yoroi.company Open in urlscan Pro
2606:4700:3032::ac43:a7ea Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
Effective URL:
https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
Submission: On January 13 via api (January 13th 2021, 4:51:57 pm UTC) from US

Summary HTTP 61 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 9 domains to perform 61 HTTP transactions. The main IP is 2606:4700:3032::ac43:a7ea, located in United States and belongs to CLOUDFLARENET, US. The main domain is yoroi.company.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 15th 2020. Valid for: a year.

This is the only time yoroi.company was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 40	2606:4700:303... 2606:4700:3032::ac43:a7ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:821::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:817::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
61	12

40 2606:4700:3032::ac43:a7ea (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

blog.yoroi.company	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.yoroi.company	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
yoroi.company	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh4.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	yoroi.company 2 redirects blog.yoroi.company www.yoroi.company yoroi.company	277 KB
11	googleusercontent.com lh3.googleusercontent.com lh5.googleusercontent.com lh6.googleusercontent.com lh4.googleusercontent.com	453 KB
2	gstatic.com fonts.gstatic.com www.gstatic.com	175 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	google.com www.google.com	673 B
2	jsdelivr.net cdn.jsdelivr.net	9 KB
2	wp.com s0.wp.com pixel.wp.com	2 KB
1	doubleclick.net stats.g.doubleclick.net	67 B
1	googleapis.com fonts.googleapis.com	658 B
61	9

	Domain	Requested by
38	yoroi.company	yoroi.company
4	lh6.googleusercontent.com	yoroi.company
4	lh5.googleusercontent.com	yoroi.company
2	www.google-analytics.com	yoroi.company www.google-analytics.com
2	www.google.com	yoroi.company www.gstatic.com
2	cdn.jsdelivr.net	yoroi.company
2	lh4.googleusercontent.com	yoroi.company
1	pixel.wp.com
1	www.gstatic.com	www.google.com
1	fonts.gstatic.com	fonts.googleapis.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	s0.wp.com	yoroi.company
1	lh3.googleusercontent.com	yoroi.company
1	fonts.googleapis.com	yoroi.company
1	www.yoroi.company	1 redirects
1	blog.yoroi.company	1 redirects
61	16

This site contains links to these domains. Also see Links.

Domain
www.proofpoint.com
www.welivesecurity.com
blog.yoroi.company
www.cert-pa.it
maps.google.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-15` - `2021-08-15`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
Frame ID: 567CA604E9C6F31575837186801CFC97
Requests: 60 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&co=aHR0cHM6Ly95b3JvaS5jb21wYW55OjQ0Mw..&hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&size=invisible&cb=e88atajtx0tx
Frame ID: F17E73E21EB761F163CBF0A6C4668C7D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ HTTP 301
https://www.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ HTTP 301
https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+foundation[^>"]+css/i

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

61
Requests

100 %
HTTPS

83 %
IPv6

9
Domains

16
Subdomains

12
IPs

4
Countries

935 kB
Transfer

2085 kB
Size

4
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0
Title: Proofpoint

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2018/12/06/danabot-evolves-beyond-banking-trojan-new-spam/
Title: Eset

Search URL Search Domain Scan URL

URL: https://blog.yoroi.company/warning/ondate-di-attacchi-danabot/
Title: N051118

Search URL Search Domain Scan URL

URL: https://www.cert-pa.it/notizie/scoperti-collegamenti-tra-danabot-e-gootkit/
Title: technical analysis

Search URL Search Domain Scan URL

URL: https://maps.google.com/?q=Via%20Giovanni%20Battista%20Martini%206,%20Roma%20RM,%2000198
Title: Via Giovanni Battista Martini 6, Roma RM, 00198

Search URL Search Domain Scan URL

URL: https://www.facebook.com/weareyoroi/

Search URL Search Domain Scan URL

URL: https://twitter.com/yoroisecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/yoroi/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCb3woWzGtRO8tYHHpje3AMA

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ HTTP 301
https://www.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ HTTP 301
https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
Redirect Chain

https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
https://www.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

139 KB
24 KB

953ms
953ms

Document
text/html

2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae4126f9ec48bee6d17fbbdf166edb6f35f303d7db04a6dc393a05272b3fc19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: yoroi.company
:scheme: https
:path: /research/dissecting-the-danabot-paylaod-targeting-italy/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=ddd6f36207e73b677c1aeca4d5c3c118c1610556697
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
host-header: WordPress.com
x-pingback: https://yoroi.company/xmlrpc.php
link: <https://yoroi.company/wp-json/>; rel="https://api.w.org/" <https://yoroi.company/wp-json/wp/v2/posts/2120>; rel="alternate"; type="application/json" <https://yoroi.company/?p=2120>; rel=shortlink
x-ac: 1.hhn _atomic_ams
cf-cache-status: DYNAMIC
cf-request-id: 079e4202b000002bf666262000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2SyS6BWGFMrbZ8JqsTrgE2ZwH7jtOO4dI%2Fk%2FAviPF72dNmxdsN5iS1ttdXNtZjWPFK11sGysmTpK4y2r6nY3SuGrb2FU8oh4c6qi4ZyZCo2Bz7Eo%2BkSTQb%2F%2F"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 61109f7ded3e2bf6-FRA
content-encoding: br

Redirect headers

date: Wed, 13 Jan 2021 16:51:37 GMT
content-type: text/html
set-cookie: __cfduid=ddd6f36207e73b677c1aeca4d5c3c118c1610556697; expires=Fri, 12-Feb-21 16:51:37 GMT; path=/; domain=.yoroi.company; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000
location: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
x-ac: 1.hhn
cf-cache-status: DYNAMIC
cf-request-id: 079e42028800002bf6af9b2000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lwVmscFRb0Qmy%2BPKvHGtDjTepSuWztw5pxsRQIsevSIq%2FqYe6FycHqZ7lW3qD3Mje6R52lRBelskxYbB6pqPYtWDQUXeFcgb%2BQPNgpMOC7au0owKx2KALtAdXCFJAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 61109f7d8c502bf6-FRA

GET
H2 200 dashicons.min.css
yoroi.company/wp-includes/css/ 58 KB
35 KB 17ms
11ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-includes/css/dashicons.min.css?ver=5.6

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8273f0538929ede9599e3cfea8142a252a7d0cb6dbacb230bf188490dde79d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 97124
content-encoding: br
cf-request-id: 079e42067400002bf6afa22000000001
last-modified: Wed, 21 Oct 2020 13:16:07 GMT
server: cloudflare
etag: W/"5f903497-e682"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jHiAYAeZlgpUyUlX2nRcIGAFuTKcOjabyj%2BWRplIpSA5Kfgv8LS4SZKvJuF4F2eMIbCmUH0YHFluUPfETMoAG%2FVeYaxvifTuUO%2FqHG4T%2B6e3FsfhGzxpIpTA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec272bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elusive.min.css
yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/ 12 KB
2 KB 19ms
14ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/elusive.min.css?ver=2.0

