef60c46ec91149d895dc23708768d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: NhqNgvFSsXYG+FRFrroJLA==
age: 48486
content-length: 110133
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Thu, 20 Apr 2023 19:26:36 GMT
server: cloudflare
etag: 0x8DB41D5282227E0
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 471ce7a1-101e-007e-7494-13a9c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 833d06f92bb02195-MAD

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 158ms
64ms Image
image/svg+xml 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 22130
x-ms-lease-status: unlocked
last-modified: Mon, 11 Dec 2023 03:29:18 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 5d928c3f-b01e-0093-02e5-2be289000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 833d06f92bb52195-MAD

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 122ms
37ms Script
application/javascript 2a02:26f0:3500:16::215:1484
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1484 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Dec 2023 09:10:48 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=81956
accept-ranges: bytes
content-length: 15541

GET
H2 200 modules.0ef46a83101151841364.js Show response
script.hotjar.com/ 218 KB
55 KB 298ms
86ms Script
application/javascript 13.32.27.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0ef46a83101151841364.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3389720.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-19.fra56.r.cloudfront.net

Software

Resource Hash

72d0e968a2bc13b2b3af3a39d1aa6f240e37b3054feaf1ca31b18399974111fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:44:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b25bc331cb2e5e7e25d9488f5ecdc940.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 326517
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55456
last-modified: Thu, 07 Dec 2023 15:44:01 GMT
etag: "4f152a0a4d20e1d992c5c15c49e98463"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: VdFJ0PK7WamKprKp7ppSOrM2xCfoQg3MhpS8Z3s1ARK7XrBngMjTOw==

GET
H2 200 /
www.google.com/pagead/1p-user-list/878225418/ 42 B
455 B 305ms
94ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/878225418/?random=1702290363821&cv=11&fst=1702288800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v830094232&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&ref=https%3A%2F%2Fgo.humansecurity.com%2F&frm=0&tiba=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_0b2_z76Ol0JqBcnDBaFTecC4SsnclQ&random=1031186785&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.es/pagead/1p-user-list/878225418/ 42 B
455 B 172ms
76ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/pagead/1p-user-list/878225418/?random=1702290363821&cv=11&fst=1702288800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v830094232&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&ref=https%3A%2F%2Fgo.humansecurity.com%2F&frm=0&tiba=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_0b2_z76Ol0JqBcnDBaFTecC4SsnclQ&random=1031186785&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
212 B 113ms
54ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1661008431&t=pageview&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&ul=en-us&de=UTF-8&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgEABAAAAACAEK~&jid=1142615546&gjid=1774917932&cid=6960982.1702290364&tid=UA-111948466-2&_gid=1570583363.1702290364&_slc=1&gtm=45He3bt0n81KVP42DDv830094232&cd7=2023-12-11T10%3A26%3A03.815%2B00%3A00&cd8=5ee920a3-2ea0-4f2c-b798-d4ad4e0ab217&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd3=6960982.1702290364&z=1548757518

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
353 B 102ms
43ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-111948466-2&cid=6960982.1702290364&jid=1142615546&gjid=1774917932&_gid=1570583363.1702290364&_u=YCDAgEABAAAAAGAEK~&z=651452950

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK clear.js Show response
s.cdnsynd.com/2/259353/ 5 KB
3 KB 429ms
80ms Script
text/javascript 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cdnsynd.com/2/259353/clear.js?dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KVP42DD

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-59-119.eu-west-1.compute.amazonaws.com

Software

Resource Hash

6e1505eae592a3d9a5490564b50bdcf00d5efc11094cfa43168a23f332e5d57d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Dec 2023 10:26:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 2477
Expires: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
83 B 100ms
65ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1661008431&t=pageview&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&ul=en-us&de=UTF-8&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAAEABAAAAAGAEK~&jid=1906387310&gjid=356258313&cid=6960982.1702290364&tid=UA-111948466-3&_gid=1570583363.1702290364&_r=1&_slc=1&gtm=45He3bt0n81KVP42DDv830094232&cd1=6960982.1702290364&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd2=Human&z=1978485596

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

067536b3f91d4c08a72a02644605c37436afe7b1e60e0e251f298d5ccb082e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 137ms
79ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 17 B
311 B 317ms
72ms XHR
text/html 2a02:26f0:3500:14::1724:a244
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:14::1724:a244 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ea168cce033e7328a08c52790ce8f5a04e28867636e44c6082d5b2f58348cfcd

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.humansecurity.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:23:d::10
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1702290364586_388276228_1089511356_24_1151_59_124_219";dur=1
content-length: 17
expires: Mon, 11 Dec 2023 10:26:04 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 368ms
320ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 366ms
319ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2220d60e1303ace3bf5d3a031877ae81bd%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%220d406420db5f6e6d2e1be79267cc2b18e3de7e44%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
361 B 455ms
125ms XHR
application/json 54.165.123.166
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDUxMzV9.H2JT8UA8cynPbW9zXcx95AgvYUvFrlnYRFPelG2PReM

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.165.123.166 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-165-123-166.compute-1.amazonaws.com

Software

Resource Hash

1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 7145ba869a47163020cedddf67a9266a

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 122ms
95ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111948466-2&cid=6960982.1702290364&jid=1142615546&_u=YCDAgEABAAAAAGAEK~&z=1626547039

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
107 B 124ms
101ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-111948466-2&cid=6960982.1702290364&jid=1142615546&_u=YCDAgEABAAAAAGAEK~&z=1626547039

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 228 KB
81 KB 152ms
144ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-474QF6N3NS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

30dc88715a549e37c45bb2d7e9ae907abe573735a1695cb48367749bdbfdde32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82984
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 11 Dec 2023 10:26:04 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 148ms
142ms Script
application/x-javascript 184.31.85.59
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-85-59.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Mon, 11 Dec 2023 10:26:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Wed, 20 Mar 2024 10:26:04 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
622 B 454ms
256ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 11 Dec 2023 10:26:03 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: E34E0FF859A0463DA45CEB5155A1E229 Ref B: LON04EDGE0622 Ref C: 2023-12-11T10:26:04Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.humansecurity.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYMOVx/puCpekxoABHYNg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeo...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-take...

