URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Submission: On July 04 via api from US

Summary

This website contacted 48 IPs in 7 countries across 44 domains to perform 269 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.
This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.20.59.209 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
32 104.24.1.61 13335 (CLOUDFLAR...)
2 2a04:4e42:1b:... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
4 6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
8 216.58.210.2 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
8 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:204... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
2 2600:9000:200... 16509 (AMAZON-02)
8 2a04:4e42:3::645 54113 (FASTLY)
1 18.207.76.63 14618 (AMAZON-AES)
1 52.222.157.56 16509 (AMAZON-02)
2 52.222.157.150 16509 (AMAZON-02)
5 35.188.71.214 15169 (GOOGLE)
1 54.192.94.221 16509 (AMAZON-02)
4 3.214.45.211 14618 (AMAZON-AES)
11 172.217.21.194 15169 (GOOGLE)
3 23.22.162.56 14618 (AMAZON-AES)
1 52.222.157.91 16509 (AMAZON-02)
2 52.222.157.166 16509 (AMAZON-02)
1 91.228.74.238 27281 (QUANTCAST)
1 3 2.19.43.224 20940 (AKAMAI-ASN1)
1 23.210.250.13 16625 (AKAMAI-AS)
1 2600:9000:204... 16509 (AMAZON-02)
1 3.92.90.105 14618 (AMAZON-AES)
3 2a03:2880:f01... 32934 (FACEBOOK)
3 2a03:2880:f11... 32934 (FACEBOOK)
21 2a00:1450:400... 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
3 6 216.58.207.70 15169 (GOOGLE)
4 35.226.36.58 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 185.33.223.100 29990 (ASN-APPNEXUS)
2 2a02:fa8:8806... 41041 (VCLK-EU-)
1 54.215.180.144 16509 (AMAZON-02)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
2 34.229.36.213 14618 (AMAZON-AES)
5 208.100.17.183 32748 (STEADFAST)
2 4 173.241.240.143 36089 (OPENX-AS1)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2.18.232.130 16625 (AKAMAI-AS)
269 48
Apex Domain
Subdomains
Transfer
32 bleepstatic.com
www.bleepstatic.com
252 KB
23 doubleclick.net
googleads.g.doubleclick.net
securepubads.g.doubleclick.net
ad.doubleclick.net
114 KB
21 ampproject.org
cdn.ampproject.org
541 KB
21 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com Failed
275 KB
18 connatix.com
cdn.connatix.com
cdns.connatix.com
ck.connatix.com
core.connatix.com
rtb.connatix.com
i.connatix.com
trk.connatix.com
622 KB
11 pub.network
a.pub.network
d.pub.network
c.pub.network
ssp.pub.network Failed
217 KB
8 gstatic.com
fonts.gstatic.com
87 KB
8 google.com
www.google.com
cse.google.com
adservice.google.com
2 KB
6 consensu.org
quantcast.mgr.consensu.org
static.quantcast.mgr.consensu.org
audit.quantcast.mgr.consensu.org
api.quantcast.mgr.consensu.org
94 KB
5 tynt.com
de.tynt.com
4 adnxs.com
ib.adnxs.com
acdn.adnxs.com
2 KB
4 appspot.com
amp-error-reporting.appspot.com
256 B
4 openx.net
connatix-d.openx.net Failed
freestar-d.openx.net Failed
u.openx.net
580 B
4 googleapis.com
fonts.googleapis.com
3 KB
3 connectad.io
i.connectad.io Failed
cdn.connectad.io
643 B
3 facebook.com
www.facebook.com
526 B
3 facebook.net
connect.facebook.net
78 KB
3 scorecardresearch.com
sb.scorecardresearch.com
2 KB
3 googletagservices.com
www.googletagservices.com
66 KB
2 districtm.io
dmx.districtm.io Failed
cdn.districtm.io
2 dotomi.com
web.hb.ad.cpe.dotomi.com
1 KB
2 bfmio.com
display.bfmio.com Failed
sync.bfmio.com
2 ad-delivery.net
ad-delivery.net
1 KB
2 google-analytics.com
www.google-analytics.com
17 KB
1 postrelease.com
jadserve.postrelease.com
505 B
1 cdnjquery.com
cluster-na.cdnjquery.com
379 B
1 quantcount.com
rules.quantcount.com
1 KB
1 ntv.io
s.ntv.io
79 KB
1 quantserve.com
secure.quantserve.com
6 KB
1 videoplayerhub.com
freestar-io.videoplayerhub.com
16 KB
1 quantcast.com
privacy-api-gateway.quantcast.com
80 KB
1 google.de
adservice.google.de
171 B
1 googletagmanager.com
www.googletagmanager.com
25 KB
1 bleepingcomputer.com
www.bleepingcomputer.com
15 KB
0 brealtime.com Failed
biddr.brealtime.com Failed
edba.brealtime.com Failed
0 emxdgt.com Failed
hb.emxdgt.com Failed
0 sharethrough.com Failed
btlr.sharethrough.com Failed
0 33across.com Failed
ssc.33across.com Failed
0 rubiconproject.com Failed
fastlane.rubiconproject.com Failed
eus.rubiconproject.com Failed
0 gumgum.com Failed
g2.gumgum.com Failed
0 3lift.com Failed
tlx.3lift.com Failed
ib.3lift.com Failed
0 media.net Failed
hbx.media.net Failed
0 adtelligent.com Failed
s.adtelligent.com Failed
0 addthis.com Failed
s9.addthis.com Failed
269 44
Domain Requested by
32 www.bleepstatic.com www.bleepingcomputer.com
cdn.connatix.com
www.bleepstatic.com
pagead2.googlesyndication.com
21 cdn.ampproject.org securepubads.g.doubleclick.net
13 tpc.googlesyndication.com a.pub.network
www.bleepingcomputer.com
securepubads.g.doubleclick.net
11 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.bleepingcomputer.com
8 fonts.gstatic.com www.bleepingcomputer.com
www.bleepstatic.com
8 pagead2.googlesyndication.com www.bleepingcomputer.com
pagead2.googlesyndication.com
7 i.connatix.com www.bleepingcomputer.com
6 ad.doubleclick.net 3 redirects www.bleepingcomputer.com
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.bleepingcomputer.com
6 www.google.com 4 redirects www.bleepingcomputer.com
5 de.tynt.com a.pub.network
5 d.pub.network a.pub.network
4 u.openx.net 2 redirects a.pub.network
4 amp-error-reporting.appspot.com cdn.ampproject.org
4 c.pub.network a.pub.network
4 rtb.connatix.com cdns.connatix.com
4 fonts.googleapis.com www.bleepingcomputer.com
securepubads.g.doubleclick.net
3 www.facebook.com www.bleepingcomputer.com
connect.facebook.net
3 connect.facebook.net a.pub.network
connect.facebook.net
3 sb.scorecardresearch.com 1 redirects a.pub.network
www.bleepingcomputer.com
3 trk.connatix.com www.bleepingcomputer.com
3 www.googletagservices.com pagead2.googlesyndication.com
a.pub.network
securepubads.g.doubleclick.net
2 acdn.adnxs.com a.pub.network
2 cdn.districtm.io a.pub.network
2 cdn.connectad.io a.pub.network
2 sync.bfmio.com a.pub.network
2 web.hb.ad.cpe.dotomi.com a.pub.network
2 ib.adnxs.com a.pub.network
2 ad-delivery.net freestar-io.videoplayerhub.com
www.bleepingcomputer.com
2 audit.quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org
2 static.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
2 www.google-analytics.com www.googletagmanager.com
www.bleepingcomputer.com
2 a.pub.network www.bleepingcomputer.com
a.pub.network
1 jadserve.postrelease.com a.pub.network
1 i.connectad.io a.pub.network
1 cluster-na.cdnjquery.com freestar-io.videoplayerhub.com
1 rules.quantcount.com secure.quantserve.com
1 s.ntv.io a.pub.network
1 secure.quantserve.com a.pub.network
1 api.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 freestar-io.videoplayerhub.com a.pub.network
1 privacy-api-gateway.quantcast.com quantcast.mgr.consensu.org
1 core.connatix.com cdns.connatix.com
1 ck.connatix.com cdns.connatix.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 quantcast.mgr.consensu.org www.bleepstatic.com
1 cdns.connatix.com cdn.connatix.com
1 cse.google.com www.bleepingcomputer.com
1 www.googletagmanager.com www.bleepingcomputer.com
1 cdn.connatix.com www.bleepingcomputer.com
1 www.bleepingcomputer.com
0 edba.brealtime.com Failed www.bleepingcomputer.com
0 eus.rubiconproject.com Failed a.pub.network
0 biddr.brealtime.com Failed a.pub.network
0 ib.3lift.com Failed a.pub.network
0 dmx.districtm.io Failed a.pub.network
0 hb.emxdgt.com Failed a.pub.network
0 btlr.sharethrough.com Failed a.pub.network
0 ssc.33across.com Failed a.pub.network
0 ssp.pub.network Failed a.pub.network
0 display.bfmio.com Failed a.pub.network
0 fastlane.rubiconproject.com Failed a.pub.network
0 freestar-d.openx.net Failed a.pub.network
0 g2.gumgum.com Failed a.pub.network
0 tlx.3lift.com Failed a.pub.network
0 hbx.media.net Failed a.pub.network
0 s.adtelligent.com Failed a.pub.network
0 connatix-d.openx.net Failed cdns.connatix.com
0 s9.addthis.com Failed www.bleepingcomputer.com
269 70
Subject Issuer Validity Valid
bleepingcomputer.com
COMODO RSA Domain Validation Secure Server CA
2018-05-12 -
2020-05-17
2 years crt.sh
*.googleapis.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
ssl391376.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-06-20 -
2019-12-27
6 months crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2
2018-08-20 -
2019-10-19
a year crt.sh
*.google-analytics.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
*.google.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
ssl376957.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-07-01 -
2020-01-07
6 months crt.sh
quantcast.mgr.consensu.org
Amazon
2019-05-06 -
2020-06-06
a year crt.sh
*.quantcast.com
DigiCert SHA2 High Assurance Server CA
2018-09-06 -
2019-10-01
a year crt.sh
*.pub.network
Go Daddy Secure Certificate Authority - G2
2019-02-09 -
2020-05-16
a year crt.sh
*.videoplayerhub.com
Amazon
2018-08-01 -
2019-09-01
a year crt.sh
ad-delivery.net
Amazon
2019-03-07 -
2020-04-07
a year crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2018-10-16 -
2019-10-21
a year crt.sh
*.scorecardresearch.com
COMODO RSA Organization Validation Secure Server CA
2018-11-28 -
2019-12-26
a year crt.sh
*.ntv.io
DigiCert SHA2 Secure Server CA
2018-06-12 -
2019-12-11
a year crt.sh
*.assetbucket.net
Amazon
2018-09-26 -
2019-10-26
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-06-06 -
2019-09-04
3 months crt.sh
misc-sni.google.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
tpc.googlesyndication.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
*.doubleclick.net
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
www.google.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
*.appspot.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA
2019-01-23 -
2021-03-08
2 years crt.sh
ad.cpe.dotomi.com
GlobalSign Organization Validation CA - SHA256 - G2
2018-05-25 -
2020-05-25
2 years crt.sh
*.postrelease.com
Amazon
2019-03-27 -
2020-04-27
a year crt.sh
connectad.io
CloudFlare Inc ECC CA-2
2018-08-18 -
2019-08-18
a year crt.sh
*.bfmio.com
Go Daddy Secure Certificate Authority - G2
2016-09-05 -
2019-09-05
3 years crt.sh
*.tynt.com
COMODO RSA Domain Validation Secure Server CA
2014-10-14 -
2019-10-13
5 years crt.sh
*.openx.net
DigiCert ECC Secure Server CA
2019-02-08 -
2020-05-12
a year crt.sh
districtm.io
CloudFlare Inc ECC CA-2
2019-03-26 -
2020-03-26
a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2019-04-23 -
2020-02-19
10 months crt.sh

This page contains 33 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Frame ID: A574108E4322ED6661DADCE1644C80D3
Requests: 179 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Frame ID: 28B1B0FB6D47AC02C100E60F3F2D80EC
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Frame ID: 1CC3D3BF1A5B0921EC535B704F519A8C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20190626/r20190131/zrt_lookup.html
Frame ID: A4FEFAE03B797710F44A6F48AC3ABE16
Requests: 1 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v21/cmp-3pc-check.html
Frame ID: 904986A4BACFCB91D33C4B3A5B405118
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1562251157&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&adsid=NT&dt=1562256482487&bpp=11&bdt=247&fdt=97&idt=98&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&correlator=6460334598135&frm=20&pv=2&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=549758443520&dssz=39&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=5887&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=0&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.2axj1fxmmtpj&fsb=1&xpc=U0PhHsefNR&p=https%3A//www.bleepingcomputer.com&dtd=130
Frame ID: EF0ED97DAE8EFC8115E4600C6A415DEF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1562251157&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1562256482512&bpp=4&bdt=272&fdt=115&idt=115&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=834x500&nras=1&correlator=6460334598135&frm=20&pv=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=9345851465728&dssz=40&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=2&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=2001182872&ifi=1&uci=1.6pq7fn9uozy2&fsb=1&dtd=119
Frame ID: 0D71C788B87C2B7341616A98E5816FAA
Requests: 1 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=410295
Frame ID: 8D3CC8676FD1D877C75C7B5787EB183E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: C48727A0302DAF3B53DB6B549563560B
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: CFCF0A6ABAFD57D5845681BE1C30A3AA
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html
Frame ID: 070C52DD9384F0F7B1E5658A0FB13F57
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumCzC1-_yyii96jyTTvyPBx1qe1h56skZy95FlB1lLUWYyAGJjHhh-YRZc_T7bU7WJu7CSbP2SgRGV3clDYdLouGAjXXKd2JQKoXT03SxaikEG8-hgBnFzNMLKThkxdJJUIUqX3DEgwuwC5b-Z9uYyPnotdgO5IPsblKw7YgH5mYmBqNaDdKdaBgPnLVGdQPEep1PtMZVAztGHvdu4mKaAmy6NBO_Z0WeaJ1RBiW4kKRQKNEp7k-BsFdMmifD3MazvdvGLZK6vxuYyxmel3Nr9oCFA&sig=Cg0ArKJSzHnyqgNAWb0BEAE&urlfix=1&adurl=
Frame ID: 9A23EC5E8519FF419EFC4579FAFE6588
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: B083F5B8FBE9BA22E391BD64A39F5DA3
Requests: 12 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 942DAADE1AE9A19DFA26F2E901E8FFFC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Frame ID: 7F071698E7897CB0E8F222216787F8B4
Requests: 20 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Frame ID: 991A87C4D616EA91ACF8F71BECE3DC55
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: EC0334F1FB200603DD1184C628758D29
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=cMP4reZxWr6jPmaKlId8sQ
Frame ID: 34B661D451140E56BD214952A93293A1
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: 17F443DCA1C380AB4B86C0767F232ED4
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Frame ID: C2666AAE8B911153E4C85A3D2871949E
Requests: 1 HTTP requests in this frame

Frame: https://ib.3lift.com/sync
Frame ID: C327F91AA986E42A40ADB187D3EFCAE2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 9FC2373ED1DAF57746BA538BE5EEFAD9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 5C1FAC58F9212461011CD087879EA0FF
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1
Frame ID: B897390BED3BF01A4D6D150D6E9761E0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: F46236A13DE4EEA4D44367055C02DFC9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 9D8E2D7B758A06071B918C625DC5FB3C
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=bzPstcZxSr6lrlaKkv7mNO
Frame ID: B6FC698350503B7B41ABE6F8A6A38FB0
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxLHU2ZxSr6lrlaKkv7mNO
Frame ID: 151C02F6C5B0D505D53D23E86CC0BF7F
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 6C6AF05F5A6E149547548BC6A8E2D858
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Frame ID: DE2D3A792B703C8057E6C2DB91408639
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 1CD8672F8DB0FA7D8D0989FE79042992
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: DFCAF5476636B2455CF2A0FA76CB8453
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Frame ID: B6D39C1E3C26856481415275D5258294
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