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cf390024b9fb02ae1756d257499f568393acc60c76ae6b13ce986a46f396e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 97124
content-encoding: br
cf-request-id: 079e42067500002bf6df8fa000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-31f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cnIKo9YkI667aRPqQEAorbm%2FXNcOP1x8nho%2FIpc%2Fc2iKo%2B4icxbUpsDoLoqrUhmu5NscK3kp38o0xlPs9sGw23MywDkqRKKo4C4AEb3SaENGhTfHwFU9BbL4"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec292bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/ 28 KB
6 KB 26ms
21ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/font-awesome.min.css?ver=4.6.3

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd50e41f2ce65b53589fb6ca59a03d2fc269d65db66f8c0b29fc5bc8ba84d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 778179
content-encoding: br
cf-request-id: 079e42067500002bf6ae234000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-7160"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j2umNfWvEdAE51%2BjAelmUkVn7fxBozbMXYkndbWdCkq2AIi9TbPWw5DWFLVfBnS2iQDhpS%2B1ExwiYsohHfh3ld3dcFTQDFEgS09yoZkrJ6gblOv6X%2FryvWAy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec2b2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 foundation-icons.min.css
yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/ 17 KB
3 KB 17ms
12ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/foundation-icons.min.css?ver=3.0

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d51089ba164e46643145dc475cce83e53896a1e6541c68b20d841c1ab24e65b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713788
content-encoding: br
cf-request-id: 079e42067500002bf69907d000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-439a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jFXp%2Bm5T%2F8ZxpQVWaPS3S3iqK6R50M%2BjTp6X%2BqBFwAmtx%2Bnw4YG1Fbd4yCJANM7U9DG98aAxxWyYud7kPuT8FTHl7dVlCsIf9ja%2Br9mXgVX4J5flnuLPRW7b"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec2c2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 genericons.min.css
yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/ 26 KB
16 KB 20ms
16ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/includes/library/slick-menu-icon-picker/css/types/genericons.min.css?ver=3.4

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2deb67a6ea5e9e0e254330515f7aa291a07618b72715a63971274378cd4d06c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 461462
content-encoding: br
cf-request-id: 079e42067500002bf6d1322000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-683c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qqYIqhzFFgw24MbHSaJUNbuiaA9v5ECKIEaRdlKTU7jxNIkbfwaiD285wDpIbDbhu%2BmTIP1XhwACOnGgWiEMIAPq9Gl5wHwxbr8PUkeJKbwdTPhgV1m9oPL3"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec2f2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 extra.min.css
yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/css/ 1 KB
600 B 18ms
13ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/includes/modules/slick-menu-icons/css/extra.min.css?ver=0.10.1

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

818b6cee88115de0ce32e93ec25d7ff9d675199286ff470d71117a3d97b2991a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713788
content-encoding: br
cf-request-id: 079e42067600002bf6d9084000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-4a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VNVxvaWbLb2vXSDvIK2lhXNtkeVoXDtm0qVJClMRBtPVBCpwbAKqkaV9dQDiXOYvl23BfzNU0I3d%2BqMTkO2xYVFvZfUvBIn2GV5bgFScuoS6Pm9IW1foag6h"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec312bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
yoroi.company/wp-includes/css/dist/block-library/ 50 KB
7 KB 29ms
25ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-includes/css/dist/block-library/style.min.css?ver=5.6

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 12076
content-encoding: br
cf-request-id: 079e42067600002bf6658b4000000001
last-modified: Tue, 01 Dec 2020 12:21:40 GMT
server: cloudflare
etag: W/"5fc63554-c8e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=U69VqDbw7a8eYu8d1mnEMX9BcoQb5T2kzj6qwb4Cfgllb3jinWMLMRMfiSxsYodFQJhOIRLz4%2FBLPrVlTcwseihMwY%2BPeXWyiqTNRlykHv5JexK5V%2BWVil4g"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec332bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.css
yoroi.company/wp-content/plugins/contact-form-7/includes/css/ 2 KB
915 B 30ms
26ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 461462
content-encoding: br
cf-request-id: 079e42067600002bf66e37b000000001
last-modified: Thu, 17 Dec 2020 14:32:39 GMT
server: cloudflare
etag: W/"5fdb6c07-780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Fd25w09joq7Cpn68EKxLYEWhTIvfeD98i8loNqeBUTCm70gotNzbV69RkJpSfBq6gwD9%2BWGemTYHQepK8QW8dgZGNhSYD4gFeb8HDT9bkxRwRCz4nzoI%2FbGS"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec342bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.css
yoroi.company/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 17ms
13ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.6

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 507399
content-encoding: br
cf-request-id: 079e42067700002bf6dd022000000001
last-modified: Wed, 23 Sep 2020 14:32:03 GMT
server: cloudflare
etag: W/"5f6b5c63-1555"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TWZOnF1Af3vja3yIThuanj9aCVKo4gZ2LRF2Jqx9QJ6OXlpgoRPTwWeeL21pdo%2BSeM%2B1u7egK0%2B9dW1Qz5%2FEU5TTrGo6rExunv7vyHrl0JrtE1QDwcGZln5b"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec372bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 aos.css
yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/ 25 KB
2 KB 18ms
15ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.css?ver=5.6

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713788
content-encoding: br
cf-request-id: 079e42067700002bf69e1ac000000001
last-modified: Mon, 03 Feb 2020 11:41:57 GMT
server: cloudflare
etag: W/"5e380705-65c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AUYoKxchRJjMsd2gH%2F1%2FD6OZBiah9lpobxWQU%2BXNfj9ETAFk5iRavZGahaAHKxAjOqamSxth7bNddXxYdNBzBP8vDEKQ6nZNWof2lRb5gsEiXWMuN2FS4zYA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec3a2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 oxygen.css
yoroi.company/wp-content/plugins/oxygen/component-framework/ 18 KB
4 KB 18ms
14ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/oxygen/component-framework/oxygen.css?ver=3.1.1

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9124a6fd00e218d97037cdcbc7ea4c40c73d95bd19da2a6a477789f1daa0bf7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 533856
content-encoding: br
cf-request-id: 079e42067700002bf6789df000000001
last-modified: Mon, 03 Feb 2020 11:40:54 GMT
server: cloudflare
etag: W/"5e3806c6-498b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=r4yRyeQcjT8Qc1Vi33B0mxEN3rkx%2FgpnH%2BJpEk2nfnNpMfvORfyRlXcSDux%2FWuoYsv2nqqs00rC6MD85tyM69GowG%2FHMP5%2BXEr4JO6IJOufGY8Gn%2FKuAp94X"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec3c2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 contact-form-7-email-spam-blocker-public.css
yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/css/ 98 B
585 B 19ms
15ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/css/contact-form-7-email-spam-blocker-public.css?ver=1.0.0