0
482 B

397ms
223ms

Image
application/javascript

13.107.43.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&tm=gtmv2&cookiesTest=true&e_ipv6=AQKQyULYltoRIgAAAYxYaZvgqSlGaxh70Id5A0cbcjsXKa_torKHvQh6lWDy6Sf1--1V
Requested by: Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Protocol: H2
Server: 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 77ADF48487D04865BFFACCCB9A8E268F Ref B: LON212050703003 Ref C: 2023-12-11T10:26:05Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lor1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMOVyQ46/qiFU4iX01oQ==

Redirect headers

date: Mon, 11 Dec 2023 10:26:04 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: F9F366097ECE4657B374F1AC8B7AC7DE Ref B: LON04EDGE0622 Ref C: 2023-12-11T10:26:05Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1755754%2C5211716&time=1702290364522&url=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&tm=gtmv2&cookiesTest=true&e_ipv6=AQKQyULYltoRIgAAAYxYaZvgqSlGaxh70Id5A0cbcjsXKa_torKHvQh6lWDy6Sf1--1V
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMOVyIyTIpbjI50ZMOjA==

POST
H2 200 collector Show response
collector-pxxdhgmtcm.px-cloud.net/api/v2/ 540 B
788 B 284ms
102ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: bf1ae1c225ebbb05f710484ef8470f3016ee1d63f8a9d86a1d45f9d33648215e

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 722 B
672 B 232ms
71ms XHR
application/json 18.157.106.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.106.205 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-106-205.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 452089a0c146eb83ebee550ce36ec3f9038f4dc2dec671b2f948635174868370

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
Authorization: Token 0d406420db5f6e6d2e1be79267cc2b18e3de7e44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
X-6s-CustomID: WebTag1.0 20d60e1303ace3bf5d3a031877ae81bd

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.humansecurity.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 384

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 266ms
76ms Preflight 18.157.106.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.106.205 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-106-205.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.humansecurity.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Mon, 11 Dec 2023 10:26:04 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a

POST
H2 200 collector Show response
collector-pxf69i9fy8.px-cloud.net/api/v2/ 564 B
812 B 250ms
138ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 14d51db90349386929d320832c984e3aed1658975ce84f789977ae86c055d8f0

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 564

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 86 KB
27 KB 195ms
87ms Script
application/javascript 2606:4700::6810:880f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe92edba1f5990d76e1817f250ee4aae144f4efa95b676733bdd4391f2b74cf1

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:04 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 3041
x-guploader-uploadid: ABPtcPplfCABf0JFT7m5FCXFJbFQljBm7nTCYizFeOksG--9j-4KdvckREHMz46rjXew4HrfGh2qR86OxW9uPPwS
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 02 Nov 2023 11:05:05 GMT
server: cloudflare
etag: W/"bbabfd4493e8cf8aafea99a2f70825c0"
x-goog-hash: crc32c=4scEgA==, md5=u6v9RJPoz4qv6pmi9wglwA==
x-goog-generation: 1698923105172059
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 87554
cf-ray: 833d06fcbbaa0419-MAD
expires: Mon, 11 Dec 2023 10:35:23 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/650492e79cc5e659a2211991/ 3 KB
2 KB 367ms
320ms Fetch
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/650492e79cc5e659a2211991/?iszitag=true

Requested by

Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9b48bb522052a300ba7d552a9aa8aef1b2604c8d05bdf4c17be6c448b79514fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
_vtok: MTg1LjE4My4xMDYuMTQ3
_zitok: f6cef1011ae84bad6b031702290364
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/javascript

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
cf-ray: 833d06fe3e660419-MAD
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/650492e79cc5e659a2211991/ Frame 0
0 298ms
194ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/650492e79cc5e659a2211991/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.humansecurity.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 833d06fcb989214d-MAD
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 11 Dec 2023 10:26:05 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 304ms
302ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A23%3Ad%3A%3A10%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 200
OK visitWebPage
001-vjx-104.mktoresp.com/webevents/ 2 B
318 B 1071ms
224ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://001-vjx-104.mktoresp.com/webevents/visitWebPage?_mchNc=1702290364854&_mchCn=&_mchId=001-VJX-104&_mchTk=_mch-humansecurity.com-1702290364852-71856&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&_mchHo=www.humansecurity.com&_mchPo=&_mchRu=%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Fgo.humansecurity.com%2F&_mchQp=utm_source%3Dnewsletter__-__utm_medium%3Demail__-__utm_campaign%3Dcyber_newsletter_december_2023__-__mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Mon, 11 Dec 2023 10:26:05 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 17138be5-ba66-4b52-a8e1-06b85876027f

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 336ms
31ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-474QF6N3NS&gtm=45je3bt0v9124658847&_p=1702290362840&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=6960982.1702290364&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&sid=1702290365&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&ep.ua_dimension_1=6960982.1702290364&ep.ua_dimension_2=Human&tfd=3352
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-474QF6N3NS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
468 B 306ms
87ms XHR
application/json 54.165.123.166
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.165.123.166 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-165-123-166.compute-1.amazonaws.com

Software

Resource Hash

967c6a7d025f54e95c413d03d25d90235b92f87eb1ad005bd8eaae354d6581ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 86d02df7173c40b070fd38e6a2bea208

HEAD
H2 200 main.min.js Show response
client.px-cloud.net/PXf69I9fY8/ 0
217 B 291ms
59ms XHR
application/javascript 2a02:26f0:3500:11::215:14d3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:11::215:14d3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
content-encoding: gzip
etag: "28f50-TaegBk2UApOhGL50s6Mr0Qu6EgY"
active-cdn: Akamai
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
content-length: 74784

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 148ms
72ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1661008431&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&ul=en-us&de=UTF-8&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aCDAgEABAAAAAGAEK~&jid=&gjid=&cid=6960982.1702290364&tid=UA-111948466-2&_gid=1570583363.1702290364&gtm=45He3bt0n81KVP42DDv830094232&cd6=GA1.2.6960982.1702290364&cd7=2023-12-11T10%3A26%3A05.500%2B00%3A00&cd8=c6a0201f-e0d4-4f31-bb01-6869c8748aa2&cd9=&cd10=Spain&cd11=&cd12=&cd13=&cd14=&cd15=&cd16=&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd3=6960982.1702290364&z=1315771110

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Dec 2023 22:27:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 43103
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 301ms
81ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?oz_pl=1&ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&psv=2.114.0&_x=1
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/259353/clear.js?dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:05 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.cdnsynd.com/2/2.114.0/ 143 KB
46 KB 99ms
66ms Script
text/javascript 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.cdnsynd.com/2/2.114.0/main.js

Requested by

Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/259353/clear.js?dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-59-119.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d5bc138067a2781010f4379923378f1db694dbeeb9238426d0eac6ceab8f4745

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Mon, 11 Dec 2023 10:26:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Timing-Allow-Origin: *
Content-Length: 46164
Expires: Thu, 19 Aug 2055 05:26:40 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 291ms
228ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A04%20GMT%22%2C%22timeSpent%22%3A%221230%22%2C%22totalTimeSpent%22%3A%221230%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 190ms
189ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.humansecurity.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 833d0702bc4a214d-MAD
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 11 Dec 2023 10:26:06 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 50 KB
4 KB 213ms
209ms Fetch
application/json 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

79d3d292a656bc884d2880f88465f2f98d4baef5f5b8e2fd1791c92a427e4d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
Authorization: bearer 3a88c8f1a27e4f0ec92016da0338ac
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 11 Dec 2023 10:26:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
etag: W/"c795-7/YL1472AMTkg9z00V2bfqgJCmU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
cf-ray: 833d070458ab0419-MAD
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
alt-svc: h3=":443"; ma=86400