269
Requests

72 %
HTTPS

47 %
IPv6

44
Domains

70
Subdomains

48
IPs

7
Countries

2598 kB
Transfer

6956 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Request Chain 100
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9=
Request Chain 133
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Request Chain 140
  • https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Request Chain 148
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 149
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 151
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 171
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Request Chain 261
  • https://u.openx.net/w/1.0/pd HTTP 302
  • https://u.openx.net/w/1.0/pd?cc=1
Request Chain 266
  • https://u.openx.net/w/1.0/pd HTTP 302
  • https://u.openx.net/w/1.0/pd?cc=1

269 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
70 KB
15 KB
Document
General
Full URL
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.59.209 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3cb52f528fbf03a9bb562ef0c01fd748b405de3f512835b4963075749061b6f7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.bleepingcomputer.com
:scheme
https
:path
/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 04 Jul 2019 16:08:02 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d298767da07eeee6c2d00251782414ead1562256481; expires=Fri, 03-Jul-20 16:08:01 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly session_id=8bab306436f80f57afe4a2d4836e4b7a; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=6320; expires=Sat, 03-Aug-2019 16:08:02 GMT; Max-Age=2592000; path=/;Secure
content-security-policy
upgrade-insecure-requests;
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
0
last-modified
Thu, 04 Jul 2019 14:39:17 GMT
vary
Accept-Encoding,User-Agent
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4f125b026da3d8f5-AMS
content-encoding
br
css
fonts.googleapis.com/
14 KB
897 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
e1ed25f4abd181e54349b19a94bd563692385ef339df2540abbee5638ccb3765
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 04 Jul 2019 16:08:02 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 04 Jul 2019 16:08:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:02 GMT
bootstrap.css
www.bleepstatic.com/css/redesign/
111 KB
17 KB
Stylesheet
General
Full URL
https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2634059
cf-polished
origSize=137522
status
200
cf-bgj
minify
last-modified
Fri, 23 Sep 2016 14:33:06 GMT
server
cloudflare
etag
W/"2184297232"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b06bda4d901-AMS
expires
Tue, 26 Mar 2019 04:25:05 GMT
main.css
www.bleepstatic.com/css/redesign/
51 KB
9 KB
Stylesheet
General
Full URL
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
647008
cf-polished
origSize=60842
status
200
cf-bgj
minify
last-modified
Thu, 16 Aug 2018 15:28:40 GMT
server
cloudflare
etag
W/"4249134023"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b06bda5d901-AMS
expires
Thu, 14 Mar 2019 04:21:16 GMT
home.css
www.bleepstatic.com/css/redesign/
12 KB
3 KB
Stylesheet
General
Full URL
https://www.bleepstatic.com/css/redesign/home.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2485312
cf-polished
origSize=14998
status
200
cf-bgj
minify
last-modified
Sat, 24 Mar 2018 16:18:00 GMT
server
cloudflare
etag
W/"2402535603"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b06bda8d901-AMS
expires
Wed, 27 Mar 2019 21:45:08 GMT
news.css
www.bleepstatic.com/css/redesign/
27 KB
5 KB
Stylesheet
General
Full URL
https://www.bleepstatic.com/css/redesign/news.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6d4ea4e2f95dcd77bc3acb8408f8ed9c2d9453aeafef8af9387b04e6c9a8ff9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
1225654
cf-polished
origSize=32748
status
200
cf-bgj
minify
last-modified
Mon, 28 Jan 2019 20:41:57 GMT
server
cloudflare
etag
W/"3696970514"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b06bda7d901-AMS
expires
Thu, 20 Jun 2019 11:39:31 GMT
jquery-1.11.1.min.js
www.bleepstatic.com/js/redesign/
94 KB
32 KB
Script
General
Full URL
https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 12:36:44 GMT
server
cloudflare
age
2416459
etag
W/"3647451394"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
4f125b06bdaad901-AMS
access-control-allow-origin
*
expires
Thu, 28 Mar 2019 16:53:04 GMT
news.js
www.bleepstatic.com/js/redesign/
183 B
523 B
Script
General
Full URL
https://www.bleepstatic.com/js/redesign/news.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
39181
cf-polished
origSize=247
status
200
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 15:41:46 GMT
server
cloudflare
etag
W/"4218930423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b06bdabd901-AMS
expires
Thu, 21 Mar 2019 05:10:14 GMT
connatix.renderer.infeed.min.js
cdn.connatix.com/min/
957 B
1 KB
Script
General
Full URL
https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash
af67e0e08b5bb03ee78a9ff33abfac609e968a9856b2ffeeae3d636221b6387a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
via
1.1 varnish
server
Varnish
age
0
x-cache
HIT
content-type
application/javascript
status
200
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-cache-hits
0
accept-ranges
bytes
x-timer
S1562256482.276613,VS0,VE0
content-length
957
retry-after
0
x-served-by
cache-hhn4028-HHN
qc-consent.js
www.bleepstatic.com/js/qc-consent/
3 KB
1 KB
Script
General
Full URL
https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2555784
cf-polished
origSize=3848
status
200
cf-bgj
minify
last-modified
Thu, 07 Feb 2019 13:49:44 GMT
server
cloudflare
etag
W/"3981350888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b06fe3ed901-AMS
expires
Wed, 27 Mar 2019 02:09:12 GMT
js
www.googletagmanager.com/gtag/
65 KB
25 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
db602e6da4aa64c6a1526838e73da1ed4e3ddac389322946bc961b849674cfec
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
last-modified
Thu, 04 Jul 2019 15:00:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
25539
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:02 GMT
logo.png
www.bleepstatic.com/images/site/
1 KB
1 KB
Image
General
Full URL
https://www.bleepstatic.com/images/site/logo.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
157649
cf-polished
origFmt=png, origSize=1882
status
200
content-disposition
inline; filename="logo.webp"
cf-bgj
imgq:85
content-length
1152
last-modified
Sat, 04 Mar 2017 04:12:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b070e72d901-AMS
expires
Thu, 01 Aug 2019 20:20:33 GMT
brand
cse.google.com/coop/cse/
Redirect Chain
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
3 KB
1 KB
Script
General
Full URL
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
pfe /
Resource Hash
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 15:59:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
pfe
age
536
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1181
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:29:06 GMT

Redirect headers

date
Thu, 04 Jul 2019 16:08:02 GMT
x-content-type-options
nosniff
server
sffe
location
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
266
x-xss-protection
0
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
91 KB
34 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
5dfcc2746e6dbf11b0ac1dc8823688f2cdff5b6d4afbe00e256384bfdff399c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
34389
x-xss-protection
0
server
cafe
etag
4062630801850784253
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 04 Jul 2019 16:08:02 GMT
twitter.png
www.bleepstatic.com/images/site/login/
475 B
598 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/login/twitter.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9278e008fc4edcd157a9a7b3f5dfbd75c167f405d11296e19c313dc5d052cc2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
age
924580
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b070e74d901-AMS
access-control-allow-origin
*
content-length
475
expires
Fri, 24 May 2019 23:15:26 GMT
bootstrap.js
www.bleepstatic.com/js/redesign/
44 KB
10 KB
Script
General
Full URL
https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2458392
cf-polished
origSize=65813
status
200
cf-bgj
minify
last-modified
Thu, 23 Apr 2015 12:36:43 GMT
server
cloudflare
etag
W/"3930092018"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b070e79d901-AMS
expires
Thu, 28 Mar 2019 05:13:57 GMT
blazy.min.js
www.bleepstatic.com/js/blazy/
5 KB
2 KB
Script
General
Full URL
https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Aug 2018 21:06:19 GMT
server
cloudflare
age
2446517
etag
W/"753357888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
4f125b06fe3cd901-AMS
access-control-allow-origin
*
expires
Thu, 28 Mar 2019 08:32:18 GMT
bleep.js
www.bleepstatic.com/js/redesign/
3 KB
805 B
Script
General
Full URL
https://www.bleepstatic.com/js/redesign/bleep.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2978089
cf-polished
origSize=3600
status
200
cf-bgj
minify
last-modified
Mon, 01 Oct 2018 12:47:57 GMT
server
cloudflare
etag
W/"2696894447"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b070e7bd901-AMS
expires
Fri, 22 Mar 2019 04:49:09 GMT
jquery.fancybox.js
www.bleepstatic.com/js/redesign/fancybox/
31 KB
9 KB
Script
General
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2719114
cf-polished
origSize=48706
status
200
cf-bgj
minify
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"327140449"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b070e7cd901-AMS
expires
Mon, 25 Mar 2019 04:42:04 GMT
fixto.min.js
www.bleepstatic.com/js/fixto/
8 KB
3 KB
Script
General
Full URL
https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 13 Jun 2015 21:34:42 GMT
server
cloudflare
age
37367
etag
W/"1740214911"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
4f125b070e6fd901-AMS
access-control-allow-origin
*
expires
Thu, 21 Mar 2019 05:36:11 GMT
addthis_widget.js
s9.addthis.com/js/300/
0
0

pubfig.min.js
a.pub.network/bleepingcomputer-com/
420 KB
115 KB
Script
General
Full URL
https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:bf72 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1035691a1c992c11c8b61e5c29b62d3a190131160b4bcb3f484c11bc33907d8c

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
REVALIDATED
status
200
x-guploader-uploadid
AEnB2UrhOdrHfi338fRSQU-u32E9razoYpBivsrpgEeYUQ11TzxUJ9bYglokkmiZFPBdB6qU8OssFBHAM7GQpC2yUSoTOcrb7w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Tue, 11 Jun 2019 22:45:27 GMT
server
cloudflare
etag
W/"49f07d4e8b430b939b6bd8609666b269"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=waHi9g==, md5=SfB9TotDC5Oba9hglmayaQ==
content-type
application/javascript
x-goog-generation
1560293127268491
cache-control
public, max-age=1800
x-goog-stored-content-length
430527
cf-ray
4f125b075b44971e-FRA
expires
Thu, 04 Jul 2019 16:38:02 GMT
login_bg.png
www.bleepstatic.com/images/site/
187 B
278 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/login_bg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
46f054a5c98b253c46ff84547ce118625668349700a0730724df4bb25bcf5f78

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
age
918000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b070e86d901-AMS
access-control-allow-origin
*
content-length
187
expires
Sat, 25 May 2019 01:06:01 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:13:33 GMT
server
sffe
age
2806312
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Mon, 01 Jun 2020 04:36:10 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Sun, 02 Jun 2019 16:28:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:14:03 GMT
server
sffe
age
2763551
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11020
x-xss-protection
0
expires
Mon, 01 Jun 2020 16:28:51 GMT
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
nav_bg.png
www.bleepstatic.com/images/site/
83 B
198 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/nav_bg.png
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6d408ceb31cfae3d3d87971b82e522a331aa2eb042a793223b7ec19e419c564

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Sat, 04 Mar 2017 07:57:02 GMT
server
cloudflare
age
921770
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b071eb8d901-AMS
access-control-allow-origin
*
content-length
83
expires
Fri, 24 May 2019 23:57:34 GMT
connatix.renderer.infeed.min_dc.js
cdns.connatix.com/p/1586/min/ Frame 28B1
712 KB
185 KB
Script
General
Full URL
https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e61e93c05b6569d5ee4449d783ab0403b51e8e3b65e07e5d17dec2eccf3133a2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
age
22233
x-cache
HIT, HIT
status
200
content-length
188760
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17725-DCA, cache-hhn4028-HHN
last-modified
Thu, 04 Jul 2019 09:56:12 GMT
x-timer
S1562256482.422869,VS0,VE0
etag
"ecd53711b3d8e69cb2bd06386570aa63"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
2, 2964
cmp.js
quantcast.mgr.consensu.org/
142 KB
40 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/cmp.js
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2047:fc00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
96128cdcbbf482e82bc1fb11a020de837ba5c061decb00e31705375fc325dee3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:05:16 GMT
content-encoding
gzip
last-modified
Tue, 02 Jul 2019 19:26:06 GMT
server
AmazonS3
age
460
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA53
x-amz-cf-id
6_WKQ373kSfqM6mxvAzm4_72VyffpZy8aWhT_PBckE9pWV4sYadhJg==
via
1.1 ed0c487879f809919537bf00a2f2dc8f.cloudfront.net (CloudFront)
20x20-printer.png
www.bleepstatic.com/images/site/
422 B
591 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
160363
cf-polished
origFmt=png, origSize=824
status
200
content-disposition
inline; filename="20x20-printer.webp"
cf-bgj
imgq:85
content-length
422
last-modified
Sat, 03 Oct 2015 03:18:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b072ee3d901-AMS
expires
Thu, 01 Aug 2019 19:35:19 GMT
calendar.png
www.bleepstatic.com/images/site/
129 B
233 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/calendar.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
61cb7a1fefe87904c7b02aa16c88d4b42805526d63f9d20f2f797380713e4577

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
age
322385
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b072ee5d901-AMS
access-control-allow-origin
*
content-length
129
expires
Fri, 31 May 2019 22:31:50 GMT
clock.png
www.bleepstatic.com/images/site/
252 B
413 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/clock.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
150926
cf-polished
origFmt=png, origSize=1316
status
200
content-disposition
inline; filename="clock.webp"
cf-bgj
imgq:85
content-length
252
last-modified
Fri, 29 May 2015 07:08:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b072ee6d901-AMS
expires
Thu, 01 Aug 2019 22:12:36 GMT
comment-light.png
www.bleepstatic.com/images/site/
96 B
360 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/comment-light.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
150373
cf-polished
origFmt=png, origSize=1034
status
200
content-disposition
inline; filename="comment-light.webp"
cf-bgj
imgq:85
content-length
96
last-modified
Fri, 29 May 2015 07:08:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b073ee8d901-AMS
expires
Thu, 01 Aug 2019 22:21:49 GMT
32x32-printer.png
www.bleepstatic.com/images/site/
256 B
472 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
160936
cf-polished
origFmt=png, origSize=618
status
200
content-disposition
inline; filename="32x32-printer.webp"
cf-bgj
imgq:85
content-length
256
last-modified
Fri, 02 Oct 2015 21:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b073eefd901-AMS
expires
Thu, 01 Aug 2019 19:25:46 GMT
71f54ec34151fbdfe89e478d7b6e5ddf.jpg
www.bleepstatic.com/author/photos/
5 KB
5 KB
Image
General
Full URL
https://www.bleepstatic.com/author/photos/71f54ec34151fbdfe89e478d7b6e5ddf.jpg
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a6bfabe65ca353e4359be32e10d40b8b514590b536dd93499bc1067e4bf6329

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
1337494
cf-polished
origSize=6170, status=webp_bigger
status
200
cf-bgj
imgq:85
content-length
4965
last-modified
Wed, 02 Jan 2019 02:04:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b073ef6d901-AMS
expires
Thu, 21 Mar 2019 04:08:12 GMT
h4-bg.png
www.bleepstatic.com/images/site/
72 B
169 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/h4-bg.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bb3aaeb6bd2ba6d6c88f1497a5b86b2dba5ed0a39dcdbe82ee94dd06990e146

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
age
921359
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b073ef8d901-AMS
access-control-allow-origin
*
content-length
72
expires
Sat, 25 May 2019 00:08:06 GMT
news_email_icon.png
www.bleepstatic.com/images/site/
126 B
294 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer
https://www.bleepstatic.com/css/redesign/home.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
160332
cf-polished
origFmt=png, origSize=1105
status
200
content-disposition
inline; filename="news_email_icon.webp"
cf-bgj
imgq:85
content-length
126
last-modified
Fri, 29 May 2015 07:10:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b073efbd901-AMS
expires
Thu, 01 Aug 2019 19:35:50 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 03 Jun 2019 02:07:31 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:14:42 GMT
server
sffe
age
2728831
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11180
x-xss-protection
0
expires
Tue, 02 Jun 2020 02:07:31 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Tue, 25 Jun 2019 12:04:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:12:38 GMT
server
sffe
age
792209
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Wed, 24 Jun 2020 12:04:33 GMT
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Jun 2019 21:35:04 GMT
server
Golfe2
age
6024
date
Thu, 04 Jul 2019 14:27:38 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17707
expires
Thu, 04 Jul 2019 16:27:38 GMT
news_footer_icon.png
www.bleepstatic.com/images/site/
186 B
309 B
Image
General
Full URL
https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
371e60eaea3df0bf53403a81ca0d49fad4e0c08dca679cf6a85300da15bf3208