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713787
content-encoding: br
cf-request-id: 079e42067700002bf6a703e000000001
last-modified: Tue, 04 Feb 2020 11:21:55 GMT
server: cloudflare
etag: W/"5e3953d3-62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nDQ0JbRJLyodDV52i8BMaPuhVqAIkmpIHZmvLD%2FDfR8Xtt%2BKpfn7MHF7WdNLjCRwx6DxKYdJHE8RurWsgOOuypWh%2F%2BrgXk2IF7PtbYPlD8YHpAxt5oYoSrUg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec3e2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 animate.css
yoroi.company/wp-content/plugins/slick-menu/assets/vendors/animate/ 77 KB
4 KB 23ms
19ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/animate/animate.css?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97470c6fac60d3431c7309907a10d67d0356b563c7bab67f7a44301d4164ac38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713787
content-encoding: br
cf-request-id: 079e42067700002bf698ae1000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-135d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C1li9FVOYA4PzeD7VyPc4ggOvwp07oxwo%2F2IAlMppmY6RKw1S%2FhVFbxk%2F1udA2z%2BCFWR7%2BGB0GaSzbj4bp39Yh%2FQeeoWRgQAAdZ8nmVnIToW3P6yHXx7jeDL"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec3f2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slickmenu.min.css
yoroi.company/wp-content/plugins/slick-menu/assets/css/ 48 KB
7 KB 19ms
16ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/css/slickmenu.min.css?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81d95e3d8d470a9de65b68baab1200d56b39a812e7717d7d294910a37d635dd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 778179
content-encoding: br
cf-request-id: 079e42067800002bf6b0231000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-beb1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RfEua2xpj3dTFKFryX3w7PbJ0IjmqzvxU%2Bmh%2BW8Ip0CTaowYonqSv9knS79WK3ywJ3f0U4bav8fWQ6vSjuWSBeUoOPkCn19EY4ON552GLyps8ioOHmNdEnbz"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 61109f83ec402bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
yoroi.company/ 243 KB
8 KB 634ms
631ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/?sm_ajax=dynamic_styles&t=1610556496&ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ea057066074e145942ce7d17112e74a6f88850c8d450ada79c920e78263ee94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Cookie
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
host-header: WordPress.com
content-encoding: br
cf-request-id: 079e42067800002bf6c3ac2000000001
last-modified: Wed, 13 Jan 2021 16:49:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DHusEsJ3kfYPFHWaxbIRkrrxuBj0sNXKE14sVjYOYb5gDTqbEXFa0mNPubp%2ByEHRdPf2NFCD22qA6bhz9ILElnc4%2BY2Pcs6oZWf2SSXDwB%2FB7NRj65Fz%2FJQo"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset: UTF-8;charset=utf-8
cache-control: max-age=176, must-revalidate
cf-ray: 61109f83ec412bf6-FRA

GET
H2 200 jquery.min.js Show response
yoroi.company/wp-includes/js/jquery/ 87 KB
30 KB 25ms
22ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 171423
content-encoding: br
cf-request-id: 079e42067800002bf6900e3000000001
last-modified: Wed, 07 Oct 2020 16:33:25 GMT
server: cloudflare
etag: W/"5f7dedd5-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FDRFAw%2BkFyXJdhb2iccVSMtumE8bVeyrruOo8g4hQ4wrLDkAFZyTiYm%2Fo8xaRIs76rMikUfffKnef0B1yNZCxtetygggC33HgqMf9UJqm6dL66xwmTkTPXyK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f83fc452bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.js Show response
yoroi.company/wp-content/plugins/cookie-notice/js/ 9 KB
2 KB 21ms
18ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713787
content-encoding: br
cf-request-id: 079e42067900002bf6db85a000000001
last-modified: Wed, 23 Sep 2020 14:32:03 GMT
server: cloudflare
etag: W/"5f6b5c63-2474"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=W2xnz%2FGMUZbdM6wxXBSeV5BWz%2FHBV1QogjbzLyYoMYSBy5%2Fh8GuN87xjqQ2t2I5ac1gnUEIdeDN%2FzHfZj2SJ%2F68pW%2F9cDhiLsicMojpqzWzmrEw3dZjDvCtF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f83fc462bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 aos.js Show response
yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/ 14 KB
4 KB 23ms
20ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.js?ver=1

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713788
content-encoding: br
cf-request-id: 079e42067900002bf66d2d3000000001
last-modified: Mon, 03 Feb 2020 11:41:57 GMT
server: cloudflare
etag: W/"5e380705-37a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=i8cis2WMMuOjQHFwHih9ix8nyGuOKgPh%2BccVp9ipRewEGsWJlq531d%2F%2BbZPOdQaa9xLtabIbfyGcQDNDxg3vSMmvbP%2Fy1zl91%2FNhjnoIfiz7exvy91X7XOLA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f83fc472bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 contact-form-7-email-spam-blocker-public.js Show response
yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/js/ 838 B
873 B 24ms
21ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/wp-contact-form7-email-spam-blocker/public/js/contact-form-7-email-spam-blocker-public.js?ver=1.0.0

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:38 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713788
content-encoding: br
cf-request-id: 079e42067900002bf6662c0000000001
last-modified: Tue, 04 Feb 2020 11:21:55 GMT
server: cloudflare
etag: W/"5e3953d3-346"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UrL3Jf6OQiibGU4oXlcCmqAN%2BDpLQ5UAb%2BqQn3IuU%2FsYyyDOGceNmGcv9YaeAVobsfx%2FEfzxVQ9D5eLmyM8Jh1MevctdfQiOSQTUKeyk1HSHAN5nPo458Owi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f83fc492bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
658 B 19ms
17ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Work+Sans:100,200,300,400,500,600,700,800,900|Work+Sans:100,200,300,400,500,600,700,800,900

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bbd10de48b5659ee4ad78af5514039eb393580d9ffc2e4cf6d9b24fb63532520

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 13 Jan 2021 16:51:38 GMT
server: ESF
date: Wed, 13 Jan 2021 16:51:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 13 Jan 2021 16:51:38 GMT

GET
H2 200 /
yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/ 34 KB
6 KB 1296ms
1294ms Stylesheet
text/css 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/?xlink=css&ver=5.6

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af73c24ded3f2637540ae5b80bacf564d968a70443f4a405182fb42c8a19c91b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding, Cookie
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-pingback: https://yoroi.company/xmlrpc.php
host-header: WordPress.com
content-encoding: br
cf-request-id: 079e42067800002bf6cf1ff000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J5%2BgVZ9cMqDSKjGrtW23evwSJliZldeoiKpcBSaLQvIvS6X3yLVBcPbG8GuxYFI5h2VJDOWRSlxZKJPu8ni2W7NomNf3FH8VFHWvY4yxHrbJDArnHtSZVg9g"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=utf-8
cf-ray: 61109f83fc442bf6-FRA
link: <https://yoroi.company/wp-json/>; rel="https://api.w.org/", <https://yoroi.company/wp-json/wp/v2/posts/2120>; rel="alternate"; type="application/json", <https://yoroi.company/?p=2120>; rel=shortlink

GET
H2 200 logo-head.svg
yoroi.company/wp-content/uploads/2020/01/ 3 KB
1 KB 17ms
17ms Image
image/svg+xml 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yoroi.company/wp-content/uploads/2020/01/logo-head.svg

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65158a29c17b7bd93fcb3409b97eda74a7c090d932a9ce494adb9f82d737894d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 548003
access-control-allow-methods: GET, HEAD
content-encoding: br
cf-request-id: 079e420a4800002bf6ae294000000001
last-modified: Mon, 03 Feb 2020 11:41:20 GMT
server: cloudflare
etag: W/"5e3806e0-a21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BpkoJsdt2uSWebn2aepCAULwX98V3IGoA7qxSw3a1RzQL%2BAnXDd74dvdksL59bhoOcDtL19LJOIvMffiSdZC7dzKinej1EROsRMXLCirzgX5cYxFWmelC0T8"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 61109f8a0b292bf6-FRA
expires: Thu, 14 Jan 2021 08:38:16 GMT