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 394ms
138ms XHR
application/json 46.51.146.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0ef46a83101151841364.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 46.51.146.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-146-14.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: fea2e9af65a5c7e2a9d0ada4cdb86769e377f9bf6c7f52c281e31e8a379b4849

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 11 Dec 2023 10:26:06 GMT
content-length: 56
vary: Origin
content-type: application/json

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 103ms
72ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?oz_pl=1&ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&psv=2.114.0&_x=1
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/259353/clear.js?dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:06 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 183ms
75ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&sid=AmxDybgEEAKU7Dqn&oz_sc=24f1cc56835a724e93eb049a&oz_df=1702290366058&oz_l=4083&cv=3
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/2.114.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:06 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
610 B 167ms
156ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=36100877&v=1.1&a=3400937&pi=146473801740&ct=blog-post&ccu=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware&cpi=146473801740&cgi=5249379964&lpi=146473801740&lvi=146473801740&lvc=en-us&r=https%3A%2F%2Fgo.humansecurity.com%2F&pu=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&t=HUMAN+Satori+Threat+Intelligence+Alert%3A+Account+Takeover+Attacks+Use+ScrubCrypt+to+Deploy+RedLine+Stealer+Malware&cts=1702290366134&vi=b17c4e288cfd5256dc12919b7f811238&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b6d8bb60-92b3-4bc4-aa06-357d33b644ca
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b6d8bb60-92b3-4bc4-aa06-357d33b644ca
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJYeQ%2BA4awCAKocXexX1VJ6SftOHBbp3gk8NYgyd8Loras8Xew%2BDypbCLyBvujfENcNaZEpfDaDvvnrts3YU7pSV7WicrdwsUdDw3Rfl0lVHxf6BzzMIhj3hF0he5qa8LpAQRy4k7WUuwgNghMz9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7556df69f8-fs5zv
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 833d07049b4a5e16-MAD
x-robots-tag: none

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 88ms
88ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1661008431&t=timing&_s=2&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&ul=en-us&de=UTF-8&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=4013&pdt=5&dns=0&rrt=0&srt=403&tcp=70&dit=1177&clt=1186&_gst=1765&_gbt=2225&_u=aCDAgEABAAAAAGAEK~&jid=&gjid=&cid=6960982.1702290364&tid=UA-111948466-2&_gid=1570583363.1702290364&gtm=45He3bt0n81KVP42DDv830094232&cd7=2023-12-11T10%3A26%3A03.815%2B00%3A00&cd8=5ee920a3-2ea0-4f2c-b798-d4ad4e0ab217&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd3=6960982.1702290364&z=92917013

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 10 Dec 2023 22:27:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 43104
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collector Show response
collector-pxxdhgmtcm.px-cloud.net/api/v2/ 680 B
736 B 103ms
102ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6c6dc9fa98ce96db86f46a702a17bba99e6dab3c2fe5c56c966bc55c45cc2f05

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 680

POST
H2 200 collector Show response
collector-pxf69i9fy8.px-cloud.net/api/v2/ 32 B
87 B 129ms
95ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9d566b192360997a512a9281ee01a72109779a20c0d85dfa43d8a860034988a9

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:05 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

GET
H2 200 header-lazy.min.css
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115388248694/1693233179090/humansecurity-hs/assets/css/ 61 KB
6 KB 147ms
71ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115388248694/1693233179090/humansecurity-hs/assets/css/header-lazy.min.css
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5e4a681d78460f3d111260c3d35ed438143a43f7312e3ced0dd24fd14f932d7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 609237
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c7af65fdafb1c97be95752b8b567ed3a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1693233179942
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 46fa4308-9e82-40bb-a645-e0720b437676
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 256
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 46fa4308-9e82-40bb-a645-e0720b437676
last-modified: Mon, 28 Aug 2023 14:33:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcIqlcEXbLVuchrK9CLBrZT1ptYBT3v5jadaa2xLWiRGuAX9basanKjaJt%2FyzDsbPlUvv4yFftjg2Gynqa5bGU%2BS7xB2LbCYn9j6zLE251ekuhtihLMLZ10G5dh5ujhR8u2Ql4ES1dkA1IDQYDs%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 833d0705fdb72fcb-MAD

GET
H2 200 footer.min.css
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115387395449/1693233183077/humansecurity-hs/assets/css/ 21 KB
3 KB 148ms
76ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115387395449/1693233183077/humansecurity-hs/assets/css/footer.min.css
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46043be637afe914e3a575c2921cd2904b2c4b59388128ed10625628402d46a6

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 412190
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b4d88ed60cd8e0f1e827de88fcfcc1e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1693233183807
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:06 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 040573df-4bf0-43c3-b8b1-3967b12d33f3
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 146
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 040573df-4bf0-43c3-b8b1-3967b12d33f3
last-modified: Mon, 28 Aug 2023 14:33:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzTPr1dQzaP9vwOgR02DglueuUjspGU010P01ePo%2B4Wujnd4dTpO6sS4vIOUX9%2F5D6jTMT4%2BEenISN0bhdeNWNyX%2F4lT2sdXx21Ntw%2Bdb7Xt8S21iKIbWH5B9EcynAAf5VE45Rn62x4ubzidWrA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-fbf687555-cks9m
cf-ray: 833d0705fdb12fcb-MAD

GET
BLOB 200
OK 0d573998-019c-49ab-98c2-a903d60f6a4a
https://www.humansecurity.com/ Frame C5E9 186 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.humansecurity.com/0d573998-019c-49ab-98c2-a903d60f6a4a
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06

Request headers

accept-language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 186
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 134ms
134ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&sid=AmxDybgEEAKU7Dqn&oz_sc=24f1cc56835a724e93eb049a&oz_df=1702290366424&oz_l=18130&cv=3
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/2.114.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:06 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
BLOB 200
OK 1b6e12f5-cdae-427a-affd-e32bd1ee607f
https://www.humansecurity.com/ 817 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.humansecurity.com/1b6e12f5-cdae-427a-affd-e32bd1ee607f
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8259342bf37dc4c2fe86208d51e17adc82a0fca2bfa818a7b284a30604c0a17d

Request headers

accept-language: es-ES,es;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 817
Content-Type

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 260ms
260ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A05%20GMT%22%2C%22timeSpent%22%3A%221123%22%2C%22totalTimeSpent%22%3A%222353%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:07 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 69ms
68ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&sid=AmxDybgEEAKU7Dqn&oz_sc=24f1cc56835a724e93eb049a&oz_df=1702290366800&oz_l=8715&cv=3
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/2.114.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:06 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3 200 collector Show response
collector-pxxdhgmtcm.px-cloud.net/api/v2/ 116 B
134 B 80ms
79ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c00013e6310558fce4e8a7417fae2523dd2a3a78a266ce47a81bd8334bb1f6b5

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:06 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 66ms
65ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&sid=AmxDybgEEAKU7Dqn&oz_sc=24f1cc56835a724e93eb049a&oz_df=1702290367080&oz_l=72&cv=3
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/2.114.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:06 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3 200 collector Show response
collector-pxf69i9fy8.px-cloud.net/api/v2/ 9 B
28 B 525ms
524ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: eaeff84ff8ea102cf7d7295f2823143a72751c866487584fc0e4ae91733c03a3