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
age
1016763
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b075f5cd901-AMS
access-control-allow-origin
*
content-length
186
expires
Thu, 23 May 2019 21:41:26 GMT
integrator.js
adservice.google.de/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
104
x-xss-protection
0
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/
212 KB
79 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
b48a23e0a21cd52b881ce9db2678b6fef30f6d113f7dac0702accd0b54535cab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
80313
x-xss-protection
0
server
cafe
etag
3793796546524103168
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jul 2019 16:08:02 GMT
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/ Frame 1CC3
212 KB
79 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
b48a23e0a21cd52b881ce9db2678b6fef30f6d113f7dac0702accd0b54535cab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
80313
x-xss-protection
0
server
cafe
etag
3793796546524103168
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 04 Jul 2019 16:08:02 GMT
ca-pub-0920899300397823.js
pagead2.googlesyndication.com/pub-config/r20160913/
108 B
270 B
Script
General
Full URL
https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-0920899300397823.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
sffe /
Resource Hash
617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 09:42:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 30 Jun 2019 19:19:18 GMT
server
sffe
age
23150
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=43200
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
118
x-xss-protection
0
expires
Thu, 04 Jul 2019 21:42:12 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190626/r20190131/ Frame A4FE
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20190626/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20190626/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 26 Jun 2019 23:46:27 GMT
expires
Wed, 10 Jul 2019 23:46:27 GMT
content-type
text/html; charset=UTF-8
etag
10335953366553691058
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
7044
x-xss-protection
0
cache-control
public, max-age=1209600
age
663695
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
gen_204
pagead2.googlesyndication.com/pagead/
0
60 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=rmvasft&code=ldr&branch=cntr
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:02 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v21/ Frame 9049
0
0
Document
General
Full URL
https://static.quantcast.mgr.consensu.org/v21/cmp-3pc-check.html
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:200c:3c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
static.quantcast.mgr.consensu.org
:scheme
https
:path
/v21/cmp-3pc-check.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
content-type
text/html
content-length
583
last-modified
Tue, 02 Jul 2019 19:26:03 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
server
AmazonS3
date
Thu, 04 Jul 2019 16:07:38 GMT
etag
"2382c3f01978a379e8fa8bc1a3bec605"
age
366
x-cache
Hit from cloudfront
via
1.1 f2cdeae9faa9c871a27c20811b04af58.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2
x-amz-cf-id
5xpNT2P0cFJGVzvD2C97UPV3W88VsaspoJonddYlREyKS0sZ7Bmzvw==
g
ck.connatix.com/
46 B
235 B
Script
General
Full URL
https://ck.connatix.com/g?callback=cnxJSONP_0c435d0bff0945e9b3121562256482537
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash
b72f6419c4486301a876a6cd4ad048c88c327e50b4b070eea8b785441a0ce2ee

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
via
1.1 varnish
server
Varnish
age
0
x-cache
HIT
status
200
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-cache-hits
0
accept-ranges
bytes
x-timer
S1562256483.568009,VS0,VE0
content-length
46
retry-after
0
x-served-by
cache-fra19131-FRA
TA505.jpg
www.bleepstatic.com/content/hl-images/2019/07/04/
65 KB
65 KB
Image
General
Full URL
https://www.bleepstatic.com/content/hl-images/2019/07/04/TA505.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e07b2c10204d548f9f08029da2c672bbe9b92ad7ec0a4a664cd5d9410ff2d32f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
5276
cf-polished
qual=85, origFmt=jpeg, origSize=136558
status
200
content-disposition
inline; filename="TA505.webp"
cf-bgj
imgq:85
content-length
66444
last-modified
Thu, 04 Jul 2019 13:19:27 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b07f8dad901-AMS
expires
Sat, 03 Aug 2019 14:40:06 GMT
292x176_Microsoft_Your_Phone_App.jpg
www.bleepstatic.com/content/hl-images/2019/04/26/thumb/
3 KB
3 KB
Image
General
Full URL
https://www.bleepstatic.com/content/hl-images/2019/04/26/thumb/292x176_Microsoft_Your_Phone_App.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c10ffebccfabdd702d6b76848d941d711f0bd3b48b621f780f33ee9968754d1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
43265
cf-polished
qual=85, origFmt=jpeg, origSize=4265
status
200
content-disposition
inline; filename="292x176_Microsoft_Your_Phone_App.webp"
cf-bgj
imgq:85
content-length
2854
last-modified
Fri, 26 Apr 2019 11:13:26 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b07f8dcd901-AMS
expires
Sat, 03 Aug 2019 04:06:57 GMT
292x176_cloudflare-logo-dark.jpg
www.bleepstatic.com/content/hl-images/2018/10/03/thumb/
4 KB
4 KB
Image
General
Full URL
https://www.bleepstatic.com/content/hl-images/2018/10/03/thumb/292x176_cloudflare-logo-dark.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a93d3ad73d2765c2bd1ab5347bd34a79c0e010df089d0db7bd56d6ae12d823c8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
age
38933
cf-polished
qual=85, origFmt=jpeg, origSize=5621
status
200
content-disposition
inline; filename="292x176_cloudflare-logo-dark.webp"
cf-bgj
imgq:85
content-length
3732
last-modified
Wed, 03 Oct 2018 15:17:57 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b07f8ded901-AMS
expires
Sat, 03 Aug 2019 05:19:09 GMT
jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
2412107
cf-polished
origSize=4895
status
200
cf-bgj
minify
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"9108074"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b0808dfd901-AMS
expires
Thu, 28 Mar 2019 18:04:30 GMT
font-awesome.css
www.bleepstatic.com/css/redesign/
22 KB
5 KB
Stylesheet
General
Full URL
https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
br
cf-cache-status
HIT
age
125711
cf-polished
origSize=26776
status
200
cf-bgj
minify
last-modified
Tue, 03 May 2016 04:39:29 GMT
server
cloudflare
etag
W/"1700274315"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
4f125b0808e0d901-AMS
expires
Wed, 03 Jul 2019 05:12:31 GMT
collect
www.google-analytics.com/r/
35 B
105 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j77&a=697304623&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ul=en-us&de=UTF-8&dt=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1385617556&gjid=1079698038&cid=222572338.1562256483&tid=UA-91740-1&_gid=862092559.1562256483&_r=1&gtm=2ou6k2&z=857878988
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
cmpui-popup.js
static.quantcast.mgr.consensu.org/v21/
171 KB
52 KB
Script
General
Full URL
https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:200c:3c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
15b71fd1d87bc6d1e6ac7a19bd6e6da0fb324a76864fb566ba2bf528e94941cd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 15:53:51 GMT
content-encoding
gzip
last-modified
Tue, 02 Jul 2019 19:26:02 GMT
server
AmazonS3
age
1648
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-cf-pop
FRA2
x-amz-cf-id
YEGa4vAOOQcqAWnNyGcXe1RvalyJEvosvovKLMM2-1DojKQDs7DG7A==
via
1.1 f2cdeae9faa9c871a27c20811b04af58.cloudfront.net (CloudFront)
pls
core.connatix.com/ Frame 28B1
6 KB
3 KB
Script
General
Full URL
https://core.connatix.com/pls?callback=jQuery321003990707453776676_1562256482534&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_v=1586_0_0_0_0&page_guid=48a814491ee745ef9ac71562256482571&spp=1&_=1562256482535
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.207.76.63 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-18-207-76-63.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e962fbdcbe0d66991b76f745535acba510e20197df301f5658bcb5774cbe44fb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
server
nginx/1.12.2
access-control-allow-origin
*
fontawesome-webfont.woff
www.bleepstatic.com/fonts/
64 KB
64 KB
Font
General
Full URL
https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 09:36:00 GMT
server
cloudflare
age
6958
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
status
200
accept-ranges
bytes
cf-ray
4f125b0a2a2dd8bd-AMS
access-control-allow-origin
*
content-length
65452
ads
googleads.g.doubleclick.net/pagead/ Frame EF0E
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1562251157&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&adsid=NT&dt=1562256482487&bpp=11&bdt=247&fdt=97&idt=98&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&correlator=6460334598135&frm=20&pv=2&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=549758443520&dssz=39&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=5887&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=0&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.2axj1fxmmtpj&fsb=1&xpc=U0PhHsefNR&p=https%3A//www.bleepingcomputer.com&dtd=130
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0920899300397823&output=html&h=500&slotname=4359266829&adk=3764243768&adf=155314479&w=834&cr_col=4&cr_row=2&fwrn=2&lmt=1562251157&rafmt=9&guci=1.2.0.0.2.2.0.0&format=834x500&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&adsid=NT&dt=1562256482487&bpp=11&bdt=247&fdt=97&idt=98&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&correlator=6460334598135&frm=20&pv=2&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=549758443520&dssz=39&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=208&ady=5887&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=0&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=144&bc=31&osw_key=3733268371&ifi=1&uci=1.2axj1fxmmtpj&fsb=1&xpc=U0PhHsefNR&p=https%3A//www.bleepingcomputer.com&dtd=130
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 04 Jul 2019 16:08:02 GMT
server
cafe
content-length
11572
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 04-Jul-2019 16:23:02 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
expires
Thu, 04 Jul 2019 16:08:02 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
75 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3f479d74e8907a3aeaeae2931a63c6362b0134448a44b50e9913ce22440fa607
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1562152391643339"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
28126
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:02 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0D71
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1562251157&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1562256482512&bpp=4&bdt=272&fdt=115&idt=115&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=834x500&nras=1&correlator=6460334598135&frm=20&pv=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=9345851465728&dssz=40&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=2&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=2001182872&ifi=1&uci=1.6pq7fn9uozy2&fsb=1&dtd=119
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20190626/r20190131/show_ads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1562251157&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1562256482512&bpp=4&bdt=272&fdt=115&idt=115&shv=r20190626&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=834x500&nras=1&correlator=6460334598135&frm=20&pv=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&ga_fc=0&iag=0&icsg=9345851465728&dssz=40&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040012%2C21060853&oid=3&rx=0&eae=2&fc=912&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=2001182872&ifi=1&uci=1.6pq7fn9uozy2&fsb=1&dtd=119
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 04 Jul 2019 16:08:02 GMT
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 04-Jul-2019 16:23:02 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
expires
Thu, 04 Jul 2019 16:08:02 GMT
cache-control
private
gvl-proxy
privacy-api-gateway.quantcast.com/
80 KB
80 KB
XHR
General
Full URL
https://privacy-api-gateway.quantcast.com/gvl-proxy?version=
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.56 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-56.fra53.r.cloudfront.net
Software
/
Resource Hash
0403883673c91b0c6dc85b135e6f222f76d1150a76b701a694389fe7151c97d3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53
x-amzn-requestid
e6b1b996-9e75-11e9-b4f2-dd030cd01dd5
status
200
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-5d1e2463-e4f6c76e8f826f2834b71ba0;Sampled=0
x-amz-apigw-id
cTqfeGLxPHcF7yg=
content-length
81917
x-amz-cf-id
-yjqh19Qdcz0Pvv7gPLOkfrIuhBgAavhh0_hpfx9OTTe6YvTQqr08A==
/
audit.quantcast.mgr.consensu.org/
80 B
485 B
XHR
General
Full URL
https://audit.quantcast.mgr.consensu.org/?log=;1562256482642;BleepingComputer.com;;;;;;p,off,false,,1,en;CMP_Display:initializationdisplay,;Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36
Requested by
Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-150.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 04 Jul 2019 08:07:54 GMT
via
1.1 23082ff4de65f70078e091bc7cd0cf24.cloudfront.net (CloudFront)
vary
Origin
age
30928
x-cache
Hit from cloudfront
status
200
content-length
80
last-modified
Mon, 11 Jun 2018 22:07:34 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA53
accept-ranges
bytes
x-amz-cf-id
EKy_uzo3CIJS7c_CGPWfC8sQHk-PLFch87d8_GQuPmuG-mQoDSy2YQ==
cookie
d.pub.network/
36 B
527 B
XHR
General
Full URL
https://d.pub.network/cookie
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
63540aac55b3e3ecc7561344b838c133d62ea472eb05b0b95e94ff51a22b4ffc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials
true
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
gallery.js
freestar-io.videoplayerhub.com/
65 KB
16 KB
Script
General
Full URL
https://freestar-io.videoplayerhub.com/gallery.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.94.221 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-94-221.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f9a20eea35d6b06258e603fb2d5d3258f81a91269676d134d122784035b201e6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
ls2azlSsMmoE.w_cz9eSngF2qYZztiO_
Content-Encoding
gzip
Last-Modified
Wed, 03 Jul 2019 18:34:49 GMT
Server
AmazonS3
Age
28
Date
Thu, 04 Jul 2019 16:07:51 GMT
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 ddd91cf4cd1b9310c0aee8953bc042e2.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA2
Connection
keep-alive
X-Amz-Cf-Id
WtXy9lTo6DIQvL59xTddnL8BrQL-yE0OsVbUCAlUahqbRfeXOn-l2A==
gpt.js
www.googletagservices.com/tag/js/
34 KB
11 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
59bd02350871b22df229e164c348ca96bd780f3af752920d54c12af1e90753d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"210 / 768 of 1000 / last-modified: 1562182658"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
11303
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:03 GMT
prebid-analytics-1.33.5.js
a.pub.network/core/
323 KB
97 KB
Script
General
Full URL
https://a.pub.network/core/prebid-analytics-1.33.5.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:bf72 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a6ac1e8519aa132772c1f732514d4a2cbcd2143a90710b7656bc23024b4c85c

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
content-encoding
br
cf-cache-status
MISS
status
200
x-guploader-uploadid
AEnB2Up6-mBH6iLtXhktJ0sonRgxCvDuIXvKn8zQMtFdeVLan8EOjjMIr1mqhHoXrFXMFpB3mL7QeVe-7yn3yoniLUQ8cqVCkw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
last-modified
Wed, 13 Mar 2019 15:07:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=xB2m2g==, md5=LUwj9S7PGmAQITSf93OXew==
content-type
text/html
x-goog-generation
1552489625640716
cache-control
public, max-age=31536000
x-goog-stored-content-length
330336
cf-ray
4f125b0ab8ba971e-FRA
expires
Fri, 03 Jul 2020 16:08:03 GMT
location
d.pub.network/
60 B
379 B
XHR
General
Full URL
https://d.pub.network/location
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
d763d322ed475baf9cc5d20ba7afc366affb34d3d059e4dd1c1825d5598c05cb

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
truncated
/
175 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
715 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
g
rtb.connatix.com/
95 B
290 B
Script
General
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=469&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=d42b42751b31ce5390a71562256483056&req_no=0&v=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_6ad89d71e273a5ada4ad1562256483056
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-214-45-211.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e1b6e0c08fd7396b3e41066605eb8525aa766d9723f9d7befafff9230dce1138

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:13 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
111
192.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/
55 KB
55 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/192.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
81825367feca0c5a8a82d656d4005c35f6810b2ba79b5f762dc6d8d52a5aee65