GET
H2 200 hamburger.svg
yoroi.company/wp-content/uploads/2020/01/ 488 B
633 B 12ms
12ms Image
image/svg+xml 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yoroi.company/wp-content/uploads/2020/01/hamburger.svg

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f349f68dd834591897a2b648193d96446427a388772b17163e166c17bf4bb5f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 108454
access-control-allow-methods: GET, HEAD
strict-transport-security: max-age=31536000
content-encoding: br
cf-request-id: 079e420a4800002bf68aabf000000001
last-modified: Mon, 03 Feb 2020 11:41:17 GMT
server: cloudflare
etag: W/"5e3806dd-1e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=T%2FCP3bUhblpJjGCEP1AwVlY5mdibSTUewFTdXkwQdCC8sD1r7mxdIWVotCvwV1ObiGtBObnJ4i%2FXPieMGYMYhzIIk99qIkWsp1k9%2FEVme8fhZAbG5lqbj7ir"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 61109f8a0b2a2bf6-FRA
expires: Tue, 19 Jan 2021 10:44:05 GMT

GET
H2 200 Risorsa-36-8.png
yoroi.company/wp-content/uploads/2020/01/ 30 KB
30 KB 15ms
15ms Image
image/png 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yoroi.company/wp-content/uploads/2020/01/Risorsa-36-8.png

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

048e7b54fbc9022c80b0bf1144f55baaf814f91fe575515dbd4263634317013f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 171395
access-control-allow-methods: GET, HEAD
strict-transport-security: max-age=31536000
content-length: 30485
cf-request-id: 079e420a5300002bf6d90e3000000001
last-modified: Mon, 03 Feb 2020 11:41:18 GMT
server: cloudflare
etag: "5e3806de-7715"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vey7tPazor9HiFq%2BSEN5HEIwqQDycshaO120hVsPnda9h%2FlcJrUwH%2BSNG2sP14zXeDqt8ABQ1sX760ZoQ56iFm6K4pHG2QkzmbIilbhxFqnL0uEQjHNa56vd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 61109f8a1b3a2bf6-FRA
expires: Mon, 18 Jan 2021 17:15:04 GMT

GET
H2 200 el-BTgnPSkzwDbbCBB6SP-zYeGCyLKsF_kUgbtB2zdh1P5V_hwmykoF_K4NV7B5wQuwUBSXqUlULroFXFLkbOtA4KG8qsUu2MYkSq0La-cedMtk_dhvfnjBx07mZu0Ru3oVoyM0
lh3.googleusercontent.com/ 37 KB
37 KB 10ms
6ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/el-BTgnPSkzwDbbCBB6SP-zYeGCyLKsF_kUgbtB2zdh1P5V_hwmykoF_K4NV7B5wQuwUBSXqUlULroFXFLkbOtA4KG8qsUu2MYkSq0La-cedMtk_dhvfnjBx07mZu0Ru3oVoyM0

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f0328c65f6e166e8b8d66fe8f001a51e6130aaeebf2a05f37ca90bfe27ba1b41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:48:37 GMT
x-content-type-options: nosniff
age: 182
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37822
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 14 Jan 2021 16:48:37 GMT

GET
H2 200 bq4ZUalbXFqd_8jqOZg4e0UMY6cYWggDYqUxv7yK8KWudJpcGkxfElDMmnn69wr-qMqzv3XKExzxgfwYnk0LrmzsTcbEe4ParYUXCENs9QRBzXFSfUyL4PzRAjIFFAn7oD_Q_6o
lh5.googleusercontent.com/ 26 KB
26 KB 12ms
8ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/bq4ZUalbXFqd_8jqOZg4e0UMY6cYWggDYqUxv7yK8KWudJpcGkxfElDMmnn69wr-qMqzv3XKExzxgfwYnk0LrmzsTcbEe4ParYUXCENs9QRBzXFSfUyL4PzRAjIFFAn7oD_Q_6o

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

865e384a0897d641d4e8c51b9be836c4121b9db2976bddfd7c8e0968e4cf69c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:48:37 GMT
x-content-type-options: nosniff
age: 182
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26727
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 14 Jan 2021 16:48:37 GMT

GET
H2 200 iWnWN9mTld8WPkvUVBPy-I-FGjbRpC31eOEMzTwbC1PWzLCj66_i7uLz0pLF2rxmiBKHhgXPM_hJVLyWSs2QXPEm353Aq6JMKm2Io6TJK0lyN7KW35TANCcOgM2HMDABbVAxJaY
lh6.googleusercontent.com/ 7 KB
7 KB 9ms
6ms Image
image/png 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/iWnWN9mTld8WPkvUVBPy-I-FGjbRpC31eOEMzTwbC1PWzLCj66_i7uLz0pLF2rxmiBKHhgXPM_hJVLyWSs2QXPEm353Aq6JMKm2Io6TJK0lyN7KW35TANCcOgM2HMDABbVAxJaY

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c0e56f8bd6e82c69b5c90fd8b70451fe31e8a0e364825d3d51b65e1358ecae43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:48:38 GMT
x-content-type-options: nosniff
age: 181
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6968
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 14 Jan 2021 16:48:38 GMT

GET
H2 200 6PTYkV1lYS3kNawWw60kPfLzPGdV43yj2SjJZiN-Wu8nkrRW9O-zlb_LuAJMAXLAPxqiMyT3AkKHMC1RIiBWwcp8jS6VqPeYDZfZwFGQFrELxWcGvs4TlueCHParX0fEg7d_s7Y
lh5.googleusercontent.com/ 30 KB
30 KB 10ms
7ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/6PTYkV1lYS3kNawWw60kPfLzPGdV43yj2SjJZiN-Wu8nkrRW9O-zlb_LuAJMAXLAPxqiMyT3AkKHMC1RIiBWwcp8jS6VqPeYDZfZwFGQFrELxWcGvs4TlueCHParX0fEg7d_s7Y

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f6c731f6aa731a459cda50f708b166d11b299b0ac92a341c6f7b126c48a48e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:48:38 GMT
x-content-type-options: nosniff
age: 181
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30361
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 14 Jan 2021 16:48:38 GMT

GET
H3-Q050 200 -EeL_9GdNf4xagUBFhv2B20LWS51Da2gwN52ifBzNI-ZAHB0nx50njQSInipON7Qxll740VKy7ER6IuQ6mgx39BPt4DAyXtFGRKwo3P5jKzWOEkvvzaO4A0SMgu6b3156Ku1i14
lh6.googleusercontent.com/ 8 KB
8 KB 214ms
197ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/-EeL_9GdNf4xagUBFhv2B20LWS51Da2gwN52ifBzNI-ZAHB0nx50njQSInipON7Qxll740VKy7ER6IuQ6mgx39BPt4DAyXtFGRKwo3P5jKzWOEkvvzaO4A0SMgu6b3156Ku1i14

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e43a913c7075aa636be5c63efae3464858c9eaa18e9654e722b6cdbc75d12c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-content-type-options: nosniff
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8510
x-xss-protection: 0
expires: Thu, 14 Jan 2021 16:51:39 GMT