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:07 GMT
via: 1.1 google
access-control-allow-methods: HEAD,GET,POST,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: false
timing-allow-origin: *
access-control-allow-headers: authorization
content-length: 9
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 258ms
257ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A06%20GMT%22%2C%22timeSpent%22%3A%221025%22%2C%22totalTimeSpent%22%3A%223378%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:08 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 fullcircle.js Show response
d2i34c80a0ftze.cloudfront.net/ 32 KB
11 KB 184ms
62ms Script
application/json 2600:9000:2490:4400:9:14eb:6280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=c05754bf-2b15-4935-b7c4-cf576218c528&domain=humansecurity.com
Requested by: Host: www.humansecurity.com
URL: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:4400:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 88e7b0718f584603ca29ed368567c07f629f1012e0e4972c3fd95db2e339504d

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 17:56:05 GMT
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront), 1.1 149b1af6ad8d2c0fedea82bfb1c29c66.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-C1, FRA56-P6
age: 59403
x-amzn-requestid: 96941a67-c9e0-4b30-8349-22a94b93f409
x-amzn-trace-id: Root=1-6575fbb4-596401831c16533476fddfee;Sampled=0;lineage=be50798f:0
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: PvREUEZUPHcEZ2A=
x-amz-cf-id: jh3XFESRPQndt5aHWStPFxb0eYYZo61GtCS7ZyJIlnLfG344aY6Bcg==

GET
H2 200 app.js Show response
acsbapp.com/apps/app/dist/js/ 292 KB
89 KB 234ms
161ms Script
application/javascript 2606:4700:10::ac43:b9b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acsbapp.com/apps/app/dist/js/app.js
Requested by: Host: go.humansecurity.com
URL: https://go.humansecurity.com/MDAxLVZKWC0xMDQAAAGP5IZHGQJkzzpYN38SHIjuMRC9hPboTk89gYtNVWMeuBSgpDyNTYogqaqJgDuRvEwztey58ls=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:b9b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7ad9ef29521b219b0793b3d0b2e664e818fe2a430e6ce7626a441eec106a3f4

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:08 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: ABPtcPo44yjdhX4tgWSxP3CAJt7cdubSFfUnRsVNX4PxyU_abSeFFAGEAja2ISwXpFNVRlz1-HCh8M_qJmqRYDtZ2LublA
x-goog-storage-class: STANDARD
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Sun, 10 Dec 2023 10:32:20 GMT
server: cloudflare
etag: W/"06e64873d2724b354f763b4d87a11d9e"
vary: Accept-Encoding
x-goog-generation: 1702204340583789
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=kc4CSQ==, md5=BuZIc9JySzVPdjtNh6Edng==
access-control-expose-headers: *
cache-control: public, max-age=300, must-revalidate
x-goog-stored-content-length: 299034
cf-ray: 833d07117b188680-MAD
expires: Tue, 10 Dec 2024 10:26:08 GMT

GET
H2 200 body.min.css
cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/99901597287/1701277810031/humansecurity-hs/assets/css/ 132 KB
16 KB 58ms
56ms Stylesheet
text/css 2606:4700::6810:6dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/99901597287/1701277810031/humansecurity-hs/assets/css/body.min.css
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3400937/hub_generated/template_assets/115307132989/1698698445616/humansecurity-hs/punch/assets/js/lazy-loading.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6dd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f6c21e5e8208f780c560b8f470e6013685b09a5f5feb523d179cef56f13455a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 609241
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a5e905fe7c2c0c6c4ed61bca6e9ab228"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1701277811474
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 11 Dec 2023 10:26:08 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: fc776e31-4b1d-499c-803a-3bd6e96ab438
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 186
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: fc776e31-4b1d-499c-803a-3bd6e96ab438
last-modified: Wed, 29 Nov 2023 17:10:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYVX2EeYJvdpjtPYUPxjeFwICvWFAg0b%2FlxQuducxQIATglUZ4GPMFQcLsDN1IGovJMR3CLlVZDEL4f5jUs9d%2BUIcm0iWi9PdkJlbFXriCJ3%2FkwZRLb9ZBbfKOCSE2DqbNWzmpSX6sbJ2Q1Y%2B3A%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5896745bbb-7fw4c
cf-ray: 833d071109412fcb-MAD

POST
H2 200 create Show response
st.fullcircleinsights.com/v1/visitors/ 2 KB
2 KB 528ms
527ms XHR
application/json 143.204.215.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Requested by: Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=c05754bf-2b15-4935-b7c4-cf576218c528&domain=humansecurity.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-84.fra53.r.cloudfront.net
Software: /
Resource Hash: 72a84c658fd6c06c015c307a262351420c049dabecca3e463ddb28fbb6a42443

Request headers

origin-fci: https://www.humansecurity.com
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
js-version: 1.0.59
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
x-api-key: zCJpG9ai2q4CdEz1TtZtE8XZaM9NCVR329XSil6T
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 11 Dec 2023 10:26:09 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-6576e3c1-0e758eaa3d4ef02915c75516;Sampled=0;lineage=7c392b7c:0
x-amzn-requestid: bca4994b-da1d-44a7-bfe9-c08ae8a57f01
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.humansecurity.com
x-amz-apigw-id: PxiGQGVKPHcEHZg=
content-length: 1766
x-amz-cf-id: tIywbNKF5TGjAjUXv0iWCr-eAZNRrBvYOnaqqJaII9_ifln4saTXNg==

OPTIONS
H2 200 create
st.fullcircleinsights.com/v1/visitors/ Frame 0
0 628ms
510ms Preflight
application/json 143.204.215.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-84.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.humansecurity.com
content-length: 1
content-type: application/json
date: Mon, 11 Dec 2023 10:26:08 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: PxiGLE3qvHcEkKQ=
x-amz-cf-id: bPRwoI7eQDcktiLyIVUb9iEcR5-THL-WWplL5fBFAaoZX5b1MPePjA==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: dd6e0b5e-8b51-4714-ae0d-1c7364fc02b4
x-cache: Miss from cloudfront

GET
H2 200 config.json Show response
cdn.acsbapp.com/config/humansecurity.com/ 162 B
715 B 118ms
48ms Fetch
application/json 2606:4700:10::6816:cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acsbapp.com/config/humansecurity.com/config.json
Requested by: Host: acsbapp.com
URL: https://acsbapp.com/apps/app/dist/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75b25c896371975d8bcbc232a1da89c617f8f60de43d4476a7c4abfd9bdfc282