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 varnish, 1.1 varnish
age
72506
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
2, 1
accept-ranges
bytes
x-timer
S1562256483.068893,VS0,VE3
access-control-allow-origin
*
content-length
56277
x-served-by
cache-sjc3147-SJC, cache-fra19131-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/585e8737-0d24-4773-b869-3456a37442a0/
71 KB
71 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-uploads/585e8737-0d24-4773-b869-3456a37442a0/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
997f05063c2d0432532617092401abf909c6bfec2f334a0866ea69f62dc7dee4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 varnish, 1.1 varnish
age
72506
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1562256483.069021,VS0,VE3
access-control-allow-origin
*
content-length
72456
x-served-by
cache-sjc3150-SJC, cache-fra19131-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/cbe77c62-0484-49a6-b566-bb09ec04e44e/
19 KB
20 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-uploads/cbe77c62-0484-49a6-b566-bb09ec04e44e/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
8e954013ce3d11bb4a2d90be6031b5b5791042d9c2342b5217919400f97d1d67

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 varnish, 1.1 varnish
age
72506
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
2, 5
accept-ranges
bytes
x-timer
S1562256483.068974,VS0,VE3
access-control-allow-origin
*
content-length
19888
x-served-by
cache-sjc3123-SJC, cache-fra19131-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/1528a1e0-b56d-48f1-b1da-ab48bbc132dc/
77 KB
77 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-uploads/1528a1e0-b56d-48f1-b1da-ab48bbc132dc/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
dfbcd1d3294ae6081667312698549af43eb228cfc9420f8a0cace7fde85024c7

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 varnish, 1.1 varnish
age
72506
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1562256483.069003,VS0,VE4
access-control-allow-origin
*
content-length
78856
x-served-by
cache-sjc3133-SJC, cache-fra19131-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/91f46b7c-f890-4f30-a148-c48616c0a485/
101 KB
101 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-uploads/91f46b7c-f890-4f30-a148-c48616c0a485/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
9dddc21cf89952794214b58f9ec5cc841ec6525bc7f8facf5515e851898d7930

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 varnish, 1.1 varnish
age
72506
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 1
accept-ranges
bytes
x-timer
S1562256483.069020,VS0,VE8
access-control-allow-origin
*
content-length
103456
x-served-by
cache-sjc3131-SJC, cache-fra19131-FRA
1.jpg
i.connatix.com/s3/connatix-uploads/2f38ede3-6035-4690-8160-3eed2ff5abfe/
86 KB
86 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-uploads/2f38ede3-6035-4690-8160-3eed2ff5abfe/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
617c4b646dbae0aed90fabe2e8a98b09b57cd32ba518dfcb276dbd12fa86d9dc

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
via
1.1 varnish, 1.1 varnish
age
72506
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
2, 1
accept-ranges
bytes
x-timer
S1562256483.069047,VS0,VE4
access-control-allow-origin
*
content-length
88426
x-served-by
cache-sjc3141-SJC, cache-fra19131-FRA
bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/
7 KB
7 KB
Image
General
Full URL
https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.1.61 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
cf-cache-status
HIT
age
160332
cf-polished
origFmt=png, origSize=15281
status
200
content-disposition
inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj
imgq:85
content-length
7156
last-modified
Wed, 07 Jan 2015 22:52:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
4f125b0b2f97d901-AMS
expires
Thu, 01 Aug 2019 19:35:51 GMT
0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame 28B1
23 KB
21 KB
Image
General
Full URL
https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
content-encoding
gzip
age
9739712
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
4, 316
accept-ranges
bytes
x-timer
S1562256483.090281,VS0,VE0
access-control-allow-origin
*
content-length
21768
via
1.1 varnish, 1.1 varnish
x-served-by
cache-sjc3151-SJC, cache-fra19131-FRA
av
connatix-d.openx.net/v/1.0/ Frame 28B1
0
0

g
rtb.connatix.com/
91 B
284 B
Script
General
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=e7e6f2a27804eeb6bced1562256483070&req_no=1&v=2&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_3dbedcce80a2cbf5a8601562256483070
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-214-45-211.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
aa31bb772fdd92bb221e655d1e2a35355f81dd46596ec916c93b2363d6cec339

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:13 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
105
pubads_impl_2019062401.js
securepubads.g.doubleclick.net/gpt/
150 KB
55 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
e0f09beb5ea460cffea7b53b219f1e88baf6a0c9c2d125294652998209addc15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jun 2019 13:05:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
56392
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:03 GMT
r
trk.connatix.com/ Frame 28B1
0
153 B
Image
General
Full URL
https://trk.connatix.com/r?connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&videoID=639404&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.162.56 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-22-162-56.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:07 GMT
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
0
sync.html
s.adtelligent.com/ Frame 8D3C
0
0

v2
d.pub.network/floors/
1 KB
2 KB
XHR
General
Full URL
https://d.pub.network/floors/v2?key=535desktop
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
484df960f879a28860a2cb182c0e717fda77babf0d4378343ba63723cc948649

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
clr
trk.connatix.com/ Frame 28B1
0
153 B
Image
General
Full URL
https://trk.connatix.com/clr?c_vid=639404&id_cl=35ab2cb94b538b8693921562256483031&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.162.56 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-22-162-56.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:07 GMT
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
0
CookieAccess
api.quantcast.mgr.consensu.org/
30 B
592 B
XHR
General
Full URL
https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.91 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-91.fra53.r.cloudfront.net
Software
/
Resource Hash
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 04 Jul 2019 16:08:03 GMT
content-encoding
gzip
x-amz-cf-pop
FRA53
x-amzn-requestid
e706b741-9e75-11e9-8d30-29f37c3e5186
x-cache
Error from cloudfront
status
404
x-amz-apigw-id
cTqfjG-SoAMFm0Q=
content-length
50
access-control-allow-origin
https://www.bleepingcomputer.com
x-amzn-trace-id
Root=1-5d1e2463-3eba02a04112fb80c84887ec;Sampled=0
vary
Origin
access-control-allow-methods
GET, POST
content-type
application/json
via
1.1 ec27b2a550cb7db6ef54f74603010b29.cloudfront.net (CloudFront)
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
x-amz-cf-id
8ZU8uzibmHQtQ8BMnkplIweuc0lYfe9eG68kqMQo6eIoVlcjLbhiow==
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
/
audit.quantcast.mgr.consensu.org/
80 B
485 B
XHR
General
Full URL
https://audit.quantcast.mgr.consensu.org/?log=;1562256483940;BleepingComputer.com;;;;;;p,off,false,,1,en;Shown,;Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36
Requested by
Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-150.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

date
Sun, 05 May 2019 01:42:24 GMT
via
1.1 23082ff4de65f70078e091bc7cd0cf24.cloudfront.net (CloudFront)
vary
Origin
age
18359
x-cache
Hit from cloudfront
status
200
content-length
80
last-modified
Mon, 11 Jun 2018 22:07:34 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA53
accept-ranges
bytes
x-amz-cf-id
BOX17XFgFn5jJafeqL_9crG9HrBG0Ztd-fHWkKTD3NaRTLDdjFBw_A==
beacon.js
ad-delivery.net/
1 KB
983 B
Script
General
Full URL
https://ad-delivery.net/beacon.js
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.166 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-166.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
last-modified
Tue, 31 Jan 2017 15:06:54 GMT
server
AmazonS3
age
3305
date
Thu, 04 Jul 2019 15:13:00 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
FRA53
x-amz-cf-id
ePgwcL18eQx5pGh9z-s99n1x0IR5n0vrgmJHaB_YTDUQd30tUkvsuw==
via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
ads
securepubads.g.doubleclick.net/gampad/
165 KB
21 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=328194120199512&correlator=2543648827122582&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21062797%2C21063636%2C21063817%2C21063991%2C21064055%2C21064076&vrg=2019062401&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190704&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1562251157&dt=1562256484428&dlt=1562256482241&idt=889&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C7211%2C322%2C1131%2C5788%2C7717%2C1656&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&dssz=47&icsg=600333359783936&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x7718%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&blev=1&bisch=1&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&fws=4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
13fb0f2063e0add7533ab42e3da469b39750272c7e7d5f0c9036e962477e9e40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 04 Jul 2019 16:08:04 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,94808,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
21826
x-xss-protection
0
google-lineitem-id
-1,-2,-1,-1,-2,4893662829,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-2,-1,-1,-2,138254592126,-1
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2019062401.js
securepubads.g.doubleclick.net/gpt/
66 KB
25 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
24bc4ac03a5f89c3d38f9e173dc4a03fef2adb635d628f0341198b8d00548c5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 24 Jun 2019 13:05:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
25543
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:04 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/
0
0

quant.js
secure.quantserve.com/
12 KB
6 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.238 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software
QS /
Resource Hash
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 16:08:04 GMT
Content-Encoding
gzip
Last-Modified
Thu, 04-Jul-2019 16:08:04 GMT
Server
QS
ETag
M0-e2b9884a
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=604800
Connection
keep-alive
Content-Length
5456
Expires
Thu, 11 Jul 2019 16:08:04 GMT
bxl.js
hbx.media.net/
0
0

beacon.js
sb.scorecardresearch.com/
1 KB
1 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.43.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-43-224.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 16:08:04 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
901
Expires
Fri, 05 Jul 2019 16:08:04 GMT
load.js
s.ntv.io/serve/
270 KB
79 KB
Script
General
Full URL
https://s.ntv.io/serve/load.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.250.13 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-210-250-13.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7c10ea3dddd1f12b4086c60b9512bf7f6a71b4a5164dc484df9d70ad77d3f613

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 16:08:11 GMT
Content-Encoding
gzip
x-amz-request-id
172D8C1513C3E8E3
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
x-amz-id-2
C0e7Iu7+VCYvd5niRPipWGJVkWTNf8Gpfu0mkyLPlXfaAxyiAvTkOs5xDLadckiovpAzBq/LMd4=
Last-Modified
Wed, 03 Jul 2019 02:59:45 GMT
Server
AmazonS3
ETag
"e17b083ceffa2f21f559afc4746efcd6"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
null
d.pub.network/rfm/cookie/
3 B
321 B
XHR
General
Full URL
https://d.pub.network/rfm/cookie/null
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
classification
d.pub.network/
3 B
321 B
XHR
General
Full URL
https://d.pub.network/classification?siteId=535&pageUrl=https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:04 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3...
0
248 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.43.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-19-43-224.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2019 16:08:04 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1562256484507&ns_c=UTF-8&cv=3.1&c8=New%20Backdoor%20and%20Malware%20Downloader%20Used%20in%20TA505%20Spam%20Campaigns&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c9=
Pragma
no-cache
Date
Thu, 04 Jul 2019 16:08:04 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
rules-p-UeXruRVtZz7w6.js
rules.quantcount.com/
2 KB
1 KB
Script
General
Full URL
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2047:7c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 15:53:27 GMT
content-encoding
gzip
last-modified
Thu, 07 Dec 2017 17:06:25 GMT
server
AmazonS3
age
886
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
FRA53
x-amz-cf-id
nY5PuM_xKVj8u6cxizzVb6tN8NP2Y-kdygrBBYBs8Sxai11wqf7Z_A==
via
1.1 a56a2e7149e67774870adaf614e87aa1.cloudfront.net (CloudFront)
jquery.color-2.1.2.min.js
cluster-na.cdnjquery.com/color/
136 B
379 B
Script
General
Full URL
https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=sha256_H28SdxWrZ387Ldn0qogCzFiUDDxfPiNIyJX7BECQkDE&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%22ee912663-7d7c-f1c1-8c63-767fdd8ed69a%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.92.90.105 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-92-90-105.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
aecba7ee3870c0d979df93f73bd566149bef7cc74cd1f3894751cef44a217340
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 16:08:05 GMT
Content-Encoding
gzip
Server
nginx/1.12.1
ETag
W/"88-t+IXrzn28oO9Zii6R9GUjy0i75M"
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Charset
utf8
Connection
keep-alive
Content-Length
106
px.gif
ad-delivery.net/
43 B
383 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.31652776252388737
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.166 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-166.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
last-modified
Thu, 27 Jul 2017 18:59:05 GMT
server
AmazonS3
age
44181
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache
Hit from cloudfront
content-type
image/gif
status
200
date
Thu, 04 Jul 2019 04:51:57 GMT
x-amz-cf-pop
FRA53
accept-ranges
bytes
content-length
43
x-amz-cf-id
OE1NdVTkolziLwBMEge5KsmqIq5OjMjJwrOse1eclfxkTUb0VQ475g==
fbevents.js
connect.facebook.net/en_US/
53 KB
17 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
657f79c4d5a6ea502202651151811d195b49cf9cf22fd7f8edaeefe2f8cc8fc4
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
16120
x-xss-protection
0
pragma
public
x-fb-debug
S74ZR7+Bun5K6rwq3c8QyxMSxU1eO5vVxN059yb2+G9egWEmlwCnzdqvCj8EkFQH7w783EiDTWgBF++sfVSrpg==
x-fb-trip-id
997090344
date
Thu, 04 Jul 2019 16:08:04 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
134240187179576
connect.facebook.net/signals/config/
228 KB
61 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/134240187179576?v=2.8.51&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
8d9c3e3cfba892b2954a9c28ec67162355632750aa8b45d55323b04bc29ae61b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
61414
x-xss-protection
0
pragma
public
x-fb-debug
tfdtGaW4FqDMXm1FohT9htnSae8ZOYae2yGLkX9AopNKSYbgho0jzVnIP73tInUFKj/KkhyGrQXsqqLPNwk8PQ==
x-fb-trip-id
997090344
date
Thu, 04 Jul 2019 16:08:04 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
inferredEvents.js
connect.facebook.net/signals/plugins/
1 KB
897 B
Script
General
Full URL
https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.8.51
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
772
x-xss-protection
0
pragma
public
x-fb-debug
Nasu1IoBmM+TAmGyrfJyAHwvcx9RIH8931DS29i6FM56xuS7bRSz4jacqfdfAWH/2iWo+Mwi1/HpA+hl1Tt6Pg==
x-fb-trip-id
997090344
date
Thu, 04 Jul 2019 16:08:04 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
325 B
Image
General
Full URL
https://www.facebook.com/tr/?id=134240187179576&ev=PageView&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&rl=&if=false&ts=1562256484913&sw=1600&sh=1200&v=2.8.51&r=stable&ec=0&o=30&fbp=fb.1.1562256484912.816602121&it=1562256484852&coo=false&rqm=GET
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:04 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 04 Jul 2019 16:08:04 GMT
/
www.facebook.com/tr/
44 B
201 B
Image
General
Full URL
https://www.facebook.com/tr/?id=134240187179576&ev=ViewContent&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&rl=&if=false&ts=1562256484915&cd[freestar]=b640f9dd-b801-4882-bf19-ea168755b7b9&cd[client]=392&cd[site]=535&cd[page]=08e731c8279655e953399c839d4b9e5d&sw=1600&sh=1200&v=2.8.51&r=stable&ec=1&o=30&fbp=fb.1.1562256484912.816602121&it=1562256484852&coo=false&rqm=GET
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:04 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Thu, 04 Jul 2019 16:08:04 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/011906111828200/
21 KB
7 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
642c8587ff06ea6a9e3721711e6614013a1bc8de1b3bd4858b0d1354c94ff90c
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
776299
status
200
date
Tue, 25 Jun 2019 16:29:46 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
7448
x-xss-protection
0
server
sffe
etag
"1cc596a9ee26a2dc"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Wed, 24 Jun 2020 16:29:46 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/011906111828200/ Frame C487
280 KB
75 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1277563
status
200
date
Wed, 19 Jun 2019 21:15:22 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
76683
x-xss-protection
0
server
sffe
etag
"aa77f575ea191da7"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 18 Jun 2020 21:15:22 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487
13 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684338
status
200
date
Wed, 26 Jun 2019 18:02:27 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
4947
x-xss-protection
0
server
sffe
etag
"ce2100eb3b0bf746"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:27 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487
142 KB
39 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1770908
status
200
date
Fri, 14 Jun 2019 04:12:57 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
39575
x-xss-protection
0
server
sffe
etag
"7fabe51ad24fb167"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Sat, 13 Jun 2020 04:12:57 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487
4 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
785681
status
200
date
Tue, 25 Jun 2019 13:53:24 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1469
x-xss-protection
0
server
sffe
etag
"26f329c266c7e32f"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Wed, 24 Jun 2020 13:53:24 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame C487
42 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684337
status
200
date
Wed, 26 Jun 2019 18:02:28 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
13486
x-xss-protection
0
server
sffe
etag
"78de12916ef67b51"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:28 GMT
css
fonts.googleapis.com/ Frame C487
7 KB
724 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
2450e4fd2687e1fe032d4931d6b21a25ef94c80b5bf6baa2ca6e903c861e72da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 04 Jul 2019 16:08:05 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 04 Jul 2019 16:08:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:05 GMT
truncated
/ Frame C487
219 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2bba8b27dfb6064a073f6fba80af3652569b766a8b5a0b44477ec6eea076ecbf