GET
H3-Q050 200 FT0CZMe4uOYwwKjIMo3KWYYR8en_3_UGEajBh_qMffUGXzDsvxJVHh9N711vDwTronBbPa9tA4FX2U7-HS_NiRLAWqE6-T5TcBhHw_xn2NVMi_SqwKWFZMu1kd3q2st3wrH9p4w
lh6.googleusercontent.com/ 37 KB
38 KB 203ms
185ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/FT0CZMe4uOYwwKjIMo3KWYYR8en_3_UGEajBh_qMffUGXzDsvxJVHh9N711vDwTronBbPa9tA4FX2U7-HS_NiRLAWqE6-T5TcBhHw_xn2NVMi_SqwKWFZMu1kd3q2st3wrH9p4w

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8828a68fd9d2a981fd8c68640e52438e3b8770e758e09c65e83b7daad52e9083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-content-type-options: nosniff
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38372
x-xss-protection: 0
expires: Thu, 14 Jan 2021 16:51:39 GMT

GET
H3-Q050 200 yLFXlMaGtdcxwfmA-FrjOtCmLWqU2lwUEoLUwz2cqbP6mMWGn_SX9UQZvFE5hNOtIyO-7PcvZtzA2JXbxMZUY1gY1NgorJQKTaMjIux_dkMR9N5vgw04YWWRJrr93F7WmysznjE
lh4.googleusercontent.com/ 5 KB
5 KB 40ms
23ms Image
image/png 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/yLFXlMaGtdcxwfmA-FrjOtCmLWqU2lwUEoLUwz2cqbP6mMWGn_SX9UQZvFE5hNOtIyO-7PcvZtzA2JXbxMZUY1gY1NgorJQKTaMjIux_dkMR9N5vgw04YWWRJrr93F7WmysznjE

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8b7448229f8c3561d7e6afb7c80b7367dc1c583bb4ce51582ef69ddf30da43b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:48:38 GMT
x-content-type-options: nosniff
age: 181
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5336
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 14 Jan 2021 16:48:38 GMT

GET
H3-Q050 200 Tq5L66dD1lTGryib38Neup0cPNFvlZz_HczCFTlh8o3OkvptuppE7C-tNMy9NvADiQW9u-qXzW90Qqnq_buFqz91TEnHK5uWgAE6VHy2mA5RH8DGVk5SKq7JVzMbcUnmxMR9ZRU
lh5.googleusercontent.com/ 100 KB
100 KB 220ms
200ms Image
image/png 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/Tq5L66dD1lTGryib38Neup0cPNFvlZz_HczCFTlh8o3OkvptuppE7C-tNMy9NvADiQW9u-qXzW90Qqnq_buFqz91TEnHK5uWgAE6VHy2mA5RH8DGVk5SKq7JVzMbcUnmxMR9ZRU

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

644802cc82ff92b8581adedec7352d24721068bfc4e9b7f1186ea0ecc6387e58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-content-type-options: nosniff
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102536
x-xss-protection: 0
expires: Thu, 14 Jan 2021 16:51:39 GMT

GET
H3-Q050 200 VoEPJtis4j76ub_mczVR5vAJtPoUEAV7pQmOXsMQ6E75p4lv0ABNAIFQ6rYzFvwPSI8nGpSqaqO4_21CVeqgjsQVJrXuf5zoxefVsezj7wrFCxQledNfE_uh07I3cQ8b9TXKTbw
lh5.googleusercontent.com/ 66 KB
66 KB 208ms
189ms Image
image/png 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/VoEPJtis4j76ub_mczVR5vAJtPoUEAV7pQmOXsMQ6E75p4lv0ABNAIFQ6rYzFvwPSI8nGpSqaqO4_21CVeqgjsQVJrXuf5zoxefVsezj7wrFCxQledNfE_uh07I3cQ8b9TXKTbw

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5c970c7af1fb0206de3fe8d32a11b76569d99d7f767fa7bd29e52985c60fdb47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-content-type-options: nosniff
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67356
x-xss-protection: 0
expires: Thu, 14 Jan 2021 16:51:39 GMT

GET
H3-Q050 200 GmdP-Qk8NGzoRkbL3jR4XV-pamvSp1dLJpW091a8V7vYwJnVkNDcTc_yMVv-BSWt8yQpKPuBarV9I-f8ROBcrqCsSqDMN_4-giY0UTTEWULfQoNlWxyw3Tt1V5Rn-mQH0EWN80k
lh6.googleusercontent.com/ 84 KB
84 KB 209ms
192ms Image
image/png 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/GmdP-Qk8NGzoRkbL3jR4XV-pamvSp1dLJpW091a8V7vYwJnVkNDcTc_yMVv-BSWt8yQpKPuBarV9I-f8ROBcrqCsSqDMN_4-giY0UTTEWULfQoNlWxyw3Tt1V5Rn-mQH0EWN80k

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b9c1e1e806813a4323147dc754d9088cc1ee824a043bf330dc208bf7c5801dac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-content-type-options: nosniff
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86290
x-xss-protection: 0
expires: Thu, 14 Jan 2021 16:51:39 GMT

GET
H3-Q050 200 LkrX2fR3_Ox4dJ7OV1QJUhb3X1TkDGbO14coHqD2pROJ9MybG-pcAw5TaUIO4R5np3RGy-GGv-77P11vvXw8gBBS89qenL4QfH7F0L2ok5BIJBT49Z9Xk3it8BxWiuZaTM0uK08
lh4.googleusercontent.com/ 51 KB
52 KB 38ms
21ms Image
image/png 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/LkrX2fR3_Ox4dJ7OV1QJUhb3X1TkDGbO14coHqD2pROJ9MybG-pcAw5TaUIO4R5np3RGy-GGv-77P11vvXw8gBBS89qenL4QfH7F0L2ok5BIJBT49Z9Xk3it8BxWiuZaTM0uK08

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5d0959276e63fb586bb21ff7ac3f9deb8b3afd2c88ad5c63a2d382bcff4bd2cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:48:38 GMT
x-content-type-options: nosniff
age: 181
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52486
x-xss-protection: 0
server: fife
etag: "v2"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 14 Jan 2021 16:48:38 GMT

GET
H2 200 email-decode.min.js Show response
yoroi.company/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
7ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 079e420a0d00002bf6ae28b000000001
last-modified: Tue, 05 Jan 2021 18:15:38 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"5ff4acca-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8bDbsNjFahd8yIKplOIAb%2FA62ipH7Jyf3Un3HVoxmcRKw7blUEEYBqn7RXTAtBFfPraVvgKyinWm8%2FTiZHqUB5%2Fb7fGbktPRqF8dQALdptDpOQXcFA6a4M9%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 61109f89aa4a2bf6-FRA
expires: Fri, 15 Jan 2021 16:51:39 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 3 KB
1 KB 52ms
16ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202102
Requested by: Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 98619b62f2320249ce5e6850e5e5e5040d348b2f9a80467a7d0306069134d35e

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Wed, 13 Jan 2021 16:51:39 GMT
content-encoding: gzip
server: nginx
etag: W/"5f72415a-dbf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-ac: 4.ams _dfw
expires: Tue, 11 Jan 2022 00:00:00 GMT