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:08 GMT
content-encoding: br
cf-cache-status: HIT
age: 0
x-guploader-uploadid: ABPtcPrACuQiUCeVONaY1e9oXa86Lgxcm5w74Kuz9FeqJ2PT8Ke31R3Gxe_02pM5Y7AQd6iA4NiPyFZksGsnD3DhCC8tPA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
last-modified: Fri, 10 Feb 2023 17:50:37 GMT
server: cloudflare
etag: W/"cc224a5953c564eb6d66a61c2c6ac737"
vary: Accept-Encoding
x-goog-hash: crc32c=7UxkCA==, md5=zCJKWVPFZOttZqYcLGrHNw==
x-goog-generation: 1676051436985700
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=300, must-revalidate
x-goog-stored-content-length: 162
cf-ray: 833d071378b52145-MAD
expires: Tue, 10 Dec 2024 10:26:08 GMT

POST
H3 200 collector Show response
collector-pxxdhgmtcm.px-cloud.net/api/v2/ 116 B
134 B 91ms
91ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 8a8eaa9ea5cc85ddfb0d8a6d8963dd3a67dbf9a916c60a37fee3e6a5a0ffd976

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:08 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 295ms
294ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A07%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224380%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:09 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 collector Show response
collector-pxf69i9fy8.px-cloud.net/api/v2/ 32 B
49 B 130ms
129ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9d566b192360997a512a9281ee01a72109779a20c0d85dfa43d8a860034988a9

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:08 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

OPTIONS
H2 200 queue
st.fullcircleinsights.com/v1/visits/ Frame 0
0 492ms
491ms Preflight
application/json 143.204.215.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-84.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.humansecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.humansecurity.com
content-length: 1
content-type: application/json
date: Mon, 11 Dec 2023 10:26:09 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-apigw-id: PxiGVHK7PHcEPzQ=
x-amz-cf-id: bFwL-ZSTBetGQeASFXTJRtwBJpqVOJjYoqJTvW1VGUEj3rjs1OqrNQ==
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 6d487291-dcd4-4b72-a54d-8b23c8fa55cc
x-cache: Miss from cloudfront

POST
H2 200 queue Show response
st.fullcircleinsights.com/v1/visits/ 3 KB
3 KB 541ms
540ms XHR
application/json 143.204.215.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Requested by: Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=c05754bf-2b15-4935-b7c4-cf576218c528&domain=humansecurity.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-84.fra53.r.cloudfront.net
Software: /
Resource Hash: 43fb1df1be08da9f4abca1e33588969c1f5fb8496f4fa7189bcb0ad071ca5618

Request headers

origin-fci: https://www.humansecurity.com
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
js-version: 1.0.59
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
x-api-key: zCJpG9ai2q4CdEz1TtZtE8XZaM9NCVR329XSil6T
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 11 Dec 2023 10:26:10 GMT
via: 1.1 f960fa0538fdb326fc338e984fa7ece8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-trace-id: Root=1-6576e3c2-4418bf9555ab8c955388b5a3;Sampled=0;lineage=adebd93c:0
x-amzn-requestid: 925e4556-1b26-4ef0-b2ab-25ee1de1c523
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://www.humansecurity.com
x-amz-apigw-id: PxiGaEBOPHcEB0w=
content-length: 2866
x-amz-cf-id: sEQtUAzqI6j_HZsHZff5Nq3Ge8OihjPJQRGgjd3EGO_AdMoY7fuApA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 316ms
315ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A08%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225381%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:10 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 collector Show response
collector-pxf69i9fy8.px-cloud.net/api/v2/ 32 B
49 B 82ms
82ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxf69i9fy8.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXf69I9fY8/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9d566b192360997a512a9281ee01a72109779a20c0d85dfa43d8a860034988a9

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:09 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

POST
H3 200 collector Show response
collector-pxxdhgmtcm.px-cloud.net/api/v2/ 116 B
134 B 106ms
106ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxxdhgmtcm.px-cloud.net/api/v2/collector
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PXxDhGmtcm/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 3a1227a5a0f24e085cb4edd9e520a4fb4b5001e3f61ff2a2a15233bbca621785

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 11 Dec 2023 10:26:09 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.humansecurity.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 53ms
51ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-59DHKRCY6M&gtm=45je3bt0v881684866z8830094232&_p=1702290362840&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=6960982.1702290364&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&sid=1702290364&sct=1&seg=0&dl=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&dr=https%3A%2F%2Fgo.humansecurity.com%2F&dt=HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware&en=6sense&ep.company_name=&ep.country=Spain&ep.domain=&ep.employee_range=&ep.industry=&ep.region=&ep.revenue_range=&ep.segments=&_et=1406&tfd=8521
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-59DHKRCY6M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:26:10 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.humansecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 255ms
255ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A09%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%226383%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:11 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 65ms
65ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&sid=AmxDybgEEAKU7Dqn&oz_sc=24f1cc56835a724e93eb049a&oz_df=1702290371658&oz_l=419&cv=3
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/2.114.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:11 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
483 B 351ms
351ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=20d60e1303ace3bf5d3a031877ae81bd&svisitor=null&visitor=dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6&session=7ddf8888-a904-4f51-83a2-88ae8a852f38&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2011%20Dec%202023%2010%3A26%3A10%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%227385%22%7D&isIframe=false&m=%7B%22description%22%3A%22HUMAN%27s%20Satori%20Threat%20Intelligence%20Team%20uncovers%20a%20new%20build%20of%20ScrubCrypt%20used%20in%20account%20takeover%20attacks.%20Learn%20how%20this%20obfuscation%20tool%20is%20deployed%20to%20deploy%20RedLine%20Stealer%20malware.%20Find%20out%20how%20HUMAN%20stopped%20the%20attack%20and%20protects%20customers%20from%20such%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22HUMAN%20Satori%20Threat%20Intelligence%20Alert%3A%20Account%20Takeover%20Attacks%20Use%20ScrubCrypt%20to%20Deploy%20RedLine%20Stealer%20Malware%22%7D&cb=&r=https%3A%2F%2Fgo.humansecurity.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&pageViewId=1227e4d2-4034-4659-86ba-db4ce983110a&v=1.1.12