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-v0.js
cdn.ampproject.org/rtv/011906111828200/ Frame CFCF
280 KB
75 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684338
status
200
date
Wed, 26 Jun 2019 18:02:27 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
76683
x-xss-protection
0
server
sffe
etag
"aa77f575ea191da7"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:27 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF
13 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1463596
status
200
date
Mon, 17 Jun 2019 17:34:49 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
4947
x-xss-protection
0
server
sffe
etag
"ce2100eb3b0bf746"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Tue, 16 Jun 2020 17:34:49 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF
142 KB
39 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1770908
status
200
date
Fri, 14 Jun 2019 04:12:57 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
39575
x-xss-protection
0
server
sffe
etag
"7fabe51ad24fb167"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Sat, 13 Jun 2020 04:12:57 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF
4 KB
1 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
785681
status
200
date
Tue, 25 Jun 2019 13:53:24 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1469
x-xss-protection
0
server
sffe
etag
"26f329c266c7e32f"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Wed, 24 Jun 2020 13:53:24 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame CFCF
42 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684337
status
200
date
Wed, 26 Jun 2019 18:02:28 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
13486
x-xss-protection
0
server
sffe
etag
"78de12916ef67b51"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:28 GMT
truncated
/ Frame CFCF
207 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3beb704139b26d9913cb60e2687d7f18696ad15064bd7b0164c63268b1aa927b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ Frame 070C
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-35/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
3491
date
Fri, 21 Jun 2019 19:56:06 GMT
expires
Sat, 20 Jun 2020 19:56:06 GMT
last-modified
Fri, 21 Jun 2019 14:35:26 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
1109519
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
view
securepubads.g.doubleclick.net/pcs/ Frame 9A23
0
166 B
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumCzC1-_yyii96jyTTvyPBx1qe1h56skZy95FlB1lLUWYyAGJjHhh-YRZc_T7bU7WJu7CSbP2SgRGV3clDYdLouGAjXXKd2JQKoXT03SxaikEG8-hgBnFzNMLKThkxdJJUIUqX3DEgwuwC5b-Z9uYyPnotdgO5IPsblKw7YgH5mYmBqNaDdKdaBgPnLVGdQPEep1PtMZVAztGHvdu4mKaAmy6NBO_Z0WeaJ1RBiW4kKRQKNEp7k-BsFdMmifD3MazvdvGLZK6vxuYyxmel3Nr9oCFA&sig=Cg0ArKJSzHnyqgNAWb0BEAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:05 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 9A23
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
02e67dafdee2710fc791b44c8319ae2471ebd3291d9ae167eddcacc47349fc1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 16:08:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1562152391643339"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
28158
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:05 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/011906111828200/ Frame B083
280 KB
75 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1277563
status
200
date
Wed, 19 Jun 2019 21:15:22 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
76683
x-xss-protection
0
server
sffe
etag
"aa77f575ea191da7"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 18 Jun 2020 21:15:22 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083
13 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684338
status
200
date
Wed, 26 Jun 2019 18:02:27 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
4947
x-xss-protection
0
server
sffe
etag
"ce2100eb3b0bf746"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:27 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083
142 KB
39 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1770908
status
200
date
Fri, 14 Jun 2019 04:12:57 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
39575
x-xss-protection
0
server
sffe
etag
"7fabe51ad24fb167"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Sat, 13 Jun 2020 04:12:57 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083
4 KB
1 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
785681
status
200
date
Tue, 25 Jun 2019 13:53:24 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1469
x-xss-protection
0
server
sffe
etag
"26f329c266c7e32f"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Wed, 24 Jun 2020 13:53:24 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame B083
42 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1881846
status
200
date
Wed, 12 Jun 2019 21:23:59 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
13486
x-xss-protection
0
server
sffe
etag
"78de12916ef67b51"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 11 Jun 2020 21:23:59 GMT
truncated
/ Frame B083
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
79e294aba6a7aa07f610a38ef47a181e257396557ad5b6e23c50c0b84a5f70bc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame C487
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CU-kcZCQeXeTxIsaWgAflwb-YBcvSgs9Wz4W4sfwJv-EeEAEgx4P8AWCV4pCCoAegAdL4y-IDyAEB4AIAqAMByAMKqgSyAk_QeKB6rnJ9RG6byr-cRNXsjKNPqCdcbbkgATsWhvJj8ceBHUl7wWeFPTq0g0eBnqS_tBPHMG8oHuYkKihUIifitRbF8ODWvSib_XkpjPKA2q3Dwg_mGOW_gZqBpZST4Tyw5Z5J_OtYBBNBuPbdTFKMmuFk-F-laguQZg-vSOoXce7LaQky7uGZpE4T2MLgLvCbspk6AEd26WLU65vtQ_BfXrVJLwN6GxiHUhDKnHhwfIMCOf4ZaM7SK3AMHYXNCzoRcrC63GQgE__d_qhCVdfAVNUEcguIYEPKWUp7uhJ3uTGh5CmqO-F9TIy2dAwHJmfC4A36rvp_nIssly6X2ud_ugNzNSKI3HKADv5v38ofn8BIF0Af1R6k7dkHfjRQFaRh5wTOvdFk5lAxGJV-ez60JuAEAYAHgYjWQ6gHjs4bqAfVyRuoB8HTG6gHhdQbqAeB1BuoB4LUG6gHhtQbqAeE1BuoB-DTG6gHugaoB9nLG6gHz8wbqAemvhvYBwHyBwQQwL4M0ggJCIDhgBAQARgNgAoB2BMD&sigh=txPu6QKRT48&tpd=AGWhJmvhbVEeZgNvLcIebgblQ73xl56kEsvbZsCluE-MDdMTXw
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/ Frame C487
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_ch...
42 B
120 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.247937948;dc_pre=CK_76PfSm-MCFQHHdwod9dQNdg;dc_trk_aid=444500704;dc_trk_cid=117027577;ord=3347692637;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
l
www.google.com/ads/measurement/ Frame C487
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRyMIcwDISE7yAJWnRNj1wU-eex-zeZtpYlztRSdwASB8m9uV5D3RMg04ABt0qlZfA93C_5R7IDAhU2LowP9F6RSjlk8g
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C487
2 KB
3 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
47541
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2502
x-xss-protection
0
expires
Fri, 05 Jul 2019 02:55:44 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C487
295 B
367 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
31355
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
295
x-xss-protection
0
expires
Fri, 05 Jul 2019 07:25:30 GMT
7518965568447469230
tpc.googlesyndication.com/simgad/ Frame CFCF
29 KB
29 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7518965568447469230?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlnBqNe-mF4yPzTisQEfs9mYAgG2w
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7719ab93490cd380fd487becadb93b76f9acbd0ecfcce4a9eb04551bfdf913c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Jun 2019 12:20:15 GMT
x-content-type-options
nosniff
last-modified
Fri, 17 Nov 2017 18:02:16 GMT
server
sffe
age
791270
content-type
image/png
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
29858
x-xss-protection
0
expires
Wed, 24 Jun 2020 12:20:15 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CFCF
2 KB
3 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
47541
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2502
x-xss-protection
0
expires
Fri, 05 Jul 2019 02:55:44 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CFCF
295 B
367 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
31355
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
295
x-xss-protection
0
expires
Fri, 05 Jul 2019 07:25:30 GMT
B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/ Frame CFCF
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
  • https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_...
42 B
109 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N790339.3167285ADWORDSGDN/B21456284.229002654;dc_pre=CN_76PfSm-MCFQkEiwodjPQHtQ;dc_trk_aid=426910088;dc_trk_cid=103966985;ord=251726114;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame CFCF
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CqeRtZCQeXbj3IsaWgAflwb-YBajSmo9XzsHO-9oHt6ae9MwBEAEg2tfFOWCV4pCCoAegAe_1jtsDyAEC4AIAqAMByAMIqgS5Ak_QlxAyeYCMnk8KEpk8W2zGcJQt5O1y_CKI3fj3gW_c7aJba9vvdEM6IT3osyYvrKtOoohkq84otBT-wl18gxoJb7BFyVADdZreO815TprJscdKoTCpIKn4P_usY6bZb66utNNgCjYg83zT8-xfkBA-zZ3LgP_y4Zf_Fdu70E0LBWRtVS5tc4zbt7jaj3S1_sV_kspS1DPIBqOkm7aZ0D297ePx3LQ6p9n7cgdjcHu34c_VluBfhZAcy_MKojm-4z6eiJN34ph3xboI7WL443l3VSO8kAfpPq9ofrcQoJhvORh9dSt_MfOJGCKK09NYK6FqzJbiUBP117H6vMWoV2ak02pOiHhB5YSa9oc8ziSq2xFXzXHBDmZqsrCr0kn2BO9VyoWYzhoPo7R_R2iwo3YH5QhQnMjb_p_ABLyY9sGCAeAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAeetpspqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBCI6QbSCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEww&sigh=fZn-go7G7yI&tpd=AGWhJmvtejFLsiUB0m3wSHdsteDSJCCM0GkIBGMw3RjBvkG6rg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

7081768244455630080
tpc.googlesyndication.com/simgad/ Frame B083
30 KB
30 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7081768244455630080?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk74AzmnTb4ZNqOV96FcpS49fTbkA
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f875dc31a85fb81f7d8c2253bf0ca0317218cd1ad34c93be974dcc355b987e43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 02 Jun 2019 07:14:59 GMT
x-content-type-options
nosniff
last-modified
Mon, 13 Nov 2017 10:38:58 GMT
server
sffe
age
2796786
content-type
image/png
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
30771
x-xss-protection
0
expires
Mon, 01 Jun 2020 07:14:59 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B083
2 KB
3 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
47541
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2502
x-xss-protection
0
expires
Fri, 05 Jul 2019 02:55:44 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B083
295 B
372 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
31355
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
295
x-xss-protection
0
expires
Fri, 05 Jul 2019 07:25:30 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame B083
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C4xziZCQeXZmAI8aWgAflwb-YBZiTmbFNwKeMyfoF3u3_rwQQASDHg_wBYJXikIKgB6ABuae0_wPIAQLgAgCoAwHIAwiqBLYCT9DfQo17ILFk6qqszjHyXDpU9jWQV6ObjuIQ4rWfwuDGXFP44Glm2EA3coacNZPxuKEznDqi7pPQDQKF3i3kCuHkH5caDKuUgH0Vl_mT2TwPTF1RSvvOI3rSMCOIMll8VFk8gKTu17ZrMpfMKmZr-6zrE01IZ-i1_Pur6uGhHIasyK5v3MY8rGpuraRG5wyIIfcduvxcSiIiXE1XQ9wTWdBsbQ1DZQA7N0guoNhAj5tMpzqe2-P1HrsUYod3AFdMFEIqhwqQRcc1dvdcghCEkTrNzlT_GoZLcSeAXfC4Z9lGn7Nak9HiczNSGj3Mv_RJxaHkJss4sS-0ALQQUCem8fm8qhIeesZplLMFtm6Nta9DCLdr_zkVvFSQ7ngLJM-Mx31vn0iQ_oAA7YMTD7p0l7QlWnLw6MAEsOzdgQHgBAGSBQQIBBgBkgUECAUYBKAGAoAHr9hLqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBDvpwvSCAkIgOGAEBABGA2ACgHYEwI&sigh=xsLyv29we5A&tpd=AGWhJmtL0ZGxjHA2f8eghXrDUWwrKg6vTYSq9JXKtqcOfe4jIA
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame C487
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Origin
https://www.bleepingcomputer.com

Response headers

date
Tue, 25 Jun 2019 12:04:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:12:38 GMT
server
sffe
age
792212
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Wed, 24 Jun 2020 12:04:33 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame C487
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500&lang=en
Origin
https://www.bleepingcomputer.com

Response headers

date
Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:13:33 GMT
server
sffe
age
2806315
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Mon, 01 Jun 2020 04:36:10 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame C487
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
246
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame CFCF
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
246
x-xss-protection
0
av
connatix-d.openx.net/v/1.0/ Frame 28B1
0
0

si
googleads.g.doubleclick.net/pagead/drt/ Frame B083
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Thu, 04 Jul 2019 16:08:05 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
246
x-xss-protection
0
/
www.facebook.com/tr/ Frame 942D
0
0
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
5166
pragma
no-cache
cache-control
no-cache
origin
https://www.bleepingcomputer.com
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
cookie
fr=0ybTnnA19NjpiWXiO..BdHiRk...1.0.BdHiRk.
Origin
https://www.bleepingcomputer.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
content-type
text/plain
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-length
0
server
proxygen-bolt
date
Thu, 04 Jul 2019 16:08:05 GMT
c
c.pub.network/
36 B
527 B
XHR
General
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
2591b3993b905671973bfaa4a92ba2502ba49ff7da880f996ab7c707d4c4281d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials
true
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
ads
securepubads.g.doubleclick.net/gampad/
55 KB
11 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=328194120199512&correlator=2543648827122582&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fifs&adsid=NT&json_a=1&eid=21062797%2C21063636%2C21063817%2C21063991%2C21064055%2C21064076&vrg=2019062401&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504&sc=1&sfv=1-0-35&ecs=20190704&iu_parts=15184186%2Cbleepingcomputer_970x90_728x90_320x50_sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&eri=1&cust_params=user-agent%3DChrome&cookie=ID%3D1aafc36b89f7db70%3AT%3D1562256484%3AS%3DALNI_MY-kmXu9e755qxGaNu-FMCnEGY4Pw&cookie_enabled=1&bc=31&abxe=1&lmt=1562251157&dt=1562256485705&dlt=1562256482241&idt=889&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1105&adks=3056404191&ucis=f&ifi=10&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&dssz=52&icsg=600333359783936&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&blev=1&bisch=1&psts=CigI7by9nRLoAf7Q9oSDBIICDfrd4Qby3uEGob7d9lDRAkN3JEQD9shd&ga_vid=222572338.1562256483&ga_sid=1562256483&ga_hid=697304623&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
807d8248fa4c9265b16839ed20abbb265188430ede192fb080299b0230c008fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 04 Jul 2019 16:08:06 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
11018
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
r
amp-error-reporting.appspot.com/ Frame C487
2 B
64 B
XHR
General
Full URL
https://amp-error-reporting.appspot.com/r
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2019 16:08:05 GMT
via
1.1 google
x-powered-by
Express
status
200
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2
c
c.pub.network/
36 B
527 B
XHR
General
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
4b00af59cbfbfb464ee6a1cb37e4c5c91e73e749ad910011bd89638f2334e194