GET
H2 200 countUp.min.js Show response
yoroi.company/wp-content/assets/js/ 5 KB
2 KB 22ms
15ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/assets/js/countUp.min.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c63a636fec47c33c1f90b009d2f95830d3492083c04e429cda86914834714967

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://yoroi.company
Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 177578
content-encoding: br
cf-request-id: 079e420a2400002bf665915000000001
last-modified: Mon, 03 Feb 2020 11:40:49 GMT
server: cloudflare
etag: W/"5e3806c1-126e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fi3mdb18pcM%2BYMOWo0iiYUbcEza6H56v2wkrqcb5WQ64vHn9qLnsCkoWOPHiJzwXvObNPUYIchgl5cEwRBlxGn21qVEvPncz%2F0I%2BvMYVJC198FAd8bsV5MjC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 61109f89daa12bf6-FRA
expires: Mon, 18 Jan 2021 15:32:01 GMT

GET
H2 200 counters.js Show response
yoroi.company/wp-content/assets/js/ 2 KB
1007 B 24ms
18ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/assets/js/counters.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c594062728319da3ecaa98c4c0b930b07d5e64207eb6e4987d4fcbff9134768

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://yoroi.company
Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 108454
content-encoding: br
cf-request-id: 079e420a2600002bf6b98f0000000001
last-modified: Mon, 03 Feb 2020 11:40:49 GMT
server: cloudflare
etag: W/"5e3806c1-78d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iekFQTygLkZV9UWo4skzJkOQrEsBA%2F5DqN%2FABT4swM0jAGoGE%2FKPmISlmPfbWdDK%2BHQ1%2F%2BBBre5eDwUL9X1vR%2BleOOcnbGq79Xf1nrgTus%2FnU%2Fm0PGp9kpRj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 61109f89daa42bf6-FRA
expires: Tue, 19 Jan 2021 10:44:05 GMT

GET
H2 200 parallax.min.js Show response
yoroi.company/wp-content/assets/js/ 17 KB
5 KB 36ms
30ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/assets/js/parallax.min.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf4d20b28de8c7f77428b24325ec3afb39b6f7e277f6b61666f3a0a17cc3b42b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 108454
content-encoding: br
cf-request-id: 079e420a2500002bf666310000000001
last-modified: Mon, 03 Feb 2020 11:40:49 GMT
server: cloudflare
etag: W/"5e3806c1-43a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Mf0F0yo1T8Jqkw78MLg4pEY5Gb%2FMCi6Gq%2FXtkv1zB1cKCUGjBqDN1W2qlCl4gjhQbTFgZ6cGtnzu1fP7lbaDMyVFGkhrEYfo%2F6rn4bYCNE71J1uoTIGtgp4U"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 61109f89daa72bf6-FRA
expires: Tue, 19 Jan 2021 10:44:05 GMT

GET
H2 200 intersection-observer.js Show response
cdn.jsdelivr.net/npm/intersection-observer@0.7.0/ 22 KB
6 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/intersection-observer@0.7.0/intersection-observer.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1dc6d2d43514d1d8956877d1f2ef347cd5abdb8ecf8e47aba59d87b8a6da49bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 4760740
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 6401
etag: W/"57ad-m3EaUx6495LHE8zS0+QpFP8kqM0"
x-served-by: cache-fra19124-FRA, cache-hhn4068-HHN
date: Wed, 13 Jan 2021 16:51:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/ 6 KB
2 KB 8ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/lazyload.min.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0be502b9446e16b338d36ccadac232f4a68ab74655f98fec415ccdbbccbf5729

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 4760743
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 2436
etag: W/"1926-ftj+zhhSvu4E/RMH3S02cxSkfWc"
x-served-by: cache-fra19171-FRA, cache-hhn4068-HHN
date: Wed, 13 Jan 2021 16:51:39 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 scripts.js Show response
yoroi.company/wp-content/plugins/contact-form-7/includes/js/ 14 KB
4 KB 19ms
13ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713788
content-encoding: br
cf-request-id: 079e420a2500002bf6cf259000000001
last-modified: Thu, 17 Dec 2020 14:32:39 GMT
server: cloudflare
etag: W/"5fdb6c07-37c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BSCWRzlhIo9KRh2KVPDm0yDIQkKXO1RzSgWuGpXINDhYkZ36KtmDnLgBYCye6XCtIlYMgidvGts8QYh4SMwOyIfMGZMIvT1p9rzZu7%2FzOsS8HZv1hvD2kxba"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f89daa82bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
673 B 207ms
201ms Script
text/javascript 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&ver=3.0

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

64d2eaa8c46d2d1ebf43f7d4b912981136de37ba8c10d9d41f2ef6981d7314a6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 585
x-xss-protection: 1; mode=block
expires: Wed, 13 Jan 2021 16:51:39 GMT

GET
H2 200 script.js Show response
yoroi.company/wp-content/plugins/contact-form-7/modules/recaptcha/ 1 KB
867 B 18ms
13ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/contact-form-7/modules/recaptcha/script.js?ver=5.3.2

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aef711d1643073ab593de1d958ee854d6f63339cb216eda43666fb9dfcebffd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 713789
content-encoding: br
cf-request-id: 079e420a2500002bf6c3b1d000000001
last-modified: Thu, 17 Dec 2020 14:32:39 GMT
server: cloudflare
etag: W/"5fdb6c07-4f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EqbamQluYKGIAvxxre%2FnDgzYaIc%2B2hGeNnFsKLaKF4jOM7m4H2hIEHk7LvBhbdL2%2Fm78OB6SCrFuimuqIBIC5t1qtsUtchI2wjBCaxs6eLB0JTL5hLZK5qHL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f89daa92bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/vendors/modernizr/ 12 KB
5 KB 15ms
14ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/modernizr/modernizr.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49cf0f2de45929d5674df4377cfc2363324674ca4dfdef454bc1dfeebcec9ca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 461462
content-encoding: br
cf-request-id: 079e420a3300002bf69d10a000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-317b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zTRwRPWU%2B1hgY9fJpBPrbV%2BKDalXMNbX%2Bu%2BsWhjLhcff3%2BzQ306YL6DQNObqn8y2M8XiUmlamXrPb6ks5DDQVNzRugCZ%2BDNT3Mx90GU9BqGOQknX8F5tFqoa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f89ead72bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 TweenMax.min.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/ 108 KB
35 KB 20ms
20ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/TweenMax.min.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97982680a892d29f743ce32b99fb340cc4a186769e56380998145868781f4ebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 801801
content-encoding: br
cf-request-id: 079e420a3300002bf686924000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-1aeba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u%2FAFVrP9Ffk5U55ftutNrl4XEkFj5CLsF%2BIRajH2HYoMqMzwlozsA3EU%2FFdp57fgWlLT8pma5ADbIJ%2FvoTPhpzYD7dJyoZxStF5quZhh%2BVVYZt0cWEWpGdUV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f89eada2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ScrollToPlugin.min.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/ 2 KB
1 KB 15ms
11ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/greensock/ScrollToPlugin.min.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