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:26:12 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 200
OK postback Show response
s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/ 0
145 B 65ms
65ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.cdnsynd.com/2/2.114.0/259353/AmxDybgEEAKU7Dqn/postback?ci=259353&dt=2593531613684042609000&pd=mkt&gci=6960982.1702290364&gtr=UA-111948466-3&gdc=1&gdb=2&sid=AmxDybgEEAKU7Dqn&oz_sc=24f1cc56835a724e93eb049a&oz_df=1702290372203&oz_l=93&cv=3
Requested by: Host: s.cdnsynd.com
URL: https://s.cdnsynd.com/2/2.114.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.humansecurity.com/learn/blog/human-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware?utm_source=newsletter&utm_medium=email&utm_campaign=cyber_newsletter_december_2023&mkt_tok=MDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 11 Dec 2023 10:26:12 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.go.humansecurity.com/	1970-01-20 16:51:32	Name: __cf_bm Value: _zppReCew7K86duYIts1THApSpT5QwNG9nMzmlnksJo-1702290362-0-AcHzoMCOwbpmbDfxMwcUzdbX3rN8utrl/q9umKrgQtd2GIBdTW69VIWCBqGwTrV+7iA8mbj5odUmVlbzXWBtyMw=
.www.humansecurity.com/	1970-01-20 16:51:32	Name: __cf_bm Value: S9KuYStoTNj.Bu1mE_KOptkieoaaYvbRAEHIEQD4L5Q-1702290362-0-AcqFGe5Z+HAmv1n3nVuENcaA5PR41avUMP0FqSFU2yMAHvRFuMMj49zSusbqHMj46norsU10Rzv5VfAMG7vYqI4=
.www.humansecurity.com/	1969-12-31 23:59:59	Name: __cfruid Value: 60539cf883ab19ae059b28a7b1b383220f4533c5-1702290362
.hubspot.com/	1970-01-20 16:51:32	Name: __cf_bm Value: 6WLR2SE9hKY.mwdj6n3ErwAKoHu8ux2gPQWYRMS4F94-1702290363-0-AeFvKXepOGel+JDCOgaFUMa1320dYHDd8p5EgAKMv5E+tGojYibhtKw3L09J/yaxS2C2oVvmPdvpelvNMEZNl7I=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: .zFX6YAP7DPMAjlv0Q8ZDN2gqG73XAqnzDm8sLvvcao-1702290363563-0-604800000
.humansecurity.com/	1970-01-20 16:52:56	Name: _uetsid Value: afcad930980f11eebbe1d5ff03280461
.humansecurity.com/	1970-01-21 02:13:06	Name: _uetvid Value: afd7d0d0980f11ee868f6305e99e4aaa
.humansecurity.com/	1970-01-20 19:01:06	Name: _gcl_au Value: 1.1.194970871.1702290364
.bing.com/	1970-01-21 02:13:06	Name: MUID Value: 072AD0E22B996ECF1701C3062ABE6FF0
.doubleclick.net/	1970-01-20 16:51:31	Name: test_cookie Value: CheckForPermission
.www.humansecurity.com/	1970-01-21 01:37:06	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Dec+11+2023+10%3A26%3A04+GMT%2B0000+(Western+European+Standard+Time)&version=202303.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.humansecurity.com%2Flearn%2Fblog%2Fhuman-satori-threat-intelligence-alert-account-takeover-attacks-use-scrubcrypt-to-deploy-redline-stealer-malware%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_campaign%3Dcyber_newsletter_december_2023%26mkt_tok%3DMDAxLVZKWC0xMDQAAAGP5IZHGSrKngAm3BGWEs3noJazvheIMX5rsVbsdMQZzon3Jj5NTDKiXGqBqej5yOed14pA5Z4yflCXNNkp1H7vy9A1XMm3ACq23S-VSikwUGI5&groups=C0004%3A0%2CC0003%3A0%2CBG44%3A0%2CC0001%3A1%2CC0002%3A0
tracking.g2crowd.com/	1970-01-20 17:11:39	Name: _session_id Value: fbaf2d5ea002db6489db927b697e30af
.g2crowd.com/	1970-01-20 16:51:32	Name: __cf_bm Value: UbnK67TsMZs0WgrT0HCQWy6Un9gVaIbWwyzVhx_z1HU-1702290364-0-AfO1f4esYMb9Gi4DLN66cBbghaUprOYHJkWtJY6F7kKEgC8o4JQ2wBM0AR4vP7EL2SOs+WPfEfy1AbI69gyDejE=
.humansecurity.com/	1970-01-21 02:27:30	Name: _ga Value: GA1.2.6960982.1702290364
.humansecurity.com/	1970-01-20 16:52:56	Name: _gid Value: GA1.2.1570583363.1702290364
.humansecurity.com/	1970-01-20 16:51:30	Name: _dc_gtm_UA-111948466-2 Value: 1
.humansecurity.com/	1970-01-20 16:51:30	Name: _gat_UA-111948466-3 Value: 1
www.humansecurity.com/	1970-01-21 02:27:30	Name: _gd_visitor Value: dcd94c7f-d9de-4062-8ae4-d54a15e3a2d6
www.humansecurity.com/	1970-01-20 16:51:44	Name: _gd_session Value: 7ddf8888-a904-4f51-83a2-88ae8a852f38
.www.humansecurity.com/	1970-01-21 01:37:06	Name: _zitok Value: f6cef1011ae84bad6b031702290364
.6sc.co/	1970-01-21 02:27:30	Name: 6suuid Value: ce64110210951400bce37665e802000053a75c00
.humansecurity.com/	1970-01-21 02:27:30	Name: _mkto_trk Value: id:001-VJX-104&token:_mch-humansecurity.com-1702290364852-71856
.linkedin.com/	1970-01-20 19:01:06	Name: li_sugr Value: 91da7209-0e8c-4c45-b64d-3ca3095a899a
.humansecurity.com/	1970-01-20 16:51:32	Name: _hjFirstSeen Value: 1
.humansecurity.com/	1970-01-20 16:51:32	Name: _hjIncludedInSessionSample_3389720 Value: 1
.humansecurity.com/	1970-01-20 16:51:32	Name: _hjSession_3389720 Value: eyJpZCI6ImI5Njk2M2M5LTYxMGMtNDVkOS1iZGJiLWNkMzMyNDg3NzMzYyIsImNyZWF0ZWQiOjE3MDIyOTAzNjQ5MzksImluU2FtcGxlIjp0cnVlLCJzZXNzaW9uaXplckJldGFFbmFibGVkIjpmYWxzZX0=
.linkedin.com/	1970-01-21 01:37:06	Name: bcookie Value: "v=2&fd732f6d-0147-4aac-873a-cb407c9489cb"
.linkedin.com/	1970-01-20 21:10:42	Name: li_gc Value: MTswOzE3MDIyOTAzNjQ7MjswMjFbmHoMMTv5eDo+073vt4IiI8fcov9qX3qihvfoZ1iIQw==
.linkedin.com/	1970-01-20 16:52:56	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2712:u=1:x=1:i=1702290364:t=1702376764:v=2:sig=AQHCJJQgwLQ5eQ47-gzJ6oFvcX9iEpxT"
.humansecurity.com/	1970-01-21 01:37:06	Name: _hjSessionUser_3389720 Value: eyJpZCI6ImUxNGVmYTY3LTU0MjUtNTgwOC1iMGRiLTgzNWI3Y2JhZTc1ZiIsImNyZWF0ZWQiOjE3MDIyOTAzNjQ5MzcsImV4aXN0aW5nIjp0cnVlfQ==
.zoominfo.com/	1970-01-20 16:51:32	Name: __cf_bm Value: LN0rHgHSBSg8znQXri130UtHgvMjbFwlepAswidUsyE-1702290364-0-AUMbp5X/CUXZsopVLfdWQMqO02ZHamir79XTlkK2eOYGfSRkWMENqTi1FhJyt+7fnEoaqk8o8YfFz7L0SH0qzPY=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: mY8m.83HwhmdVUlOyphqBn2Dx2VGZCStBb.LhGsWX2g-1702290364958-0-604800000
.humansecurity.com/	1970-01-20 16:51:32	Name: _hjAbsoluteSessionInProgress Value: 0
.humansecurity.com/	1970-01-21 02:27:30	Name: _ga_474QF6N3NS Value: GS1.2.1702290365.1.0.1702290365.0.0.0
.humansecurity.com/	1969-12-31 23:59:59	Name: pxcts Value: b081bb21-980f-11ee-b590-1c76c6ab9e1b
www.humansecurity.com/	1970-01-20 17:01:35	Name: slireg Value: https://scout.us3.salesloft.com
www.humansecurity.com/	1969-12-31 23:59:59	Name: pxcts Value: b08ceb5d-980f-11ee-b766-ffa149def676
www.humansecurity.com/	1970-01-21 01:37:06	Name: _pxvid Value: b08cd40c-980f-11ee-b766-0ad6e3b71b79
.humansecurity.com/	1970-01-21 02:27:30	Name: _ga_59DHKRCY6M Value: GS1.1.1702290364.1.0.1702290365.59.0.0
www.humansecurity.com/	1970-01-21 01:37:06	Name: sliguid Value: c7cb2337-e1d9-499f-9f79-db11e762648f
www.humansecurity.com/	1970-01-21 01:37:06	Name: slirequested Value: true
.humansecurity.com/	1969-12-31 23:59:59	Name: _fcdscst Value: MTcwMjI5MDM2ODMzNA==
.humansecurity.com/	1970-01-21 02:27:30	Name: _fcdscv Value: eyJDdXN0b21lcklkIjoiYzA1NzU0YmYtMmIxNS00OTM1LWI3YzQtY2Y1NzYyMThjNTI4IiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiIzNzYxYmZiYy00NWRjLTQ5OTktYTUxYi1kNGU1OTE2M2EzYWUifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	error	URL: blob:https://www.humansecurity.com/0d573998-019c-49ab-98c2-a903d60f6a4a Message: Mixed Content: The page at 'blob:https://www.humansecurity.com/0d573998-019c-49ab-98c2-a903d60f6a4a' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://www.humansecurity.com/0d573998-019c-49ab-98c2-a903d60f6a4a Message: Mixed Content: The page at 'blob:https://www.humansecurity.com/0d573998-019c-49ab-98c2-a903d60f6a4a' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-SHaTb/83sHQaLCDmPEffpROs0AtrqsfBIXVyoEmhIiw=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