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials
true
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
tracking.png
trk.connatix.com/ Frame 28B1
0
153 B
Image
General
Full URL
https://trk.connatix.com/tracking.png?c_rprbid=[{id:11186,c_wt:2023}]&cb=91b96495e39d636a599c1562256486056&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&c_v=1586_0_0_0_0&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&xplt=true&spp=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.162.56 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-23-22-162-56.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:07 GMT
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
0
amp4ads-v0.js
cdn.ampproject.org/rtv/011906111828200/ Frame 7F07
280 KB
75 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684339
status
200
date
Wed, 26 Jun 2019 18:02:27 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
76683
x-xss-protection
0
server
sffe
etag
"aa77f575ea191da7"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:27 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07
13 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684340
status
200
date
Wed, 26 Jun 2019 18:02:27 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
4947
x-xss-protection
0
server
sffe
etag
"ce2100eb3b0bf746"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:27 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07
142 KB
39 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
1770910
status
200
date
Fri, 14 Jun 2019 04:12:57 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
39575
x-xss-protection
0
server
sffe
etag
"7fabe51ad24fb167"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Sat, 13 Jun 2020 04:12:57 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07
4 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
785683
status
200
date
Tue, 25 Jun 2019 13:53:24 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
1469
x-xss-protection
0
server
sffe
etag
"26f329c266c7e32f"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Wed, 24 Jun 2020 13:53:24 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011906111828200/v0/ Frame 7F07
42 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/011906111828200/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
vary
Accept-Encoding
age
684339
status
200
date
Wed, 26 Jun 2019 18:02:28 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
13486
x-xss-protection
0
server
sffe
etag
"78de12916ef67b51"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-content-type-options
nosniff
expires
Thu, 25 Jun 2020 18:02:28 GMT
css
fonts.googleapis.com/ Frame 7F07
4 KB
676 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 04 Jul 2019 16:08:06 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 04 Jul 2019 16:08:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:06 GMT
css
fonts.googleapis.com/ Frame 7F07
4 KB
630 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 04 Jul 2019 16:08:06 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 04 Jul 2019 16:08:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 04 Jul 2019 16:08:06 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7F07
2 KB
3 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:55:44 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
47542
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2502
x-xss-protection
0
expires
Fri, 05 Jul 2019 02:55:44 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7F07
295 B
372 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019062401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 07:25:30 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
31356
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
295
x-xss-protection
0
expires
Fri, 05 Jul 2019 07:25:30 GMT
truncated
/ Frame 7F07
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
159a88cc4aeecc7348e417b827b8c95e04d3073bb4b708bd65948892b5c05ab0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
downsize_200k_v1
tpc.googlesyndication.com/simgad/9341509476158550631/ Frame 7F07
7 KB
7 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/9341509476158550631/downsize_200k_v1?sqp=4sqPyQSUAUKRAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhgIrAEQWhgBIAEtAAAAPzCsAThaRQAAgD8&rs=AOga4ql54LGTdKBdsgxZHnGW4Xwz67I0aw
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8448ebbb3124836d80b57b3420c0cbb237fd817b8004fb19895e4f0704987c15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 07 Jun 2019 04:15:52 GMT
x-content-type-options
nosniff
last-modified
Wed, 05 Jun 2019 21:10:53 GMT
server
sffe
age
2375534
content-type
image/jpeg
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
7075
x-xss-protection
0
expires
Sat, 06 Jun 2020 04:15:52 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/8578129967820296872/ Frame 7F07
5 KB
5 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/8578129967820296872/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qm5y3CelUOkKslL2rqGB5CLFSvb1A
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 03 Jun 2019 07:33:08 GMT
x-content-type-options
nosniff
last-modified
Tue, 08 Jan 2019 00:33:08 GMT
server
sffe
age
2709298
content-type
image/png
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
5350
x-xss-protection
0
expires
Tue, 02 Jun 2020 07:33:08 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 7F07
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CfmeOZSQeXZ_IL4ri7gPgwbuwCv3alJ1X15SPiLgJv-EeEAEg2tfFOWCV4pCCoAegAdL4y-IDyAEG4AIAqAMByAMKqgS0Ak_QU46CGNoPDanUpWd8iezqNglrdGFGgO88MWQ8Vh0O_iv4DLYQkJcuQsMRj-PPUhNdlaBHBQedO8_rNJNVaWjX3FbzED3WGvENYDc9RGJ8ss2yFrkQaRMWhjhLt35R-tRtPZjPMEzpDpag4Lge9Lxu-saa9M9lyof_7iHMiggEyIYJXGoAJcGyqVBGiofDWu7wAV1MjQ6NTChnt6Zkpq1AmFIrd6IJlnZqWYeNCsVNZSsuMjspsJq9c7AFoGDyLGX11hRcmQUCifMdHpKcvRjii6clUBWoHQPfnXIGOaVuZ8A_20MvN5u4d8Wpp7xmQhQfkC2HZx8rVJWyPoYihGXVGXale398g-T3nlkVah140T50WStZwe5nAYhOtnjnxNhndazRIA1eMdoybActL0AJ85Pv4AQBoAY3gAeBiNZDqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBDmng3SCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEwM&sigh=goUaL95pQ5s&template_id=492&tpd=AGWhJmuxg0NLJ0tjQX6lrofr-p3H7bU-dqvq86PRwE8N7zfIRQ
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/ Frame 7F07
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_ch...
42 B
109 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.248289117;dc_pre=CNLI7ffSm-MCFY7RdwodYxcH6A;dc_trk_aid=444500836;dc_trk_cid=117024702;ord=3368313340;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
l
www.google.com/ads/measurement/ Frame 7F07
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRABihNbBp5uF_Bpc8YWMNL74caQZohN0UGs6yytuwY0Brzgx7OueNRjMQYixYLghAjTfTc5I727cYY861r_Lig6M1Z8g
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
r
amp-error-reporting.appspot.com/ Frame CFCF
2 B
64 B
XHR
General
Full URL
https://amp-error-reporting.appspot.com/r
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2019 16:08:06 GMT
via
1.1 google
x-powered-by
Express
status
200
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 7F07
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin
https://www.bleepingcomputer.com

Response headers

date
Sun, 02 Jun 2019 04:36:10 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:13:33 GMT
server
sffe
age
2806316
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Mon, 01 Jun 2020 04:36:10 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v19/ Frame 7F07
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v19/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin
https://www.bleepingcomputer.com

Response headers

date
Tue, 25 Jun 2019 12:04:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:12:38 GMT
server
sffe
age
792213
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Wed, 24 Jun 2020 12:04:33 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame C487
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C-ENaZCQeXeTxIsaWgAflwb-YBcvSgs9Wz4W4sfwJv-EeEAEgx4P8AWCV4pCCoAegAdL4y-IDyAEB4AIAqAMBqgSyAk_QeKB6rnJ9RG6byr-cRNXsjKNPqCdcbbkgATsWhvJj8ceBHUl7wWeFPTq0g0eBnqS_tBPHMG8oHuYkKihUIifitRbF8ODWvSib_XkpjPKA2q3Dwg_mGOW_gZqBpZST4Tyw5Z5J_OtYBBNBuPbdTFKMmuFk-F-laguQZg-vSOoXce7LaQky7uGZpE4T2MLgLvCbspk6AEd26WLU65vtQ_BfXrVJLwN6GxiHUhDKnHhwfIMCOf4ZaM7SK3AMHYXNCzoRcrC63GQgE__d_qhCVdfAVNUEcguIYEPKWUp7uhJ3uTGh5CmqO-F9TIy2dAwHJmfC4A36rvp_nIssly6X2ud_ugNzNSKI3HKADv5v38ofn8BIF0Af1R6k7dkHfjRQFaRh5wTOvdFk5lAxGJV-ez60JuAEAYAHgYjWQ6gHjs4bqAfVyRuoB8HTG6gHhdQbqAeB1BuoB4LUG6gHhtQbqAeE1BuoB-DTG6gHugaoB9nLG6gHz8wbqAemvhvYBwHyBwQQwL4M0ggJCIDhgBAQARgNgAoB2BMD&sigh=oKu8Z61PyIE&vt=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

activeview
pagead2.googlesyndication.com/pcs/ Frame C487
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCl9Oa3QvcZngrLCr0GJZo45VI0NfhsN1mmi2uoLn_Yvc314_tFZZ87N7ZAPFZeILfLKzwEeHZA0YZRCxW9F0FbrNp7JI4wJu0rW_C7hb_fpifNaatuZazKUuLelwL3ao7lAgR8ga3F6iQ&sai=AMfl-YRZM9HzOJAjKvLIdznIoQGAc7kskY_C5P9u46wmq0himABg8Zc8dSFXq9VcsVim_Leg7Ae5U_eD1sDjdksnfTllRymmC82blyYq1jpdhzNKpZXPuq1gQqPPmKE&sig=Cg0ArKJSzGwMHxr34YPhEAE&cid=CAASF-RoO3lXpZr7gtf-NDOmFvkwy3EKOCUf&id=ampim&o=315,146&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=141&tls=1141&g=100&h=100&pt=&tt=1141&rpt=&rst=1562256485025&r=v&adk=960084856&avms=ampa
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame CFCF
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXxGS1n6KhjHDCUlBB2bljfVjjHaYgCXVM3pT7sKksXlJ8VyUZhLqhAa2_RofjZHs0EuyEGjn9eQPhPUhaP4cz4hTd5aiPMnwMxorf0Zl_-sOGRIPas5tfm3-K-g1EtY0BZElRM3eBIN1GJg&sai=AMfl-YSbI9asUuIA7HB6ri6qu3mj1Y5jEfJyIeQblya8hJst_cG9ONrNCM-aIxn10vqXHWIGb8xnaOxfGg23IfSksyvjFONiYGrPfaqK7kbwbfdgwWS8JaZlbhsAq-4&sig=Cg0ArKJSzBIo4DZmNwIFEAE&cid=CAASF-Rosqb4e2lfq5lbBLEXRpiQLhzOIPfS&id=ampim&o=1082,322&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1023&mtos=0,0,1023,1023,1023&tos=0,0,1023,0,0&tfs=122&tls=1145&g=100&h=100&pt=&tt=1145&rpt=&rst=1562256485040&r=v&adk=771041174&avms=ampa
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:07 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
r
amp-error-reporting.appspot.com/ Frame B083
2 B
64 B
XHR
General
Full URL
https://amp-error-reporting.appspot.com/r
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2019 16:08:06 GMT
via
1.1 google
x-powered-by
Express
status
200
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2
c
c.pub.network/
36 B
344 B
XHR
General
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
2591b3993b905671973bfaa4a92ba2502ba49ff7da880f996ab7c707d4c4281d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:06 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
r
amp-error-reporting.appspot.com/ Frame 7F07
2 B
64 B
XHR
General
Full URL
https://amp-error-reporting.appspot.com/r
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 04 Jul 2019 16:08:07 GMT
via
1.1 google
x-powered-by
Express
status
200
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
2
c
c.pub.network/
36 B
344 B
XHR
General
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
4b00af59cbfbfb464ee6a1cb37e4c5c91e73e749ad910011bd89638f2334e194

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Thu, 04 Jul 2019 16:08:08 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
adview
securepubads.g.doubleclick.net/pagead/ Frame 7F07
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CGf2XZSQeXZ_IL4ri7gPgwbuwCv3alJ1X15SPiLgJv-EeEAEg2tfFOWCV4pCCoAegAdL4y-IDyAEG4AIAqAMBqgS0Ak_QU46CGNoPDanUpWd8iezqNglrdGFGgO88MWQ8Vh0O_iv4DLYQkJcuQsMRj-PPUhNdlaBHBQedO8_rNJNVaWjX3FbzED3WGvENYDc9RGJ8ss2yFrkQaRMWhjhLt35R-tRtPZjPMEzpDpag4Lge9Lxu-saa9M9lyof_7iHMiggEyIYJXGoAJcGyqVBGiofDWu7wAV1MjQ6NTChnt6Zkpq1AmFIrd6IJlnZqWYeNCsVNZSsuMjspsJq9c7AFoGDyLGX11hRcmQUCifMdHpKcvRjii6clUBWoHQPfnXIGOaVuZ8A_20MvN5u4d8Wpp7xmQhQfkC2HZx8rVJWyPoYihGXVGXale398g-T3nlkVah140T50WStZwe5nAYhOtnjnxNhndazRIA1eMdoybActL0AJ85Pv4AQBoAY3gAeBiNZDqAeOzhuoB9XJG6gHwdMbqAeF1BuoB4HUG6gHgtQbqAeG1BuoB4TUG6gH4NMbqAe6BqgH2csbqAfPzBuoB6a-G9gHAfIHBBDmng3SCAkIgOGAEBABGA3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPYEwM&sigh=YSYoo2PXSrc&vt=1&template_id=492
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

activeview
pagead2.googlesyndication.com/pcs/ Frame 7F07
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv1jbRdBn-FGNeiNNoUXT-Fy4B3nf0_qg5g82SZ9R-XJciPAFskLbighOAk342IR10P9LkfSiskzoit78-XB3FdO_qiXIYrBMTjPOXHyMucLSbo4N1PnoFmnj9Iwsp33u9pCU-DylKUcb6S&sai=AMfl-YR-PDgYnB4eTxBcmm_zYREpyAgtEyrcEPFvFdblDDoCRAAVLqkZMMnMtxaNmyBWPvwYUSeVPR8i7u3GCKTTkXYfVZx39GpAj58mFgXCHNUIEK86IjD1CHg_yT4&sig=Cg0ArKJSzN7uVUZ8QhvPEAE&cid=CAASF-Ro1-deSfyK_25SqjRGegtLpaL80Wi7&id=ampim&o=436,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=1316&tls=2317&g=100&h=100&pt=1395&tt=2317&rpt=1395&rst=1562256486085&r=v&adk=3056404191&avms=ampa
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:08 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v2
i.connectad.io/api/
0
0

auction
tlx.3lift.com/header/
0
0

prebid
ib.adnxs.com/ut/v3/
395 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.100 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
b4de71dcae841e19d2edc5914bc3a452e66c0c9ca803e662b3ca5d18d49d9c54
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2019 16:08:13 GMT
X-Proxy-Origin
82.102.16.137; 82.102.16.137; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.232:80
AN-X-Request-Uuid
580b6134-b1b9-4a29-8d85-4e4ddaea557c
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
395
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

arj
freestar-d.openx.net/w/1.0/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

prebid_display
display.bfmio.com/
0
0

HeaderBiddingService
ssp.pub.network/ssp-server/
0
0

24
web.hb.ad.cpe.dotomi.com/s2s/header/
588 B
779 B
XHR
General
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
c88a51a3781fe16f1c3f42af4b05698667c0c843dd20822951192d224d6a691c

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:11 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
588
expires
0
hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

v1
btlr.sharethrough.com/header-bid/
0
0

/
hb.emxdgt.com/
0
0

v1
dmx.districtm.io/b/
0
0

t
jadserve.postrelease.com/
97 B
505 B
Script
General
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ntv_mvi
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.215.180.144 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-215-180-144.us-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
5de79bd33c164a62fe3389aeef0af2f54b82e7f8ba5fd7d0721f8080823babcb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:12 GMT
content-encoding
gzip
server
nginx/1.12.1
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript;charset=UTF-8
content-length
108
expires
Mon, 1 Jan 1990 12:00:00 GMT
v1
dmx.districtm.io/b/
0
0

imp
g2.gumgum.com/hbid/
0
0

imp
g2.gumgum.com/hbid/
0
0

arj
freestar-d.openx.net/w/1.0/
0
0

prebid_display
display.bfmio.com/
0
0

fastlane.json
fastlane.rubiconproject.com/a/api/
0
0

HeaderBiddingService
ssp.pub.network/ssp-server/
0
0

prebid
ib.adnxs.com/ut/v3/
19 B
719 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.100 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 04 Jul 2019 16:08:14 GMT
X-Proxy-Origin
82.102.16.137; 82.102.16.137; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80
AN-X-Request-Uuid
8e5ab6c5-dc89-4a86-8e5f-494be6ce6af0
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
hb
ssc.33across.com/api/v1/
0
0

hb
ssc.33across.com/api/v1/
0
0

24
web.hb.ad.cpe.dotomi.com/s2s/header/
192 B
382 B
XHR
General
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
511834888e15b8279f18ccba6e879b554bff8c6c3fbd1067850c661d2707fa44