806548b84857dbb3a3243a0d7c0aedc2afd647bf96b48de90985df9591ca4a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 97124
content-encoding: br
cf-request-id: 079e420a3700002bf6b028f000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-9fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ba0mlZcXSJjVP7NDGD%2FIV0BnMgU3RZ34zZ5OHz0Lok6qJm9k3q0%2Battf6bxGTYNayWqjtnKsFXpm8rOz38hNI5kZg1O%2BSIJUGN62Ulm6p80UjKjomTJtXZzO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f89fae52bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 body-scroll-lock.min.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/vendors/body-scroll-lock/ 3 KB
1 KB 16ms
15ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/vendors/body-scroll-lock/body-scroll-lock.min.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d947b55573f76b9876038798590599aef4ec471cd0b44a41438b02ae00fcee5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 507398
content-encoding: br
cf-request-id: 079e420a3800002bf6df955000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-b15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=w9B6Qq%2Byg90KVGrRGaVEbq52d8hXC39cHsYewkHR7uUYapVzW66miZq6qqJwMxdP0J2b526hLJaykIYn5jNCValDSLQ4brA4sfrdignbEmqY%2BmBraGWuEalY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f89faea2bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 utils.min.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/js/ 18 KB
7 KB 16ms
15ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/js/utils.min.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72056b7312d491a672a34df38cc3b593a84575235819a88239e5b8330bd5dea8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 461462
content-encoding: br
cf-request-id: 079e420a4200002bf6c113b000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-490c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H9U2OB0M1TIRzTw0DLDK9ujJIqBC9Da%2BXifjckpwJ5VcnaZ0lMOh1I6Nn3YCZmHgs%2F8xl%2B6r%2BbCUKxPFPFuKFHwZU3gYQ5sBIQ%2FAQu8NZFWROoA3Ok%2Bz1Rnl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f8a0b152bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slickmenu.min.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/js/ 34 KB
8 KB 19ms
18ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/js/slickmenu.min.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35a207ef97e50fe3d9090292bb653b8f9a676bba3b961fd9242f97af39b8b768

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 801801
content-encoding: br
cf-request-id: 079e420a4800002bf67d85c000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-8618"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZInD5xneJjMkJx9FT7xAMyT1A3zkQC7MGq3hsjTeviUmXl8pVkcb2j5qvMCqPNDk1cdGL9UPegvlf%2BoNpVF3mR08LsjXwOMuCFdWc%2B9VQsqGPX9PI5pCvLch"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f8a0b262bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
yoroi.company/wp-content/plugins/slick-menu/assets/js/ 22 KB
7 KB 25ms
25ms Script
application/javascript 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-content/plugins/slick-menu/assets/js/frontend.min.js?ver=1.2.7

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b66da3f27a3aa48171829b9e331147187ceb6a4f38b444808525de6bb0bf604

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 171424
content-encoding: br
cf-request-id: 079e420a4800002bf69d10c000000001
last-modified: Fri, 28 Feb 2020 09:19:08 GMT
server: cloudflare
etag: W/"5e58db0c-567d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1SuE7fk27EqkViVFXxwdvEpBb7f%2FcG4ceI1Q%2FzEDdw1RxRRkQBy6iCT9Jj9eZ01f%2BcXT4cjlml%2BKiUVwtwWHFnXk4QQr6dqMegSCLlyX%2FQIMVNLCgiGA8afr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 61109f8a0b282bf6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: yoroi.company
URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5527
date: Wed, 13 Jan 2021 15:19:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 13 Jan 2021 17:19:32 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
66 B 13ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=1&a=2112157283&t=pageview&_s=1&dl=https%3A%2F%2Fyoroi.company%2Fresearch%2Fdissecting-the-danabot-paylaod-targeting-italy%2F&ul=en-us&de=UTF-8&dt=Dissecting%20the%20Danabot%20Payload%20Targeting%20Italy%20-%20Yoroi&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1706743510&gjid=948700993&cid=853426116.1610556699&tid=UA-54504571-1&_gid=2101106869.1610556699&_r=1&_slc=1&z=673205687

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 13 Jan 2021 16:51:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://yoroi.company
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-54504571-1&cid=853426116.1610556699&jid=1706743510&gjid=948700993&_gid=2101106869.1610556699&_u=YEBAAUAAAAAAAC~&z=1755517546

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 13 Jan 2021 16:51:39 GMT
content-type: text/plain
access-control-allow-origin: https://yoroi.company
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDptfpA4Q.woff2
fonts.gstatic.com/s/worksans/v8/ 44 KB
44 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v8/QGYsz_wNahGAdqQ43Rh_fKDptfpA4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Work+Sans:100,200,300,400,500,600,700,800,900|Work+Sans:100,200,300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbfcf009369ed480448ca6b89f9586d80ecc4d150fbe317db5a27ad43617a8c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://yoroi.company
Referer: https://fonts.googleapis.com/css?family=Work+Sans:100,200,300,400,500,600,700,800,900|Work+Sans:100,200,300,400,500,600,700,800,900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 16:25:07 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Jun 2020 02:42:54 GMT
server: sffe
age: 433592
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45196
x-xss-protection: 0
expires: Sat, 08 Jan 2022 16:25:07 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/ 334 KB
131 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb3b275e8321c2c87095a4f4f0fd89fbbbdbe07e6fd5191c4c8ccabfc21692fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://yoroi.company
Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 15:55:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3396
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133916
x-xss-protection: 0
last-modified: Sun, 06 Dec 2020 23:05:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Jan 2022 15:55:03 GMT

GET
H2 200 refill Show response
yoroi.company/wp-json/contact-form-7/v1/contact-forms/223/ 2 B
554 B 192ms
192ms XHR
application/json 2606:4700:3032::ac43:a7ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://yoroi.company/wp-json/contact-form-7/v1/contact-forms/223/refill

Requested by

Host: yoroi.company
URL: https://yoroi.company/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:a7ea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nananana: Batcache-Hit
date: Wed, 13 Jan 2021 16:51:39 GMT
x-ac: 1.hhn _atomic_ams
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
host-header: WordPress.com
content-encoding: br
cf-request-id: 079e420c0500002bf696a44000000001
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
x-robots-tag: noindex
last-modified: Wed, 13 Jan 2021 16:49:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Cookie, Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qTGD8EZzHSW7mP5OT4of9wAcBTZniw6y%2BKvjFIAMmFCkahPcmOVjbGuKF7awGFl4S6oF9sHwUIJBxKhrK72aWqto%2BlllEFaeROw1HoMr4qSnosC4lXL73YOO"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=177, must-revalidate
cf-ray: 61109f8cd9b52bf6-FRA
link: <https://yoroi.company/wp-json/>; rel="https://api.w.org/"

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame F17E 0
0 37ms
37ms Document
text/html 2a00:1450:4001:817::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&co=aHR0cHM6Ly95b3JvaS5jb21wYW55OjQ0Mw..&hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&size=invisible&cb=e88atajtx0tx