001-vjx-104.mktoresp.com
acsbapp.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.acsbapp.com
cdn.cookielaw.org
cdn2.hubspot.net
client.px-cloud.net
collector-pxf69i9fy8.px-cloud.net
collector-pxxdhgmtcm.px-cloud.net
connect.facebook.net
content.hotjar.io
d2i34c80a0ftze.cloudfront.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
go.humansecurity.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsleadflows.net
js.zi-scripts.com
lh7-us.googleusercontent.com
munchkin.marketo.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
s.cdnsynd.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
st.fullcircleinsights.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
tracking.g2crowd.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.google-analytics.com
www.google.com
www.google.es
www.googletagmanager.com
www.humansecurity.com
104.17.74.206
104.18.37.212
104.244.42.8
13.107.43.14
13.32.27.19
143.204.215.84
18.157.106.205
18.66.97.49
184.31.85.59
192.28.147.68
2.17.100.210
2001:4860:4802:34::36
2600:9000:2490:4400:9:14eb:6280:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:2c40::c73c:67e3
2606:4700:10::6816:cc
2606:4700:10::ac43:b9b
2606:4700:4400::6812:2b1f
2606:4700:4400::ac40:991b
2606:4700:4400::ac40:9b77
2606:4700::6810:4fba
2606:4700::6810:6dd1
2606:4700::6810:880f
2606:4700::6810:890f
2606:4700::6811:4341
2606:4700::6812:5ffd
2606:4700::6812:7b0c
2606:4700::6812:82ec
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:809::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:812::2003
2a00:1450:4001:812::200a
2a00:1450:4001:81c::2001
2a00:1450:4001:82a::2004
2a00:1450:4001:831::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c0c::9d
2a02:26f0:3500:11::215:14d3
2a02:26f0:3500:14::1724:a244
2a02:26f0:3500:16::215:1484
2a03:2880:f083:9:face:b00c:0:3
35.190.10.96
46.51.146.14
54.165.123.166
54.216.59.119
067536b3f91d4c08a72a02644605c37436afe7b1e60e0e251f298d5ccb082e49
0d3b1eb7d0f0f9f6b02dc4d100a34d5ed61b9b22e284ef8b8fc16dee56cb0453
14d51db90349386929d320832c984e3aed1658975ce84f789977ae86c055d8f0
15ebddd8f42a017abf38230bbefe743a7a4daeeeec69785baf43ce930d3de6ff
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d55d865de6a1ed121dbef7a289cd97ce22289ddc7cc4659f0804954427bbdb0
25ddd86f5287d140be6921358b86bc0577b4e434dc0c92adf5537b07f8a7692a
276783685956b2260ae97e06af66ce87eebfbe8d3f77fc4defb3e0b232c9003d
27d001801da9af0f66dfdc4b42a2a22ef3c91682ec36157d1e38c9c75e16bef6
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
2eb345a641bc3ef5bdbcea292d072b6f8d211a5468ea041a404d60657114684b
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
30dc88715a549e37c45bb2d7e9ae907abe573735a1695cb48367749bdbfdde32
31bffb649cd812a3e720b1838c910fe359aef60c46ec91149d895dc23708768d
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
3a1227a5a0f24e085cb4edd9e520a4fb4b5001e3f61ff2a2a15233bbca621785
3ccfd8491a4f2101549ea6031091edc3616340f714216323f1f604f674749239
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3f6c21e5e8208f780c560b8f470e6013685b09a5f5feb523d179cef56f13455a
439042e0204db71db38bb4cbe130c3e520d35a14c2d9f65200308eaf1886eb64
43fb1df1be08da9f4abca1e33588969c1f5fb8496f4fa7189bcb0ad071ca5618
452089a0c146eb83ebee550ce36ec3f9038f4dc2dec671b2f948635174868370
46043be637afe914e3a575c2921cd2904b2c4b59388128ed10625628402d46a6
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4c42962a901819fd2c6b69555f1e115b90f3adbb7900c15b74d9685dd7a039ff
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
54922aed651f983596d7c4d47b075f10dfa004fffe6c60c15c59ecdc1856529f
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
616805c817166b2e84970050b9befb647a561ef191e6b426505f0c551c72030e
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
671367c3c0e84517f31e61945cd9ba416f89eb653dbc3c4d1828518ef5c627e7
671cbddf551402cbb9ffcdbcf6cf16299a715f0e0ce9fa409a47c6c93720373f
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6c6dc9fa98ce96db86f46a702a17bba99e6dab3c2fe5c56c966bc55c45cc2f05
6d437eab4e6ca18ad217ea9a8434aa3151574f11d142759aaf67394a0080dc25
6d629bd6b315f22c3b961e3585bdf9a3d007d4f382462b8e10bea3e419e83d02
6e1505eae592a3d9a5490564b50bdcf00d5efc11094cfa43168a23f332e5d57d
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
72a84c658fd6c06c015c307a262351420c049dabecca3e463ddb28fbb6a42443
72d0e968a2bc13b2b3af3a39d1aa6f240e37b3054feaf1ca31b18399974111fb
75b25c896371975d8bcbc232a1da89c617f8f60de43d4476a7c4abfd9bdfc282
78142c1a0831423d3fee5308b442b24659445ac8d7c34b92bde6624cc012f4e8
79d3d292a656bc884d2880f88465f2f98d4baef5f5b8e2fd1791c92a427e4d67
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