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 04 Jul 2019 16:08:12 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
192
expires
0
v2
i.connectad.io/api/
97 B
643 B
XHR
General
Full URL
https://i.connectad.io/api/v2
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:8528 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92963f695e7f7c94492bef74d7a5bc3bafb6c5e615cb6fca0907aa7ee4c11ae8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 04 Jul 2019 16:08:12 GMT
content-encoding
gzip
content-type
application/json
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
4f125b462c29c2ef-FRA
alt-svc
clear
via
1.1 google
g
rtb.connatix.com/
95 B
290 B
Script
General
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=47f9189722770284feb11562256493108&req_no=2&v=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_d9ed4e297b92c14720851562256493108
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-214-45-211.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
4df1684a0f8233367358322cb3c927b93137df2eee5aba598667cd0975b2291d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:13 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
111
Cookie set sync_iframe
sync.bfmio.com/ Frame 991A
0
0
Document
General
Full URL
https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.229.36.213 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-229-36-213.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Host
sync.bfmio.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Access-Control-Allow-Origin
*
Content-Type
text/html
Date
Thu, 04 Jul 2019 16:08:20 GMT
Set-Cookie
__io_cid=f43b5e0f04443101301259ffbe8a59ae08bbf6b3; Domain=.bfmio.com; Expires=Fri, 03-Jul-2020 16:08:20 GMT; Path=/
Content-Length
217
Connection
keep-alive
connectmyusers.php
cdn.connectad.io/ Frame EC03
0
0
Document
General
Full URL
https://cdn.connectad.io/connectmyusers.php
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:8528 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.connectad.io
:scheme
https
:path
/connectmyusers.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
date
Thu, 04 Jul 2019 16:08:18 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d915014d7d78a15d48605b436a1a66c7c1562256498; expires=Fri, 03-Jul-20 16:08:18 GMT; path=/; domain=.connectad.io; HttpOnly
cf-cache-status
HIT
age
6340
expires
Fri, 05 Jul 2019 00:08:18 GMT
cache-control
public, max-age=28800
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
4f125b6b68f0c2ef-FRA
content-encoding
gzip
v2
de.tynt.com/deb/ Frame 34B6
0
0
Document
General
Full URL
https://de.tynt.com/deb/v2?m=xch&rt=html&id=cMP4reZxWr6jPmaKlId8sQ
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip183.208-100-17.static.steadfastdns.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
de.tynt.com
:scheme
https
:path
/deb/v2?m=xch&rt=html&id=cMP4reZxWr6jPmaKlId8sQ
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
cache-control
max-age=86400
expires
Fri, 05 Jul 2019 16:08:21 GMT
content-type
text/html
content-length
75
date
Thu, 04 Jul 2019 16:08:20 GMT
p3p
CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
pd
u.openx.net/w/1.0/ Frame 17F4
Redirect Chain
  • https://u.openx.net/w/1.0/pd
  • https://u.openx.net/w/1.0/pd?cc=1
0
0
Document
General
Full URL
https://u.openx.net/w/1.0/pd?cc=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS
ox-173-241-240-143.xa.dc.openx.org
Software
OXGW/16.146.0 /
Resource Hash

Request headers

:method
GET
:authority
u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
cookie
i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
vary
Accept
set-cookie
i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1562256499|mOgikimWiygu; Version=1; Expires=Fri, 19-Jul-2019 16:08:19 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server
OXGW/16.146.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 04 Jul 2019 16:08:19 GMT
content-type
text/html
content-encoding
gzip

Redirect headers

status
302
set-cookie
i=d26690c2-b4e8-4174-b5e8-dc5748e29cbf|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server
OXGW/16.146.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u.openx.net/w/1.0/pd?cc=1
date
Thu, 04 Jul 2019 16:08:19 GMT
content-length
0
v2
de.tynt.com/deb/ Frame C266
0
0
Document
General
Full URL
https://de.tynt.com/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip183.208-100-17.static.steadfastdns.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
de.tynt.com
:scheme
https
:path
/deb/v2?m=xch&rt=html&id=bBb-SI6fGr6iocaKkv7mNO
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
cache-control
max-age=86400
expires
Fri, 05 Jul 2019 16:08:21 GMT
content-type
text/html
content-length
75
date
Thu, 04 Jul 2019 16:08:21 GMT
p3p
CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
sync
ib.3lift.com/ Frame C327
0
0

index.html
cdn.districtm.io/ids/ Frame 9FC2
0
0
Document
General
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1aef , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
date
Thu, 04 Jul 2019 16:08:18 GMT
content-type
text/html
set-cookie
__cfduid=d3ccd54f984f531853670f636b3c07a531562256498; expires=Fri, 03-Jul-20 16:08:18 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified
Thu, 10 Jan 2019 16:50:48 GMT
cache-control
s-maxage=1209600, max-age=14400
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4f125b6bf9d9d72d-FRA
content-encoding
br
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 5C1F
0
0
Document
General
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Server
nginx/1.9.13
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
506
Cache-Control
max-age=31536000
Expires
Fri, 03 Jul 2020 16:08:19 GMT
Date
Thu, 04 Jul 2019 16:08:19 GMT
Connection
keep-alive
pd
u.openx.net/w/1.0/ Frame B897
Redirect Chain
  • https://u.openx.net/w/1.0/pd
  • https://u.openx.net/w/1.0/pd?cc=1
0
0
Document
General
Full URL
https://u.openx.net/w/1.0/pd?cc=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.241.240.143 Amsterdam, Netherlands, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS
ox-173-241-240-143.xa.dc.openx.org
Software
OXGW/16.146.0 /
Resource Hash

Request headers

:method
GET
:authority
u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
cookie
i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
vary
Accept
set-cookie
i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1562256499|mOgikimWiygu; Version=1; Expires=Fri, 19-Jul-2019 16:08:19 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server
OXGW/16.146.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 04 Jul 2019 16:08:19 GMT
content-type
text/html
content-encoding
gzip

Redirect headers

status
302
set-cookie
i=8d8f1698-fac4-43c3-b12a-2a98bbb91fde|1562256499; Version=1; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server
OXGW/16.146.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u.openx.net/w/1.0/pd?cc=1
date
Thu, 04 Jul 2019 16:08:19 GMT
content-length
0
connectmyusers.php
cdn.connectad.io/ Frame F462
0
0
Document
General
Full URL
https://cdn.connectad.io/connectmyusers.php
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:8528 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.connectad.io
:scheme
https
:path
/connectmyusers.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
cookie
__cfduid=d915014d7d78a15d48605b436a1a66c7c1562256498
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
date
Thu, 04 Jul 2019 16:08:18 GMT
content-type
text/html; charset=UTF-8
cf-cache-status
HIT
age
6340
expires
Fri, 05 Jul 2019 00:08:18 GMT
cache-control
public, max-age=28800
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
4f125b6b8955c2ef-FRA
content-encoding
gzip
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 9D8E
0
0
Document
General
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Server
nginx/1.9.13
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
506
Cache-Control
max-age=31536000
Expires
Fri, 03 Jul 2020 16:08:19 GMT
Date
Thu, 04 Jul 2019 16:08:19 GMT
Connection
keep-alive
v2
de.tynt.com/deb/ Frame B6FC
0
0
Document
General
Full URL
https://de.tynt.com/deb/v2?m=xch&rt=html&id=bzPstcZxSr6lrlaKkv7mNO
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip183.208-100-17.static.steadfastdns.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
de.tynt.com
:scheme
https
:path
/deb/v2?m=xch&rt=html&id=bzPstcZxSr6lrlaKkv7mNO
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
cache-control
max-age=86400
expires
Fri, 05 Jul 2019 16:08:21 GMT
content-type
text/html
content-length
75
date
Thu, 04 Jul 2019 16:08:21 GMT
p3p
CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
v2
de.tynt.com/deb/ Frame 151C
0
0
Document
General
Full URL
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxLHU2ZxSr6lrlaKkv7mNO
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip183.208-100-17.static.steadfastdns.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
de.tynt.com
:scheme
https
:path
/deb/v2?m=xch&rt=html&id=dxLHU2ZxSr6lrlaKkv7mNO
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
cache-control
max-age=86400
expires
Fri, 05 Jul 2019 16:08:21 GMT
content-type
text/html
content-length
75
date
Thu, 04 Jul 2019 16:08:21 GMT
p3p
CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
check.html
biddr.brealtime.com/ Frame 6C6A
0
0

Cookie set sync_iframe
sync.bfmio.com/ Frame DE2D
0
0
Document
General
Full URL
https://sync.bfmio.com/sync_iframe?ifg=1&id=92fd6b68-fe21-44c5-bce8-6f519808339c&gdpr=0&gc=&gce=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.229.36.213 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-229-36-213.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Host
sync.bfmio.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

Access-Control-Allow-Origin
*
Content-Type
text/html
Date
Thu, 04 Jul 2019 16:08:18 GMT
Set-Cookie
__io_cid=82b794ff7e4b28d86dbc79818e4d354037f7df78; Domain=.bfmio.com; Expires=Fri, 03-Jul-2020 16:08:19 GMT; Path=/
Content-Length
217
Connection
keep-alive
usync.html
eus.rubiconproject.com/ Frame 1CD8
0
0

index.html
cdn.districtm.io/ids/ Frame DFCA
0
0
Document
General
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1aef , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
date
Thu, 04 Jul 2019 16:08:18 GMT
content-type
text/html
set-cookie
__cfduid=d3ccd54f984f531853670f636b3c07a531562256498; expires=Fri, 03-Jul-20 16:08:18 GMT; path=/; domain=.districtm.io; HttpOnly
last-modified
Thu, 10 Jan 2019 16:50:48 GMT
cache-control
s-maxage=1209600, max-age=14400
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4f125b6bf9ddd72d-FRA
content-encoding
br
v2
de.tynt.com/deb/ Frame B6D3
0
0
Document
General
Full URL
https://de.tynt.com/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-1.33.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.183 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip183.208-100-17.static.steadfastdns.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
de.tynt.com
:scheme
https
:path
/deb/v2?m=xch&rt=html&id=ddRMkSZxSr6lrlaKkv7mNO
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/

Response headers

status
200
cache-control
max-age=86400
expires
Fri, 05 Jul 2019 16:08:21 GMT
content-type
text/html
content-length
75
date
Thu, 04 Jul 2019 16:08:21 GMT
p3p
CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
/
edba.brealtime.com/
0
0

g
rtb.connatix.com/
95 B
290 B
Script
General
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&c_ivt=0&connatix_sess=_R0QpgLOMiWrVBKI3rOZCq6NwtOQeRupqIGXm90wxMOP__4g_iM326pQ9AASfTGrnssPPktHS_v4nXyb9GTu9wAO8Mo6yeTCs8HilTnORHIYGD9JRxdmfk2nQpgBAkI8qA1ENyJWm_VdeUUdGWOZv90pjUPpGJdLeUf2J4v1YRD1zvTMPdRaf6KhzQ13ZIOM&notServed=false&xplr=false&c_s=false&c_pl=46wra552KZOJ2yS3xuNxdgupZ7kVkubw7Z7sjbfT46kTvfSv3ZAl9KORWyYuJT-USiIsCvhFBc3iEfePEMIiccjh9Zb8VRD2HZ_Ik0HaS8rGuyGv4tyl-RFCOSqBWdM405er6zKJ1gSCgTGm1i0LwT6huCDjcLI5-VM4am5F5Qm7-3rHeLcbPtmZa_-Krq1ieyP3SR9TPTo8AIUq6fqbGy_TKhWpVvAUi7T9KljN5LgBaol6zxSjQoy2jc5ZzQbV542gaXmKzvQSnNefby7fig&gdpr=1&med_id=639404&request_guid=e787bb50c9c7319b6ef21562256508134&req_no=3&v=1&c_f=[{id:12556,r:2,i:0,sr:2}]&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spa&c_v=1586_0_0_0_0&spp=1&callback=cnxJSONP_b27fbdda5064d1f294271562256508134
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1586/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.45.211 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-214-45-211.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
9f079a68989cd860bb83c41320b06440038389edafca03b592685f9952c5eafe

Request headers

Referer
https://www.bleepingcomputer.com/news/security/new-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 04 Jul 2019 16:08:28 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
Connection
keep-alive
Content-Length
111

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s9.addthis.com
URL
https://s9.addthis.com/js/300/addthis_widget.js
Domain
connatix-d.openx.net
URL
https://connatix-d.openx.net/v/1.0/av?auid=540193965&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&cb=7723f9ccd32e9a80e66b1562256483057&vwd=834&vht=469&gdpr=1&gdpr_consent=0
Domain
s.adtelligent.com
URL
https://s.adtelligent.com/sync.html?aid=410295
Domain
tpc.googlesyndication.com
URL
https://tpc.googlesyndication.com/safeframe/1-0-35/html/container.html
Domain
hbx.media.net
URL
https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.bleepingcomputer.com&version=&https=1
Domain
connatix-d.openx.net
URL
https://connatix-d.openx.net/v/1.0/av?auid=540193965&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&cb=956d28a9d9ec338d30e01562256485125&vwd=834&vht=470&gdpr=1&gdpr_consent=0
Domain
i.connectad.io
URL
https://i.connectad.io/api/v2
Domain
tlx.3lift.com
URL
https://tlx.3lift.com/header/auction?lib=prebid&v=1.32.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tmax=1200
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
freestar-d.openx.net
URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_2.1.5&dddid=3df9735c-dcc6-472a-b650-5c91d7ad5b3d%2C66921a04-acfd-460b-aac3-d6b3d6ec4838%2C0ed3c932-842f-4d2e-ba3a-d1f5a7391d27%2Cc8f14ed8-4a3b-4602-83c1-33d35adf8c98%2Cf4e376e5-f322-45dc-879c-4915910d4382%2C9c511830-701c-48b9-80e4-666cbfa0585a%2Ca98dbb1f-d64a-4859-9fc3-9ddee88fff8d&nocache=1562256491249&x_gdpr_f=1&pubcid=4e859f71-996f-4b28-ba6d-fdf2e3c60a01&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600%7C728x90%2C970x90&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3%2Cbleepingcomputer_970x90_728x90_320x50_sticky&auid=539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725&
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=3df9735c-dcc6-472a-b650-5c91d7ad5b3d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7089086093597643
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=66921a04-acfd-460b-aac3-d6b3d6ec4838&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8814618795199536
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=0ed3c932-842f-4d2e-ba3a-d1f5a7391d27&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.981551252121218
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=c8f14ed8-4a3b-4602-83c1-33d35adf8c98&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4252986265380416
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=f4e376e5-f322-45dc-879c-4915910d4382&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7497101017723093
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=9c511830-701c-48b9-80e4-666cbfa0585a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6468110636785693
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=a98dbb1f-d64a-4859-9fc3-9ddee88fff8d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7162414403355579
Domain
display.bfmio.com
URL
https://display.bfmio.com/prebid_display
Domain
ssp.pub.network
URL
https://ssp.pub.network/ssp-server/HeaderBiddingService
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=107a0c793856cc08&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=108d93c0d1f94de1&placement_key=wDH8n844o8J5LF7qDwHQ7sj5&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1090982f8e0f2b56&placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1101bf95f968f846&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1112598ce6fc6c04&placement_key=wDH8n844o8J5LF7qDwHQ7sj5&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=112aec185214017c&placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1136a32e7c2d7d21&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1149e935eb4c0bc6&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1152a9d1fbc79b97&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1162b807b3f1cc07&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1171409d62a29645&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=118a103af3d143bd&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1193412170230697&placement_key=GrVComq83JzCSLK1pi9waoyR&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1204bbc37bd5b8a&placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=12137bb76902ad3d&placement_key=DSthphoQqH66AkQXPDoXn74b&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=1229606b5d40395e&placement_key=Y2PwNBba8FyKXESSc72DFF25&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/header-bid/v1?bidId=12341aa89c02e34f&placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&hbVersion=1.32.0&strVersion=3.0.1&hbSource=prebid&consent_required=false&
Domain
hb.emxdgt.com
URL
https://hb.emxdgt.com/?t=1200&ts=1562256491262
Domain
dmx.districtm.io
URL
https://dmx.districtm.io/b/v1
Domain
dmx.districtm.io
URL
https://dmx.districtm.io/b/v1
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
g2.gumgum.com
URL
https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=undefined&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&ce=true&dpr=1&jcsi=%5Bobject%20Object%5D&
Domain
freestar-d.openx.net
URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_2.1.5&dddid=b0498794-efaa-44a8-ad0a-562ca4b3092f&nocache=1562256492498&x_gdpr_f=1&pubcid=da345436-e520-41d2-b27f-0663126e3680&aus=728x90%2C970x90&divIds=bleepingcomputer_970x90_728x90_320x50_sticky&auid=539181725&
Domain
display.bfmio.com
URL
https://display.bfmio.com/prebid_display
Domain
fastlane.rubiconproject.com
URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&p_pos=unknown&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fnew-backdoor-and-malware-downloader-used-in-ta505-spam-campaigns%2F&tk_flint=pbjs_lite_v1.32.0&x_source.tid=b0498794-efaa-44a8-ad0a-562ca4b3092f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.40012300807599877
Domain
ssp.pub.network
URL
https://ssp.pub.network/ssp-server/HeaderBiddingService
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb
Domain
ib.3lift.com
URL
https://ib.3lift.com/sync?
Domain
biddr.brealtime.com
URL
https://biddr.brealtime.com/check.html
Domain
eus.rubiconproject.com
URL
https://eus.rubiconproject.com/usync.html
Domain
edba.brealtime.com
URL
https://edba.brealtime.com/