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XmX/yCyQTXQJxX5ywdIzYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfTr-AUAAAAANb_RvhTeWu00N_K6josD9XFY1OD&co=aHR0cHM6Ly95b3JvaS5jb21wYW55OjQ0Mw..&hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&size=invisible&cb=e88atajtx0tx
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 13 Jan 2021 16:51:39 GMT
content-security-policy: script-src 'report-sample' 'nonce-XmX/yCyQTXQJxX5ywdIzYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10252
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 boom.gif
pixel.wp.com/ 0
51 B 49ms
16ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.109&largest_contentful_paint=2611&provider=wordpress.com&service=atomic&effective_connection_type=4g&host_name=yoroi.company&url_path=%2Fresearch%2Fdissecting-the-danabot-paylaod-targeting-italy%2F&navtime_dns=132&navtime_tcp=132&navtime_ttfb=1085&navtime_download=1088&navtime_load=2760&navtime_dcl=2507&start_render=2462&resource_size=1598953&resource_transferred=776558&js_size=387039&js_transferred=127405&resource_cache_percent=0&js_cache_percent=0&last_resource_end=2715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 16:51:41 GMT
cache-control: no-cache
server: nginx

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yoroi.company/	1970-01-19 15:22:36	Name: _gat Value: 1
.yoroi.company/	1970-01-20 08:53:48	Name: _ga Value: GA1.2.853426116.1610556699
.yoroi.company/	1970-01-19 15:24:03	Name: _gid Value: GA1.2.2101106869.1610556699
.yoroi.company/	1970-01-19 16:05:48	Name: __cfduid Value: ddd6f36207e73b677c1aeca4d5c3c118c1610556697

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/(Line 1228) Message: %c 🛡️ YOROI® 🛡️ font-weight: bold; color: #c40030; font-size: 80px; text-align: center

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.yoroi.company
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
lh3.googleusercontent.com
lh4.googleusercontent.com
lh5.googleusercontent.com
lh6.googleusercontent.com
pixel.wp.com
s0.wp.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.gstatic.com
www.yoroi.company
yoroi.company
192.0.76.3
192.0.77.32
2606:4700:3032::ac43:a7ea
2a00:1450:4001:808::200e
2a00:1450:4001:817::2004
2a00:1450:4001:818::2003
2a00:1450:4001:81b::2001
2a00:1450:4001:81f::2003
2a00:1450:4001:821::2001
2a00:1450:4001:821::200a
2a00:1450:400c:c0c::9d
2a04:4e42:1b::621
048e7b54fbc9022c80b0bf1144f55baaf814f91fe575515dbd4263634317013f
0be502b9446e16b338d36ccadac232f4a68ab74655f98fec415ccdbbccbf5729
125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
1c594062728319da3ecaa98c4c0b930b07d5e64207eb6e4987d4fcbff9134768
1dc6d2d43514d1d8956877d1f2ef347cd5abdb8ecf8e47aba59d87b8a6da49bb
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2deb67a6ea5e9e0e254330515f7aa291a07618b72715a63971274378cd4d06c4
35a207ef97e50fe3d9090292bb653b8f9a676bba3b961fd9242f97af39b8b768
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03
49cf0f2de45929d5674df4377cfc2363324674ca4dfdef454bc1dfeebcec9ca5
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981
5c970c7af1fb0206de3fe8d32a11b76569d99d7f767fa7bd29e52985c60fdb47
5d0959276e63fb586bb21ff7ac3f9deb8b3afd2c88ad5c63a2d382bcff4bd2cf
5ea057066074e145942ce7d17112e74a6f88850c8d450ada79c920e78263ee94
5fd50e41f2ce65b53589fb6ca59a03d2fc269d65db66f8c0b29fc5bc8ba84d08
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
644802cc82ff92b8581adedec7352d24721068bfc4e9b7f1186ea0ecc6387e58
64d2eaa8c46d2d1ebf43f7d4b912981136de37ba8c10d9d41f2ef6981d7314a6
65158a29c17b7bd93fcb3409b97eda74a7c090d932a9ce494adb9f82d737894d
6b66da3f27a3aa48171829b9e331147187ceb6a4f38b444808525de6bb0bf604
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cf390024b9fb02ae1756d257499f568393acc60c76ae6b13ce986a46f396e34
72056b7312d491a672a34df38cc3b593a84575235819a88239e5b8330bd5dea8
806548b84857dbb3a3243a0d7c0aedc2afd647bf96b48de90985df9591ca4a4a
818b6cee88115de0ce32e93ec25d7ff9d675199286ff470d71117a3d97b2991a
81d95e3d8d470a9de65b68baab1200d56b39a812e7717d7d294910a37d635dd3
8273f0538929ede9599e3cfea8142a252a7d0cb6dbacb230bf188490dde79d4b
865e384a0897d641d4e8c51b9be836c4121b9db2976bddfd7c8e0968e4cf69c0
8828a68fd9d2a981fd8c68640e52438e3b8770e758e09c65e83b7daad52e9083
8b7448229f8c3561d7e6afb7c80b7367dc1c583bb4ce51582ef69ddf30da43b4
9124a6fd00e218d97037cdcbc7ea4c40c73d95bd19da2a6a477789f1daa0bf7f
97470c6fac60d3431c7309907a10d67d0356b563c7bab67f7a44301d4164ac38
97982680a892d29f743ce32b99fb340cc4a186769e56380998145868781f4ebe
98619b62f2320249ce5e6850e5e5e5040d348b2f9a80467a7d0306069134d35e
ae4126f9ec48bee6d17fbbdf166edb6f35f303d7db04a6dc393a05272b3fc19a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aef711d1643073ab593de1d958ee854d6f63339cb216eda43666fb9dfcebffd0
af73c24ded3f2637540ae5b80bacf564d968a70443f4a405182fb42c8a19c91b
b9c1e1e806813a4323147dc754d9088cc1ee824a043bf330dc208bf7c5801dac
bbd10de48b5659ee4ad78af5514039eb393580d9ffc2e4cf6d9b24fb63532520
bf4d20b28de8c7f77428b24325ec3afb39b6f7e277f6b61666f3a0a17cc3b42b
c0e56f8bd6e82c69b5c90fd8b70451fe31e8a0e364825d3d51b65e1358ecae43
c63a636fec47c33c1f90b009d2f95830d3492083c04e429cda86914834714967
cbfcf009369ed480448ca6b89f9586d80ecc4d150fbe317db5a27ad43617a8c8
d51089ba164e46643145dc475cce83e53896a1e6541c68b20d841c1ab24e65b9
d947b55573f76b9876038798590599aef4ec471cd0b44a41438b02ae00fcee5b
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43a913c7075aa636be5c63efae3464858c9eaa18e9654e722b6cdbc75d12c98
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
f0328c65f6e166e8b8d66fe8f001a51e6130aaeebf2a05f37ca90bfe27ba1b41
f349f68dd834591897a2b648193d96446427a388772b17163e166c17bf4bb5f4
f6c731f6aa731a459cda50f708b166d11b299b0ac92a341c6f7b126c48a48e12
fb3b275e8321c2c87095a4f4f0fd89fbbbdbe07e6fd5191c4c8ccabfc21692fb
fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427

yoroi.company Open in urlscan Pro 2606:4700:3032::ac43:a7ea Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

100 %HTTPS

83 %IPv6

9 Domains

16 Subdomains

12 IPs

4 Countries

935 kBTransfer

2085 kBSize

4 Cookies

9 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

yoroi.company Open in urlscan Pro
2606:4700:3032::ac43:a7ea Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

100 %
HTTPS

83 %
IPv6

9
Domains

16
Subdomains

12
IPs

4
Countries

935 kB
Transfer

2085 kB
Size

4
Cookies

61 HTTP transactions
0 data transactions