8259342bf37dc4c2fe86208d51e17adc82a0fca2bfa818a7b284a30604c0a17d
8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87e7b7c7451d079fc49d7a692e4c8ad44315d8bbe3ce8d40fc1e56c79a729088
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
88e7b0718f584603ca29ed368567c07f629f1012e0e4972c3fd95db2e339504d
8a829e72b4b812afffd783bdbb1955c9dc162897cd089f84fcd966bce8f4c689
8a8eaa9ea5cc85ddfb0d8a6d8963dd3a67dbf9a916c60a37fee3e6a5a0ffd976
8ba61644902c74195bb51a4e247e181b82ac3d62d307a99c0e8dafaeb0b19c46
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
921373b8a29eaf00fbf1cd0564c1ce917fb2a40d6f562c5b88431fe0530ca0bf
94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3
967c6a7d025f54e95c413d03d25d90235b92f87eb1ad005bd8eaae354d6581ab
985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06
9b48bb522052a300ba7d552a9aa8aef1b2604c8d05bdf4c17be6c448b79514fc
9cac5e10bd3d5631c178a838d415c28b126daca61e10e81e6dc36aa18919174f
9d566b192360997a512a9281ee01a72109779a20c0d85dfa43d8a860034988a9
9d59318dbc0445735297ba2e769e2bc60358a0abfafe66f503ddc0a09610c28b
9ea1823078c462969eaa59d6ef62623c19d77b72e25a103105b043aefaa0769a
a123eebd3f1e4f9b4641216ddc8aee3dd0ecc035cc9d2f6ed7b92c979fccc326
a59a536f6a35976c81d050cc1f734740643674e9736ae066f85213a5535e7a0a
a5e4a681d78460f3d111260c3d35ed438143a43f7312e3ced0dd24fd14f932d7
a9e9d5d62bdbbe46fee9a3a0ba4c2d7fe5a6f4b53c10df3ac7d34796ffb7c96b
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
afff892691aaab5f3a2c411cb09a2674006120f314eb8ac1fc6efb8c66a1c353
b01d8e5687c5757ac34e6e52cb8e7d87963a1d621786a27046e225c7911cb705
b17ad6eab5f71934277721a0558d12da27ef1c1d7688d3dc8e8440165902526b
b2580bceeed19faa6167d76f4ee0682676956cab8b582c3cd14b163af46d4f5b
b54028de37c84f4aeca11a73d1b1e1bd07de8ef2bc096281b432e497f9dd0ec9
b84398de46283985db9507da817ab6fd1c66687b7b9f6d1bf3e0de29bc2b3e28
bc87bbee4d860782ded090f1ada538b42cd0810e8a729755c5fa1c8cfc01af47
bf1ae1c225ebbb05f710484ef8470f3016ee1d63f8a9d86a1d45f9d33648215e
c00013e6310558fce4e8a7417fae2523dd2a3a78a266ce47a81bd8334bb1f6b5
c75be566e7acb975a7ff713df6bcb93f7db75f622863200c0d11ee2a302217ab
c7ad9ef29521b219b0793b3d0b2e664e818fe2a430e6ce7626a441eec106a3f4
c89fde8de5179fe3688ab8130fe3f87d9e349d8df226fda5b1d5c62cb341f80f
cca669b9ec3ba9fe4847b07552d42e71179264201e58573e736714c906d4f771
d0c1810340f174c7b6c869da26bfb8c174de1cc7087adae140d85e822fe2127f
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d19641168b88316a302b822322ba73fcb03f210ca269dc2460e6d14815eb9a52
d39349e3fa22866d083e3065c3c9e0a55f5efc23516993cc5ce5f64a3364dcd9
d3d1129b6d17d69fec0fed613460f46eebe608d2182758819371fa8f8eb225ee
d4a42e8f77ed647b32311ffc6b611bdc77b6296726e51cfc958ac736c63a6654
d55ad3bc35664e6ce9dc3e6a71bb6d3a4c8fddeb6af1a195727c0361ddd92a2e
d5bc138067a2781010f4379923378f1db694dbeeb9238426d0eac6ceab8f4745
d651066ec06c641549632f4776b2cdbf638ca0786adf1c58f44a2728daed9b00
d8e166157d90ed13492b8627e50c606aeab874cd0a5d6ed3b7c8a7988a3d46d3
da31b307de5b846844535120ed1f2061759f2bd4061b1e9afbfad493b9077317
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd5e60442181c68a2711c4a407db551e51e0af167f16b86775ceb7e56679a045
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e025a11773a5dc34036f1247fa075344263379bd873765e37fc8e5e4e8148786
e0d54140c9e5b41f4f5f8fd5583a8ae657452e2bec968966ab70c26d5ae77719
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e551ed351d139ea878170841c997646dd69fe6772b726a06bd01a18e1a79ea04
ea168cce033e7328a08c52790ce8f5a04e28867636e44c6082d5b2f58348cfcd
eaeff84ff8ea102cf7d7295f2823143a72751c866487584fc0e4ae91733c03a3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3b0e2a3800f73c56a4dc78562fc32130a8eec6887982d10e6a5dcf6497969c6
fc983eeaef602a2a60c0cb3ad4e90053a4fb2ebbe39a95934f7fdc2366365fc8
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe92edba1f5990d76e1817f250ee4aae144f4efa95b676733bdd4391f2b74cf1
fea2e9af65a5c7e2a9d0ada4cdb86769e377f9bf6c7f52c281e31e8a379b4849

www.humansecurity.com Open in urlscan Pro 2606:2c40::c73c:67e3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

158 Requests

98 %HTTPS

69 %IPv6

37 Domains

54 Subdomains

50 IPs

5 Countries

4166 kBTransfer

8114 kBSize

43 Cookies

21 Outgoing links

Page URL History

Redirected requests

158 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.humansecurity.com Open in urlscan Pro
2606:2c40::c73c:67e3 Public Scan

Screenshot
Live screenshot

Full Image

158
Requests

98 %
HTTPS

69 %
IPv6

37
Domains

54
Subdomains

50
IPs

5
Countries

4166 kB
Transfer

8114 kB
Size

43
Cookies

158 HTTP transactions
1 data transactions