Verdicts & Comments Add Verdict or Comment

151 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| freestar object| apd_options function| gtag object| dataLayer object| adsbygoogle object| elem object| scpt function| __cmp object| google_tag_manager function| Blazy string| GoogleAnalyticsObject function| ga object| jQuery111105697497266559572 object| fixto function| validate_comment_box_not_empty function| cz_strip_tags function| cz_br2nl function| editForm string| loginhash boolean| main_nav_hide_flag number| scrollTop string| main_nav_hide_timer function| call_main_nav_hide number| cz_header_pos number| prevScrollTop object| google_js_reporting_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad number| _gfp_ function| google_spfd number| google_lpabyc number| google_unique_id object| google_image_requests object| google_sv_map object| google_t12n_vars function| loadDeferredStyles function| raf boolean| cnx_poly object| cnxBindings function| cnxUnbind object| cnxtimeouts object| cnxintervals function| cnxSetTimeout function| cnxSetInterval function| cnxClearAll object| cnxUmm object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| cnxPageGuid number| spp object| cnxJSONP_0c435d0bff0945e9b3121562256482537 function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| google_iframe_oncopy function| Goog_AdSense_getAdAdapterInstance boolean| google_osd_loaded boolean| google_onload_fired function| __cmpui function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb function| _ object| fsdata function| load_script object| googletag object| pbjs object| closure_memoize_cache_ boolean| google_noFetch boolean| google_DisableInitialLoad function| pbjsChunk object| __core-js_shared__ function| JSEncrypt object| _clrm function| _typeof object| _0x1459 function| _0x1a0b object| BT object| _qevents object| advBidxc object| _comscore function| udm_ object| ns_p object| COMSCORE function| Goog_AdSense_OsdAdapter function| quantserve function| __qc object| ezt object| _qoptions function| sha256_H28SdxWrZ387Ldn0qogCzFiUDDxfPiNIyJX7BECQkDE string| btID function| fbq function| _fbq object| AMP_CONFIG object| log object| AMPErrors boolean| ampInaboxInitialized object| AMP_MODE function| reportError object| AMP function| CMD function| initCmd object| $jscomp object| ntv number| ntvLoadStart undefined| nQuery object| prdom function| ntvInsertTracking function| ntvTrackingUrlUtil function| ntvStopWatch function| ntvTimeOnContentStopWatch function| ntvGetElementViewability function| ntvViewableImpressionTracker function| ntvArticleTracker function| ntvjQueryInit function| ntvExtends function| ntvAppendStylesheet function| ntvAppendScript object| ntvToutAds object| PostRelease function| parcelRequire function| TrackerFactory function| _MOAT function| _Viant object| businessLogic object| cnxJSONP_6ad89d71e273a5ada4ad1562256483056 object| cnxJSONP_3dbedcce80a2cbf5a8601562256483070 object| cnxJSONP_d9ed4e297b92c14720851562256493108 object| cnxJSONP_b27fbdda5064d1f294271562256508134 function| cnxAddEventListener

0 Cookies

13 Console Messages

Source Level URL
Text
console-api warning URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1)
Message:
Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api warning URL: https://static.quantcast.mgr.consensu.org/v21/cmpui-popup.js(Line 1)
Message:
Unable to get NonIab Vendor list.
console-api log URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 5)
Message:
Video gallery initializing
console-api info URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579)
Message:
Powered by AMP ⚡ HTML – Version 1906111828200
console-api error URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161)
Message:
localStorage not supported.
console-api info URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579)
Message:
Powered by AMP ⚡ HTML – Version 1906111828200
console-api error URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161)
Message:
localStorage not supported.
console-api info URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579)
Message:
Powered by AMP ⚡ HTML – Version 1906111828200
console-api error URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161)
Message:
localStorage not supported.
console-api info URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 579)
Message:
Powered by AMP ⚡ HTML – Version 1906111828200
console-api error URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 161)
Message:
localStorage not supported.
console-api warning URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 17)
Message:
Response unparseable or failed to send image request
console-api warning URL: https://cdn.ampproject.org/rtv/011906111828200/amp4ads-v0.js(Line 17)
Message:
Response unparseable or failed to send image request

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
adservice.google.com
adservice.google.de
amp-error-reporting.appspot.com
api.quantcast.mgr.consensu.org
audit.quantcast.mgr.consensu.org
biddr.brealtime.com
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdn.connatix.com
cdn.connectad.io
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
connatix-d.openx.net
connect.facebook.net
core.connatix.com
cse.google.com
d.pub.network
de.tynt.com
display.bfmio.com
dmx.districtm.io
edba.brealtime.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
g2.gumgum.com
googleads.g.doubleclick.net
hb.emxdgt.com
hbx.media.net
i.connatix.com
i.connectad.io
ib.3lift.com
ib.adnxs.com
jadserve.postrelease.com
pagead2.googlesyndication.com
privacy-api-gateway.quantcast.com
quantcast.mgr.consensu.org
rtb.connatix.com
rules.quantcount.com
s.adtelligent.com
s.ntv.io
s9.addthis.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssc.33across.com
ssp.pub.network
static.quantcast.mgr.consensu.org
sync.bfmio.com
tlx.3lift.com
tpc.googlesyndication.com
trk.connatix.com
u.openx.net
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
biddr.brealtime.com
btlr.sharethrough.com
connatix-d.openx.net
display.bfmio.com
dmx.districtm.io
edba.brealtime.com
eus.rubiconproject.com
fastlane.rubiconproject.com
freestar-d.openx.net
g2.gumgum.com
hb.emxdgt.com
hbx.media.net
i.connectad.io
ib.3lift.com
s.adtelligent.com
s9.addthis.com
ssc.33across.com
ssp.pub.network
tlx.3lift.com
tpc.googlesyndication.com
104.20.59.209
104.24.1.61
172.217.21.194
173.241.240.143
18.207.76.63
185.33.223.100
2.18.232.130
2.19.43.224
208.100.17.183
216.58.207.70
216.58.210.2
23.210.250.13
23.22.162.56
2600:9000:200c:3c00:9:46dc:4700:93a1
2600:9000:2047:7c00:6:44e3:f8c0:93a1
2600:9000:2047:fc00:9:46dc:4700:93a1
2606:4700:10::6814:8528
2606:4700:20::6819:bf72
2606:4700::6812:1aef
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:815::200a
2a00:1450:4001:819::2001
2a00:1450:4001:819::2004
2a00:1450:4001:81a::2002
2a00:1450:4001:81b::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81d::2014
2a00:1450:4001:820::2001
2a00:1450:4001:824::2008
2a02:fa8:8806:13::1460
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::645
2a04:4e42:3::645
3.214.45.211
3.92.90.105
34.229.36.213
35.188.71.214
35.226.36.58
52.222.157.150
52.222.157.166
52.222.157.56
52.222.157.91
54.192.94.221
54.215.180.144
91.228.74.238
02e67dafdee2710fc791b44c8319ae2471ebd3291d9ae167eddcacc47349fc1f
0403883673c91b0c6dc85b135e6f222f76d1150a76b701a694389fe7151c97d3
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
1035691a1c992c11c8b61e5c29b62d3a190131160b4bcb3f484c11bc33907d8c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13fb0f2063e0add7533ab42e3da469b39750272c7e7d5f0c9036e962477e9e40
159a88cc4aeecc7348e417b827b8c95e04d3073bb4b708bd65948892b5c05ab0
15b71fd1d87bc6d1e6ac7a19bd6e6da0fb324a76864fb566ba2bf528e94941cd
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
1ac1a6cf332c82c845d01d21e9a5f5b948d5ffc940879424718fe1a31111c4a8
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2450e4fd2687e1fe032d4931d6b21a25ef94c80b5bf6baa2ca6e903c861e72da
24bc4ac03a5f89c3d38f9e173dc4a03fef2adb635d628f0341198b8d00548c5a
2544182fb9a0a2f65dac966c91bcbcb8239798c4c5d8278f0fd6d9f4056d301e
2591b3993b905671973bfaa4a92ba2502ba49ff7da880f996ab7c707d4c4281d
2a6bfabe65ca353e4359be32e10d40b8b514590b536dd93499bc1067e4bf6329
2aadba5dea3cad3a2f2e2a79d88f06a4f3edb86f006f4b19c74d9e1024210bb6
2bba8b27dfb6064a073f6fba80af3652569b766a8b5a0b44477ec6eea076ecbf
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
371e60eaea3df0bf53403a81ca0d49fad4e0c08dca679cf6a85300da15bf3208
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3beb704139b26d9913cb60e2687d7f18696ad15064bd7b0164c63268b1aa927b
3cb52f528fbf03a9bb562ef0c01fd748b405de3f512835b4963075749061b6f7
3f479d74e8907a3aeaeae2931a63c6362b0134448a44b50e9913ce22440fa607
404a9b0ffbcc813e8ddbb8d8510a24a69c09079282f8083ee94f4adc5d627176
46f054a5c98b253c46ff84547ce118625668349700a0730724df4bb25bcf5f78
484df960f879a28860a2cb182c0e717fda77babf0d4378343ba63723cc948649
4a6ac1e8519aa132772c1f732514d4a2cbcd2143a90710b7656bc23024b4c85c
4b00af59cbfbfb464ee6a1cb37e4c5c91e73e749ad910011bd89638f2334e194
4bb3aaeb6bd2ba6d6c88f1497a5b86b2dba5ed0a39dcdbe82ee94dd06990e146
4df1684a0f8233367358322cb3c927b93137df2eee5aba598667cd0975b2291d
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
511834888e15b8279f18ccba6e879b554bff8c6c3fbd1067850c661d2707fa44
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59bd02350871b22df229e164c348ca96bd780f3af752920d54c12af1e90753d7
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5de79bd33c164a62fe3389aeef0af2f54b82e7f8ba5fd7d0721f8080823babcb
5dfcc2746e6dbf11b0ac1dc8823688f2cdff5b6d4afbe00e256384bfdff399c3
617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95
617c4b646dbae0aed90fabe2e8a98b09b57cd32ba518dfcb276dbd12fa86d9dc
61cb7a1fefe87904c7b02aa16c88d4b42805526d63f9d20f2f797380713e4577
62cf9551be94b96eec2590b6a832fdf0de816e7d9dcb2a2b4b9b72600417ecfb
63540aac55b3e3ecc7561344b838c133d62ea472eb05b0b95e94ff51a22b4ffc
642c8587ff06ea6a9e3721711e6614013a1bc8de1b3bd4858b0d1354c94ff90c
657f79c4d5a6ea502202651151811d195b49cf9cf22fd7f8edaeefe2f8cc8fc4
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6cdf7da1776d10b40ed376754ae484da1c1aee3ce7c586c86131e8f3db1376c7
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
7719ab93490cd380fd487becadb93b76f9acbd0ecfcce4a9eb04551bfdf913c8
79e294aba6a7aa07f610a38ef47a181e257396557ad5b6e23c50c0b84a5f70bc
7c10ea3dddd1f12b4086c60b9512bf7f6a71b4a5164dc484df9d70ad77d3f613
7c10ffebccfabdd702d6b76848d941d711f0bd3b48b621f780f33ee9968754d1
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
807d8248fa4c9265b16839ed20abbb265188430ede192fb080299b0230c008fe
81825367feca0c5a8a82d656d4005c35f6810b2ba79b5f762dc6d8d52a5aee65
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8448ebbb3124836d80b57b3420c0cbb237fd817b8004fb19895e4f0704987c15
8676b3b80defc341e5127a20ae48918c79b8359fe0e420617fd71c696dc4f12d
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8d9c3e3cfba892b2954a9c28ec67162355632750aa8b45d55323b04bc29ae61b
8e954013ce3d11bb4a2d90be6031b5b5791042d9c2342b5217919400f97d1d67
8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
92963f695e7f7c94492bef74d7a5bc3bafb6c5e615cb6fca0907aa7ee4c11ae8
96128cdcbbf482e82bc1fb11a020de837ba5c061decb00e31705375fc325dee3
997f05063c2d0432532617092401abf909c6bfec2f334a0866ea69f62dc7dee4
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9dddc21cf89952794214b58f9ec5cc841ec6525bc7f8facf5515e851898d7930
9f079a68989cd860bb83c41320b06440038389edafca03b592685f9952c5eafe
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
a6d4ea4e2f95dcd77bc3acb8408f8ed9c2d9453aeafef8af9387b04e6c9a8ff9
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a93d3ad73d2765c2bd1ab5347bd34a79c0e010df089d0db7bd56d6ae12d823c8
aa31bb772fdd92bb221e655d1e2a35355f81dd46596ec916c93b2363d6cec339
aecba7ee3870c0d979df93f73bd566149bef7cc74cd1f3894751cef44a217340
aed1d3e0e8565661020d1758525a829918ad55926910373ed5ad39c3e9b25ca3
af67e0e08b5bb03ee78a9ff33abfac609e968a9856b2ffeeae3d636221b6387a
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b48a23e0a21cd52b881ce9db2678b6fef30f6d113f7dac0702accd0b54535cab
b4de71dcae841e19d2edc5914bc3a452e66c0c9ca803e662b3ca5d18d49d9c54
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b72f6419c4486301a876a6cd4ad048c88c327e50b4b070eea8b785441a0ce2ee
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c88a51a3781fe16f1c3f42af4b05698667c0c843dd20822951192d224d6a691c
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15
d6d408ceb31cfae3d3d87971b82e522a331aa2eb042a793223b7ec19e419c564
d763d322ed475baf9cc5d20ba7afc366affb34d3d059e4dd1c1825d5598c05cb
db602e6da4aa64c6a1526838e73da1ed4e3ddac389322946bc961b849674cfec
dfbcd1d3294ae6081667312698549af43eb228cfc9420f8a0cace7fde85024c7
e07b2c10204d548f9f08029da2c672bbe9b92ad7ec0a4a664cd5d9410ff2d32f
e0f09beb5ea460cffea7b53b219f1e88baf6a0c9c2d125294652998209addc15
e1b6e0c08fd7396b3e41066605eb8525aa766d9723f9d7befafff9230dce1138
e1ed25f4abd181e54349b19a94bd563692385ef339df2540abbee5638ccb3765
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
e61e93c05b6569d5ee4449d783ab0403b51e8e3b65e07e5d17dec2eccf3133a2
e962fbdcbe0d66991b76f745535acba510e20197df301f5658bcb5774cbe44fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f875dc31a85fb81f7d8c2253bf0ca0317218cd1ad34c93be974dcc355b987e43
f9278e008fc4edcd157a9a7b3f5dfbd75c167f405d11296e19c313dc5d052cc2
f9a20eea35d6b06258e603fb2d5d3258f81a91269676d134d122784035b201e6